►
From YouTube: Gamifying Security
Description
Looking to level up your security skills? 👀
Join us for Open Source Friday as Joseph Katsioloudes shows us how this game can sharpen security skills and protect applications.
We'll go live today at 1pm ET!
A
A
A
Hello,
everyone
welcome
to
open
source
Friday.
This
is
a
twitch
stream
that
I
do
weekly
every
Friday
talking
to
different
open
source,
maintainers
or
core
contributors
about
the
projects
that
are
out
there.
The
main
reason
is
so
we
can
get
exposure
to
all
of
the
open
source
projects
figure
out
how
we
can
contribute
and
then
also
gain
inspiration
for
like
bring
creating
our
own
open
source
projects.
A
B
B
So,
if
I
introduce
myself
it's
my
third
time
in
the
show
and
the
fourth
time
we
are
doing
a
security
edition
of
the
open
search
Friday,
my
name
is
Joseph
I'm
part
of
the
GitHub
security
lab
and
welcome
everybody
to
a
security
edition
of
open
source
Friday.
This
time
is
about
the
game.
They
say
QR
code
game.
Yes,.
A
I'm
excited
to
learn
more
about
it.
I
think
a
lot
of
people
are
tuning
in,
especially
because
the
idea
of
having
a
game
around
security
I'll
highlight
where
some
people
are
from,
and
why
don't
you
tell
us
a
little
bit
about
your
background
too,
just
a
little
bit
before
we
dive
into
the
game
like
who
are
you?
How
did
you
get
into
security
and
GitHub,
but
I'll
just
highlight
some
comments,
while
you're
speaking
yeah.
B
B
I
am
a
developer
at
heart,
like
everybody
watching
this
show
today
that
I
had
a
strong
passion
for
cyber
security,
so
I've
studied
both
of
them
first,
starting
with
a
degree
on
software
engineering,
then
switching
to
cyber
security
through
Masters
and
all
my
career,
which
is
now
around
four
years,
I'm
working
for
GitHub
security
lab
for
the
past.
Almost
two
years,
I
joined
in
a
similar
time
to
Riza
here.
A
B
Since
then,
we
are
focused
on
open
source
security
for
those
who
are
not
so
familiar
with
how
what
how
much
impact
or
personal
open
source
has.
If
you
are
driving
a
car,
if
you
have
a
fridge
next
to
you,
if
you
have
a
phone
everything,
the
whole
world
runs
on
open
source.
We
are
the
people
who
host
this
code
and
my
team
is
a
team
that
secures
it
finds
vulnerabilities
in
it.
So
far
we
found
around
400
in
the
past
almost
three
years,
which
is
one
bag
every
three
days.
The
numbers
are
crazy.
B
We
are
talking
about
zero
days
and
lately,
I
have
created
a
lot
of
Education
material,
a
lot
of
presentations
touching
a
bit
on
AI,
but
let's
leave
that
for
the
later
aspect
of
the
of
the
of
the
show.
So
that's
pretty
much
where
background
there
is
wow.
A
B
Sure
so,
as
a
developer
at
Heart,
Like
I
said
in
the
beginning,
in
my
intro
I
feel
this
need
about
security.
That
was
missing
like
when
I
was
at
Uni
or
when
I
was
learning
code
online.
You
can
learn
a
lot
about
functionality
like,
for
example,
here's
how
you
can
create
an
input
form.
You
are
focused
on
getting
the
parameters
in
from
the
outside
world,
but
nobody
was
really
focused
at
that
time
and
maybe
still
today
on
securing
that-
and
this
is
a
mindset
that
is
usually
moving
towards
the
rest
of
things.
B
We
do
so
I
felt
this
need
speaking
with
people
around
the
world
during
the
presentations
and
getting
that
question
was
like
how
I'm
Gonna
Learn
security.
How
shall
I
do
it?
This
was
just
the
initial
like
spark
for
the
fire,
but
then
I've
seen
a
lot
of
like
attempts,
but
we
are
not
so
developer.
First,
for
example,
you
move
people
somewhere
else
in
an
environment
that
is
not
so
friendly
to
them
and
then
have
them
choose
one
of
a
BCD
options.
B
I
wanted
to
get
the
requirements
the
way
that
I
felt
are
near
to
developers,
so
I
wanted
to
create
a
game,
because
I
believe
that
everything
gamified
has
more
fun
at
the
end
of
the
day,
and
then
we
can't
see
that
developer
first
comes
from
having
developers
being
that
they
are
not
sure
a
place
which
is
the
code
editor.
