What Every Engineer Needs to Know About Security and Where to Learn It
Google engEDU
49 min – Jul 10, 2007

Google Tech Talks
July 10, 2007

ABSTRACT

This talk discusses recent trends in security, and what every engineer needs to know to prevent the most significant emerging threats such as cross-site scripting and SQL injection attacks. Just as every engineer might use object-oriented design principles to achieve extensibility and re-usability, every engineer needs to employ principles such as the principle of least privilege, fail-safe stance, and protecting against the weakest link to achieve security. Instead of focusing on "tips" and "tricks" that allow you to "band-aid" the security of your systems, we discuss how to derive defenses based on the application of security principles, such that you can determine how to deal with new threats as they come along or application-specific threats that might be relevant to your domain. Finally, we present some statistics on the current state of software security vulnerabilities, and discuss existing and upcoming challenges in the field of software security.

Speaker: Neil Daswani
video
http://video.google.com/videoplay?docid=2792231054679782968

---

• Download: “What Every Engineer Needs To Know About Security And Where To Learn It” (video/mp4)

Sphere: Related Content

Tags: abstract, c, http, lan, rmi, script, security, server, software, sql, tips

Related posts

• 15 Views Of A Node Link Graph: An Information Visualization Portfolio (0)
• 235 Infinity (0)
• 7 Habits For Effective Text Editing 20 (0)
• 7 Ways To Ruin A Technological Revolution (0)
• A Googly Mysql Cluster Talk (0)