I gave a talk at DDD EA!
Designing secure systems is hard. Soon, more and more of us will be working on web apps, and software as a service, so knowing about this stuff matters.
Red Gate is in the process of growing from purely standalone desktop apps into the world of writing software as a service offerings in the cloud.
As part of that journey we’ve been making mistakes and learning as we go.
This session is a nice introduction to security with lots of examples from things that we’ve learnt along our way. It’ll cover the basics of thinking like an attacker, things you might expect your framework to do for you automatically but actually it doesn’t like CSRF vulnerabilities, to proposed “features” that might make the software easier to use and more awesome, but also makes an attacker’s job much easier as well.