B
The
third
is
that
if
someone
Sports
a
problem
in
the
code
is
just
half
the
story,
fixing
it
correctly
is
the
other
half
I've
seen
so
many
developers
fixing
something
but
fixing
it
unsuccessfully,
creating
new
problems
and
bringing
new
attacks.
So
these
three
reasons
were
my
main
inspiration
and
all
these
contributed
to
creating
that's
a
QR
code
game.
A
That
makes
a
lot
of
sense.
I
also
appreciate
the
fact
that
you're,
like
you,
wanted
to
make
it
developer
Focus,
because
I
do
think.
That's
a
good
point.
Sometimes,
when
I've
been
like
I
want
to
learn
security
I'm
dropped
into
this
really
weird
looking
well,
it's
not
weird,
but
oh
environment
that
I'm
not
familiar
with
so
I'm
like
what
is
this
and
then
I
end
up
leaving
and
I
think
it's
great
to
actually
gamify
things,
because
that's
like
a
nice
way
to
learn
without
even
really
feeling
like
you're
learning.
A
Absolutely
so
I
will
love
if
you're,
okay
with
it
I,
would
love
to
like
see
this
a
demo
or
something
like
that
of
this
project
live
so
that
we
can
get
used
to
trying
it
out
and
then
also
for
people
so
feel
free
to
share
your
screen
and
while
you're
sharing
I'll
talk
to
people
for
people
who
are
curious
of
like
following
along
or
trying
it
out,
I
have
the
link
on
the
screen
here.
It's
GH
dot,
IO,
secure
code
game.
B
Your
screen,
oh
sorry,
I'll,
go
and
share
my
screen,
yeah
and
in
the
chat,
feel
free
to
ask
questions
that
we
are
gonna
answer
at
the
end
of
it
again.
Your
contribution
today
in
the
chat
is
just
make
me
like
I,
don't
know
it's
the
first
time,
I
see
so
many
people,
hello
to
France
Nigeria
Malaysia.
The
comments
are
out
of
control,
literally
or
maybe
we
are
on
the
500s
of
comments.
So
far,
okay,
I'll
go
and
share
my
screen.
B
Let's
take
it
step
by
step
okay,
and
we
have
some
very
nice
announcements
for
you
at
the
end,
so
stay
here
with
us
till
the
end
cool
sharing
my
entire
screen.
B
B
Okay,
what
you
have
to
do
is
super
simple
before
showing
the
rest
of
things.
It
says
here
to
start
a
course.
You
just
click
on
the
right
click
here
and
then
open
link
in
new
tab
arriving
in
here.
So
this
is
asking
me
to
give
a
name
to
this
wrapper
and
of
course
it
is
gonna,
be
under
my
name
to
save
us.
B
A
Already
interrupt
you
just
actually
just
mentioned:
can
you
zoom
in
just
a
little
bit
of
watching
on
small
screens
thanks
and
then
yeah,
and
someone
also
asks
is
this
going
to
be
available
later?
Yes,
it
is
it's
going
to
be
available
on
LinkedIn
and
YouTube.
You
can
continue
to
watch
it.
If
you
wanted
to
sorry
to
interrupt,
you
keep
going.
B
Please
go
on
let's
answer
the
questions
on
the
go
if
they
are
relevant
to
what
we
are
talking
about
so
once
I'm
here,
I
can
just
run
this
natively
in
code
spaces
I
have
one
open
for
you.
It's
just
taking
two
minutes
to
run
on
the
background
install
the
requirements
you
you
just
don't
have
to
install
anything
on
your
computer,
but
if
you
so
wish,
we
have
a
guide
how
to
set
it
up,
either
with
code
spaces
or
with
a
local
installation
just
before
I
dive
into
the
game.
B
This
was
built
for
developers
and
students.
You
are
gonna,
see
vulnerable
patterns
of
real
world
code
that
it's
not
enough
to
just
spot
them.
You
have
to
fix
them
and
you
are
gonna,
assess
your
Solutions
against
my
and
my
team's
exploits.
So
this
is
the
code
space.
That's
how
it's
that's,
how
it
opens
in
two
minutes
from
the
moment
you
open
in
a
code
space,
okay,
here's
the
readme
file,
but
you
can
close
this.
So
we
are
focused.
B
Okay.
The
first
season
of
the
game
consists
of
five
levels.
These
levels
are
having
increasing
difficulty
level.
One
is
the
easiest,
and
slowly
as
we
progress,
we
can't
reach
level.
Five
I
don't
have
an
exact
answer
of
how
much
it
takes
from
level
one
to
reach
level
five.
It
depends
on
you
on
your
background.
B
I
will
encourage
everybody
to
start
with
level
one
and
slowly
slowly
progress
their
way.
