Cybersecurity: It’s All About the Coders | Dan Cornell | TEDxSanAntonio
Рет қаралды 160,624
Күн бұрынSoftware developers need to fundamentally rethink the coding process to include an explicit focus on the privacy and security aspects of their code rather than simply regarding it as an afterthought.
A globally recognized application security expert, Dan Cornell has over 15 years of experience architecting, developing, and securing web-based software
systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd.,
he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group’s industry leading applica-tion vulnerability management platform. He holds a Bachelor of Science degree
with Honors in Computer Science from Trinity University where he graduated Magna Cum Laude.
This talk was given at a TEDx event using the TED conference format but independently organized by a local community. Learn more at ted.com/tedx
@artofthehak5508 5 жыл бұрын
Some of the top cybersecurity experts and coders out there, never stepped foot in a university classroom. If you can code, you can get a great job in this industry
@bcmasur 5 жыл бұрын
I agree, "degrees" are absolutely overrated... the best are usually self-taught... the ONE GREAT THING in this talk is when he says his "education" was overpriced
@coprice94 4 жыл бұрын
Ehh the demand is so high vs the 1980 they want you to have the experience already
@yuvadeep8 3 жыл бұрын
I have a bachelors degree in computer science but I still taught myself everything I've been working on right now.
@troysusan6954 3 жыл бұрын
Hello........I successfully got my cyber security and programming 📀 with the help of @don_hacke on Instagram,he is really active,his work is very effective and very fast you all can patronizing him!
@nataliah4478 4 жыл бұрын
nonfunctional requirements are always de-prioritized at deployment time crunch. The impetus to implement security can't originate from development, it has to be prioritized and funded by business
@kavin_computers 5 жыл бұрын
I agree , and thanks to this speech sir..
@yuriykazmirchuk9641 6 жыл бұрын
Totally agree! Thanks for the video 😎👍
@TangomanX2008 4 жыл бұрын
This video makes good points but it misses the mark. First security isn't about all about the coders. Even if you train coders to program secure, their code wont be secure if given too tight of a deadline. Second, even if the coders followed security best practices, the application implementation, use, and support, also need to be performed in a secure way. Screw those up and the most secure software in the world wont prevent security breaches.
@cannibal-nightmares 4 жыл бұрын
Am I the only one who thinks he didn't say anything new?
@Stayprivate 7 жыл бұрын
Great video
@ob34915 4 жыл бұрын
nice talk but it's very theoretical most of the time developers works with tight deadline they don't have the time and the energy to go deep in security
@nataliah4478 4 жыл бұрын
agree, this contradicts their operational value orientation
@Keys2Life434 7 жыл бұрын
made me think
@emilyclapper96 7 жыл бұрын
I think it is very important to have secure technology. If we don't, then it hinders our safety.
@danimoosakhan 7 жыл бұрын
Emily Clapper It can never be secure unless we as an individual do something about it.
@diamondayala8752 6 жыл бұрын
Emily Clapper I totally agree !
@newsystem3667 5 жыл бұрын
so smart
@prisoneroftech2237 6 жыл бұрын
Using blockchain will be a much safer and secure option for monetary 'transactions'. Well guess what the banks actually dont really care about their user's data.
@caseyvandyke7051 6 жыл бұрын
I cant get a straight answer for this but im currently pursuing a network technology and management bachelors degree will this degree help me in this field?
@bcmasur 5 жыл бұрын
Don't waste your money. I recommend self-education and certifications. Degrees are overrated (gen-ed courses have NOTHING to do with IT)
@YoungDen 4 жыл бұрын
Yep, go for your first two certs while learning a programming language
@HunterHunter88 3 жыл бұрын
@@YoungDen Which two certs are you referring to? CISCO? and also, which programming languages do you recommend. Also, where is a good place to get your foot in the door, in relation to Cybersecurity? While studying towards certs
@karlpages4350 5 жыл бұрын
As someone with experience in losing privacy and security; both online, and walking out my front door. They are both an illusion. Like endless and free electricity. You must spend resources to enjoy computer games. So as, your only option is to the world when you act in it. Trust creates growth and opportunities; whilst secrecy may seem a safe option; the more data which brace people share means the more ures and the greater health for society. Distrust only creates opportunities for further deception. Better to enforce honesty and watchout for one another.
@ka9dgx 6 жыл бұрын
Why not use an operating system that supports capabilities? Then your application developers can stick to their jobs and the OS can do its job.
