In a world where application vulnerabilities are causing major breaches in top tech companies, it is important for developers to know how to code securely. A security bug is essentially a problem in the code. The developer who wrote that code had the best intentions, but may not have had enough information, time, or guidance on how to do it correctly. Secure coding is the act of coding to guard against accidental or intentional misuse of your application. While there a lot of programs focused on teaching students how to code, most curriculums do not teach secure coding practices besides a brief mention of buffer overflows and SQL injection. The goal of this workshop is to provide participants with hands-on experience on how to write secure code to protect applications against common attack vectors.

This workshop will focus on secure coding principles which could be used to help guide developers when implementing security controls within in software. The workshop will cover common security terms, what is application security and its importance and then dive into application security principals and common application security risks such as the ones found in the OWASP Top 10.

Using Node.js, we will go through these risks and write code to protect against these attacks. The workshop will also cover how to enable proper encryption techniques, how to use authentication systems, how to prevent sensitive information disclosure and common security headers that should be included in a web application. Participants will leave with secure coding examples that they can bring back to their peers at work or school, as well as having implemented these secure coding principles themselves