Earlier this month I had the honor of speaking with information security students at Kennesaw State University in Georgia thanks to Dr. Herbert Mattord. It is a very diverse class with both traditional students and more mature students who are switching careers. Most of the students had little or no professional software development experience so I view these talks as extra critical because infosec professionals play an important role in this by working with developers and thus need to know something about how software is made.
The university recorded the talk and it is now posted on their media center as Frank Rietta - “Breach Prevention for Developers”
The talk covered what if we want to build security into a web application hosted in the cloud. Since security cannot be bolted on at the end. Nuts and bolts stuff like including user stories, abuser stories, and test driven development that includes security tests.