Learning about security is hard. Only 11% of software developers can actually bypass a login form that’s vulnerable to SQL Injection (about 50% say they can). It’s no wonder that popular websites still get hacked in 2017.
Many companies rely on security teams to fix all of the issues, but even with alarms and security doors the average employee can still burn the whole place down. Meaning an unknowing developer can implement a vulnerability that passes code reviews and tests (you only need a single incident to be seriously damaged). What is the solution here?
Our job at Rangeforce is to simplify the learning. For example we deploy real servers for you to practice on and it’s accessible with just your browser. Code editor, bash - all of it is in the browser and they’re real - no trickery here. We make it comfy and easy to play with cyber security. We even have tutorials guiding you through the process of attacking and defending a specific vector, but it still takes commitment and work to learn anything.
We have recognized some patterns where secure software can happen:
- The company not just claims to have security as a priority, but actually acts on it.
- Everyone in the team is accountible for security.
- There’s a routine and scheduled time to learn and test employee skills. Like a fire drill, just more exiting. More like an action game fire drill..
Do you know how many websites get hacked every day? Well you may want to freshen up on those stats. And now that the second most popular cryptocurrency allows anyone to program smart contracts, our money is as safe as the programmer is security aware. I’m not sure I would trust myself to handle other peoples money without special training. How confident are you that your data will not leak? Or that it hasn’t already?
While we are platform builders we’ve decided to reach companies themselves and help figure out how to manage their security better. We’re starting an event series and the first talk is by Pipedrive since they’ve seriously approached this thing head on and Jesse is here to spread the knowledge. It’s not just about us, it’s about how the head of security is dealing with this issue. However you will get to try out some of our labs, so bring your laptop.
So grab your hearing aid because security isn’t easy to do and perhaps after the talk you’ll know better how to improve yours without massive investments in time or money.