Day 5 - Security Basics¶
Teachers: Justin Bussery
Overview¶
This presentation provides a practical roadmap for maintaining security in academic and technical environments. It focuses on individual habits, secure software development, and the cautious integration of AI tools.
Key Discussion Points:
-
Personal Hygiene: Essential reminders on password management (using managers like BitWarden/KeePass), enabling MFA, and recognizing AI-powered phishing attempts.
-
Operational Risks: Security precautions for travel, including the dangers of public Wi-Fi and the importance of using VPNs, session locks, and privacy filters.
-
Secure Development: A "security by design" approach to coding that emphasizes:
-
Supply Chain Security: Managing dependencies to prevent "dependency confusion" and other third-party library attacks.
-
Defensive Coding: Never trusting user input, following OWASP guidelines, and conducting regular code audits.
-
Container Security: Practical tips for Docker, such as running in rootless mode, avoiding privileged mode, and using hardened images.
-
AI as an Assistant: Critical evaluation of using LLMs (like ChatGPT) for coding, highlighting that AI-generated code often lacks necessary security constraints and requires human validation.