This topic content is for Devtoberfest Week 4 : 25 October → 29 October 2021.
Security, as a topic, has an interesting place for most developers. While it's universally agreed to be an important topic; too often in the development process it becomes an afterthough or something left to "the security team".
In this topic week we want to look at some general security topics that impacts all types of developers. We will look at how to protect your applications from hackers, how to deal with the Cloud Native security implications and how to write more secure code.
For the tutorial and code challenge content of this week there will be a speacial focus on security within ABAP and the Node.js/JavaScript areas.
Date and Time: Monday, October 25th at 17:00 CEST / 23:00 SGT / 11:00 EDT 🌎
Duration: 50 mins
75% of cloud intrusions are done through the usage of valid credentials. Can we do anything besides more stringent password rules? What about… poisoning the well?
In this presentation we will show you via three demos how cloud applications could actively fight against leaked credentials, password spreading and even phishing, by adopting honey passwords.
You don’t think this can work? I’d love to hear your reservations. Loving it? Then spread the word and help make the Internet a more secure place!
Join us live on YouTube, and get involved in the conversation!
| Cédric Hebert is currently leading Active Defense research, Cédric is a French guy convinced that we can change people's opinion of cyber-security from 'boring' to 'exciting'.
As a certified expert of the Security Research team, he spends his time influencing SAP's security practices and products with innovating yet practical solutions. After kickstarting SAP's Threat Modeling approach and giving birth to the SAP Enterprise Threat Detection product, he thinks it’s time to tap into the potential of cyber-deception - and he will keep using his and his team's energy to make this happen. Cédric’s drives are sharing knowledge, learning new things every day and supporting people in getting more secure (instead of blaming them for clicking on the wrong link !). |
Date and Time: Wednesday, October 27th at 17:00 CEST / 23:00 SGT / 11:00 EDT 🌎
Duration: 50 mins
The SAP Cloud Application Programming Model comes out of the box with lots of best practice security baked into the framework. However there are also things that each developer need to take responsibility for when building applications with CAP. In this session we will look at techniques like adding XSUAA and roles, configuring Helmet for content security policies, and how to deal with CORS (Cross-Origin Resource Sharing)
Join us live on YouTube, and get involved in the conversation!
| Thomas Jung is currently Head of Developer Advocacy, SAP Developer & Community Relations at SAP. This is a continuation of his long career in the SAP technology space. Throughout his career he's focused on the SAP applications developer and the tools and languages which support their activities with a particular interest in sharing knowledge through various channels both online and in person. |
Date and Time: Thursday, October 28th at 17:00 CEST / 23:00 SGT / 11:00 EDT 🌎
Duration: 50 mins
Containers continue to mystify security practitioners, mostly because they don’t know how securing them fits into their existing programs. Is it a virtual machine that gets scanned by the same tools used for over a decade? Or is it an application package that should be tested by SCA, SAST and DAST tools? How do you manage the image or runtime vulnerabilities vs the application security issues? This talk will focus on container security as a supply chain lifecycle problem and how to integrate validation at multiple points to achieve the ultimate goal of assurance. The talk is tool agnostic, because security of the supply chain is more about the alignment with the software development process than the integration of a single magical tool.
Join us live on YouTube, and get involved in the conversation!
| Michele Chubirka is a recovering Unix and network engineer currently working as Chief Security Architect in SAP SuccessFactors. Her focus is Product Security with expertise in cloud-native security topics such as IaC, Kubernetes, containerization and software supply chains. Formerly the creator and official nerdstalker of the Healthy Paranoia Security Podcast, she has also been a freelance writer for various B2B publications such as TechTarget and Information Week, as well as an independent analyst. She likes long walks in hubsites, traveling to security conferences and spending time in the Bat Cave. Sincerely believes that every problem can be solved with a "for" loop. When not blogging or podcasting, can be found using up her 15 minutes in the Twittersphere as MrsYisWhy |
Completion of any of the following tutorials during Devtoberfest will earn you points towards the contest and potentially some great prizes.
Please find all the contest info here: Contest Overview Page
- List of tutorials will be released as Week 4 approaches
- The Coding Challenge details will be released during Week 5
- The Fun Friday Activity for Week 5 will be details as we get closer to that week