We are running a workshop during the conference called “Secure software demystified: data security practices” where attendees will refactor a microservice architecture to dramatically upgrade its security. You can find the contents of the workshop in this GitHub repository
This event is truly a conference for developers - the organizers review every presentation to ensure that they have relevant content and aren’t just sales pitches. Some of the talks I attended last year described how to build a large scale event-driven transaction processing system, and designing a double-entry ledger that can support multiple currencies. The speakers are peeling back the covers on real world software that power the most innovated fintech companies. Many of the talks included code samples.
In addition to (or perhaps as a result of) this technical content, the people who attend this conference are engineers. It was common for me to sit at a table and meet someone building a new neobank, or a principle engineer at a name-brand startup. This is a fun crowd to hang out with!
Also the organizers put an emphasis on inclusion and charity. One keynote event is reserved as volunteer time supporting a local charity, and many after-hour events contribute their ticket fees to charitable causes as well.
|Metal cards are all the rage in fintech
We’ve put together an interactive workshop where developers can learn security by refactoring a microservice application live.
Developers are often intimidated by topics surrounding security, because they view it as a specialization requiring expert knowledge. Unfortunately this view is sometimes propagated by the security community themselves by shaming people for mistakes.
But like the myth of perfect code, this perspective is incorrect! With a bit of orientation, there are many easy-to-implement security practices that any developer can add as they are building applications.
This workshop is structured around the OWASP Top 10, a list of common weaknesses found in modern web applications. We’ll start with a NodeJS API, a Rust background worker, and a PostgreSQL database and upgrade it to include zero trust, add encryption everywhere, install an API gateway and alerting stack. And of course, sprinkle in a little bit of JumpWire.
The only hard part will be keeping our literal cool during the trip!
Photo by Viktor Forgacs