Share This Article:Share on FacebookTweet about this on TwitterShare on LinkedIn

Very recently two Egnyte engineers, Zbigniew Tenerowicz and Dawid Bałut, taught a semester on the importance of Application Security to Computer Science students at a local university in Poland. Egnyte is proud to already be contributing in multiple areas, including supporting charities and volunteering at knowledge-based events, and we are excited to also add this teaching opportunity to our repertoire. Providing students with a niche skill set that will be beneficial as they begin their post-college journey.

Zbigniew Tenerowicz and I had the opportunity to lecture for a ‘Web Application Security for Developers’ course this past semester. On day 1, we kicked off the class by focusing on the fundamental – how to write secure code. We wanted to ensure every software engineer understood that the quality of a product and company’s services are in the hands of each individual employee who went the extra mile and invested time in learning security — right down to the code of that product.

The shortage of security skills is growing at a dramatic pace and it’s our obligation as a professional in the industry to educate others by sharing our practical experiences. Industry challenges will not solve themselves, so we must invest in others and create a supportive society, especially for the cybersecurity leaders of tomorrow.

The interest, curiosity, and appreciation we saw in the students was nothing short of inspiring. It is important for us to build an educational platform and encourage a positive feedback cycle, motivating everyone to do more because more is what will lead to change.  

With that in mind, the lesson plan for our classes was a bit… unusual. We made sure not to tread the beaten path of incomplete explanations of cryptography and boring slides with SQL injection examples. Instead, we structured the class to focus on being a proactive, security-aware software developer. While we did teach some penetration testing, the focus was on understanding everyday security mechanisms used by most web applications. The topic was not how to use these, but what makes them secure…no more cargo-cult security. In one of our final classes, the overarching lesson of the day answered the questions from a trending news article published after we had started the course. I was proud that we were teaching these students how to create solutions to real-time problems.

Our syllabus was flexible, but looked similar to this:

  • Introduction to Secure Software Engineering and explanation of OWASP TOP10
  • Securing authentication and authorization mechanisms, including attacks on  insecure sessions and cookies implementations
  • Creating an application vulnerable to Cross-Site Request Forgery attacks and creating software patches to address the issue
  • XSS attack and prevention
  • Introduction to Web Application penetration tests
  • Designing an authorization protocol from scratch (whiteboard exercise), arriving at an OAuth2 variant
  • Building and Breaking An Application with Content Security Policy
  • Application Penetration Testing, Security Architecture Principles and most common challenges we’ve faced in our careers

As mentors of Egnyte, we always want to share our inner spark and light the spark of others. We strongly believe that educating future leaders ensures the industry will have a larger community of security-aware developers. We strongly encourage other companies to invest in the education of our youth and the undiscovered talent of tomorrow to help guide them in their dreams and explorations. Hopefully, these great engineers will be encouraged to join your organization!

We were students once and we understand how tough it can be to find a great place to work, we’re hoping that by sharing with them the tools they’ll need to succeed we’ve made it a little bit easier. Zbigniew and I have been at Egnyte for nearly half a decade and feel confident that in sharing our knowledge, professional stories and technical experience with others, they can find their own footing and professional home as well.