Devoxx is over and it was overall a good edition.
A lot of talks about AI and Kotlin, but this year I focussed myself on security.
The reason why is that as a full stack developer, I do some security work like url permissions in Spring,
In all the projects I've done you start from an archetype where the security is already done, with Single Sign On, or you work on an existing project, where all the security work is already done.
As I was watching some talks, some things lingered and actually did change my mind about some coding styles.
The talk I loved the most was the talk of Blue Team Security Actual Security work for Actual Developers by Siren Hofvander.
Not because she is a woman, or she invites us to Sweden for free beer, pizza and tea, but for giving a simple comprehensive talk with some humour in it.
boring important thing she has talked about:
Simple input validation
Well, I can say, I don’t do that yet.
But when we do check it, about 98% of hackings could be avoided.
Yes that much, and what time does it costs us?
A lot of time to change the whole backend to a nice input validated model.
But we can write a utility class for the most common scenarios.
It takes some extra time, but we have a base and, more important, it's easy to use.
So the next step is to add this to our backend.
You don’t need to do all at once.
Consider it more like when you need to change a class for refactoring or updating some code,
add your checks to it.
That way you will rebuild your model over time, making a solid wall brick by brick, and more important, you can combine the boring work with real fun work, making it not so hard.
Like this your whole application should get more secured, of course over a longer term, but still with minimal changes or time waste
Now it’s up to us,
I know I’ll google some example classes for this so I can make a decent Utility class.
I hope you do too and I invite every reader to comment below with sharing locations of potential Utility classes.
Just because sharing is caring.