Taming Bugs - The Art and Science of Writing Secure Code [Video]

Writing secure code isn’t just about avoiding bugs. If you give a thousand programmers the same task and the same tools, chances are a lot of the resulting programs will break on the same input. Programming is as much about People, as it is about Code and Techniques. This talk will look deeper, beyond the common bug classes, and provide explanations for why programmers are prone to making certain mistakes.

New strategies for taming common bug sources will be presented. Among these are TypedStrings for dealing with Injection Bugs (XSS, SQL, etc), and Path Normalization to deal with Path Traversal.