Cyber Skills for App and Web Developers
On the 26th of September myself and two other members of tombola attended the event titled: Cyber Skills for App and Web Developers, which was hosted by Phil Irving of Sunderland University and Institute of Coding in conjunction with Digital Union. We were told this event will provide us with skills to enable app and web developers to develop in a more secure manner. I brought along a developer and tester, both of which followed the material with no trouble.
The event definitely didn’t disappoint! In the morning we had Alan Batey from SRM Solutions talking about PCI investigation and investigators, he was (rightfully) proud that SRM is one of only 22 companies worldwide accredited by the Payment Card Industry to investigate breaches of credit card data. These investigations can have many fees, including paying around £18 per potentially-breached card. If you had a system breach for a year this can mean an expensive investigation! After this Alan outlined some of the common ways websites can break their own compliance.
After the talk by Alan in the morning we started to learn about the three cornerstones of information security (confidentiality, integrity and availability) through real-world examples. We analysed quite a few articles and situations and decided if these were caused by failings of confidentiality, integrity and/or availability. Highlighted in those articles was this amazing article of a fire suppression system breaking a lot of hard disks in a data centre: https://www.bbc.co.uk/news/technology-37337868.
Finally, we looked into examples of encryption, specifically around steganography. Steganography, is the practice of concealing a message, image or file within another message, image, or file. We got to use Xiao Steganography, which was quite easy to follow and use. We encrypted text files within an image, then were able to decrypt the same text files. Running this exercise with the other members of Tombola really helped outline various ways of affecting and protecting confidentiality.
Overall, the event was incredibly educational. We approached the day hoping to get some benefit from at least one of the talks, but we all got benefit from all of the talks. The best benefit for me was helping some of my colleagues understand how even small changes can indirectly affect the security of a system. I’ve spoken to those colleagues and they both agree they are more confident in asserting whether or not a change that could affect security should be raised or dealt with in the moment.
The Institute of Coding at Sunderland will be running a further session later this year, as this event was oversubscribed.
Connor Carr
