The Art of Defensive Programming
With every commit, the threat landscape increases. One single vulnerability is all a hacker needs. Vulnerabilities have multiple sources, and you must have a plan for securing each potential risk vector and identify vulnerabilities early. In this session, we will describe defensive coding techniques you can use as a daily practice and how you can build a security champion program. We will practically cover ways of identifying security vulnerabilities in your IDE using CodeQL as a Static Code Analysis tool. This is an important step in the pre-commit stage to identify security vulnerabilities as early as possible before they get to production.
Joylynn Kirui is an infosec evangelist who believes in empowering developers and users on security best practices. She has vast experience in web and mobile app security testing and DevSecOps. She is among the Top 50 Women in Cyber Security Africa 2020 finalists, a finalist in Woman Hacker of the Year Africa 2020, and Young CISO Vanguard 2022 among others. She is currently a Senior Cloud Security Advocate at Microsoft and focuses on DevSecOps on GitHub and Azure.