@iplbig 6 жыл бұрын
software and hardware! ;)
@hermesmercuriustrismegistu4841 3 жыл бұрын
Exactly. Hardware security is even more important
@JoeyOrlando 6 жыл бұрын
Seasoned Software Engineers already use negative test cases.. This is a well known testing paradigm, that is in my experience, taught in school and on the job, and has been for quite some time. Hence, as a 'Coder' (see: don't call me that.) I didn't find very much value from this talk. In fact, the dude in the talk didn't sound much like a 'Coder' at all, but had he been a 'Coder', he would probably know that negative test cases are a normal thing.
@nicholasklapatch4088 6 жыл бұрын
Joey Orlando That's one of my pet peeves too. It's not writing a code, it's engineering/developing software.
@AL-mm4vq 6 жыл бұрын
That is a lot to ask of a coder... how about you coming out with templates of what not to do for coders if it is so easy?
@arunanthayyil2935 6 жыл бұрын
A L was
@bcmasur 5 жыл бұрын
want a little more security? don't use anything with "microsoft" or "apple" in the name
@76Gazz 6 жыл бұрын
I disagree. The developers should be making the software as per the customers business requirements. Those requirements are the driving force behind development and testing. If the requirements don't stipulate that each function. Each rule. Each use case should have "things it must not do" as a security feature, from the moment the requirements are agreed and signed off. The developers are not obliged to write in those features out the goodness of their heart. And more often than not, they are not permitted to simply add functionality that hasn't been agreed and isn't being paid for. Placing all of the responsibility of cybersecurity on coders is unacceptable. It starts with the customer.
@ignasrackus8543 5 жыл бұрын
Yes, but when you are discusing project with clients, you can explain them some nessesary things (what should be done and how much it will cost) to make software they ordered secure. Clients does not need to be experts in computer science (that's why they hire you), so it's your duty to say for them, that you need to do some things to ensure their software is as safe as possible even if it cost more. Noone says to do it for free, but you need to show them why they need it and they will pay for work you will spend
@CybercrimeMagazine 5 жыл бұрын
We have a website about this and a youtube channel - check us out if you are interested in learning more about cybersecurity.
@0ttt3R 7 жыл бұрын
Interesting but I have to disagree with his statement about coders not knowing security. Having been 'coding' for the last decade, security concerns and data protection are areas that are focused on very closely and are integral throughout the design process. An interesting talk though
@kaishramlalaram3456 7 жыл бұрын
Not all coders are aware of the security risks in fact most of them are at fault fro creating buggy codes an it's the job of the Cyber experience to clean your mess.
@randomcreativeyoutuber7518 2 жыл бұрын
@@kaishramlalaram3456 does cyber security requires coding.
@hsyiuben 2 жыл бұрын
@@randomcreativeyoutuber7518 security controls during development is part of the duties of security of professionals, it may involve code analysis and testing, pentesting, and when u automate tasks, all require coding skills
@randomcreativeyoutuber7518 2 жыл бұрын
@@hsyiuben thankyou
@mostafa9093 6 жыл бұрын
CIA
@soulaymaneelebrahimi765 6 жыл бұрын
.......
@sonyafaymckenzie8691 5 жыл бұрын
Political
@digitalimpulse 6 жыл бұрын
Well this was a waste of time.
@fadhlanarmon3670 6 жыл бұрын
R he says coders should be more aware of cybersecurity breaches to protect people. Why do you say what you say
@ignasrackus8543 5 жыл бұрын
Because he is that coder who is to lazy to do at least basic steps to prevent security issues and rather puts data from request right to sql query
@mohamedfouad2304 5 жыл бұрын
Openbsd as a programming environment. Stop using shity software frameworks.
@IDNeon357 7 жыл бұрын
This talk like all TEDx is stupid. because the speaker's solution is let's stop thinking about the finite things my code SHOULD do. and start thinking about the nearly INFINITE things my code SHOULD NOT do.
@Fermion. 7 жыл бұрын
What exactly is wrong with viewing code from this angle? Making code do things it "should not" is precisely how a hacker approaches it. For instance, my program is meant to run on this socket when it gets this "x" request. That's what it should do. Are you implying the programmer should stop there? A hacker would think what would happen if it got "y" request on that socket (or "x" request on a different port)? What if a forged packet was crafted and sent, are there any safeguards in place? What are the minimum permissions I can set and still have a functional program? Does my code have good obfuscation against reverse engineering? These are basic questions that a programmer should ask himself. Only focusing on what code SHOULD do isn't enough, and will make your programs buggy and insecure.
TEDx Talks
Рет қаралды 253 М.
Bungee Jumping Park
Рет қаралды 29 МЛН
TEDx Talks
Рет қаралды 105 М.
TEDx Talks
Рет қаралды 79 М.
TEDx Talks
Рет қаралды 7 М.