Okay,
let
me
delete
that
one,
the
pie,
Crush
okay,
so
every
level
is
consisted
of
the
same
five
files.
You
have
the
code
file,
which
is
the
file
where
the
functional
but
vulnerable
code
is
running
in
every
level.
You
do
the
same
thing.
B
B
It's
the
best
of
two
words.
Some
people
can
support
them.
Stake
in
this
code
fix
it.
The
code
can
be
functional,
but
maybe
there's
an
edge
case
that
they
didn't
notice.
So
the
exploit
is
still
running
successfully,
so
they
cannot
really
progress
to
level
two
for
people
to
progress.
They
should
make
sure
that
the
code
is
doing
the
same
things
as
before.
So
it's
achieving
the
same
business
requirements,
but
it's
also
secure
risk.
How
does
that
sound
so
far?
It.
A
B
See
how
it
is.
Okay,
on
the
other
hand,
I
don't
want
to
spoil
it
for
a
lot
of
our
audiences.
So,
let's,
let's
go
slowly
slowly
together:
okay,
yeah!
Here
we
have
python
code.
Every
level
has
its
own
little
story
behind,
so
it
might
be
useful
if
we
read
the
story
behind
the
level
one
yeah,
okay
level,
one
is
called
Black
Friday,
which
is
that
day
around
November
that
things
are
getting
massively
discounted
and
the
storyline
has
as
follows.
B
There
is
this
shopping
event
on
Black
Friday
there
is
this
Electronics
shop,
think
about
an
electronic
shop
that
you
can
buy
like
a
PlayStation
or
a
phone
or
any
device.
However,
this
this
shop
didn't
have
an
online
presence
and
they
wanted
to
benefit
from
the
e-commerce
side
of
things.
So,
if
I
have
a
website,
people
can
order
something
on
the
other
side
of
the
country
and
I
can
make
a
lot
of
sales.
B
So
here
you
see
the
back
end
of
a
very
small
theme
of
what's
running
behind
the
scenes,
so
you
can
have
an
order,
an
order,
ID
and
items
you
can
also
have
for
every
item
here.
For
example,
items
can
be
10
items,
okay,
but
every
single
item
is
gonna,
be
an
individual
item
with
his
own
type
description,
monetary
value,
and
how
much
of
that
they
need
and
here's
a
very
small
amount
of
codes
around
15
lines
that
is
trying
to
first
of
all
make
handle
the
payment
behind
the
scenes.
B
Okay,
so
the
calculation
of
the
payment
is
like
us,
people
buy
things
and
there's
an
outstanding
amounts.
You
keep
adding
the
total
into
the
outstanding
amount
and
if
they
pay,
you
make
sure
that
you
reduce
that
from
the
outstanding
amount,
by
multiplying,
of
course,
how
many
dollars
every
item
costs
multiplied
by
the
amount.
B
If
there
is
something
wrong
with
it,
return
the
invalid
type
and,
at
the
end,
make
sure
that
you
give
back
to
the
screen.
If
there
is
a
payment
in
Balance,
therefore,
the
customer
still
owes
money
or
if
the
shop
has
received
the
full
payment.
I
know
it
sounds
super
easy
and
many
people
get
a
bit
like.
Oh,
why
I
can't
spot
this
in
the
first
one,
two,
three
five
minutes:
the
reason
that
you
can't
Spot
It
in
the
first
one,
two
or
three
minutes
is
because
these
levels
are
not
so
easy
or
so
straightforward.
B
The
code
is
functional.
If
you
go
to
a
shop,
you
can
actually
buy
a
television
or
a
PlayStation
through
that
we
are
just
put
very,
very
small
security
details,
but
hackers
can
go
away
with
free,
TVs
or
free
PlayStations.
Just
by
running
this
code.
The
mistake
is
very
subtle
and
that's
the
idea.
It's
it's
not
so
easy
to
spot,
and
once
people
spend
a
bit
of
time
with
it,
they
can
read
the
tests
they
can
understand.
B
B
How
a
hacker
can
pass
something
and
go
away
with
it
and
I
don't
want
to
keep
this
file
a
lot
of
time
in
the
screen,
because
we
have
hints
and
the
people
who
are
who
want
a
bit
more
help,
including
myself,
because
I've
built
this
having
in
mind
that
security
should
teaching
you
something
and
I
have
people
texting
me
or
like
commenting
on
your
social
media,
how
much
they
learn
even
from
level
one
that
is
not
so
easy
to
spot,
but
is
one
of
the
easiest
levels
we
have.
B
So
what
I
want
to
say
with
is
that,
even
if
you
need
the
Kint,
like
many
people,
do
like
99
of
people
read
their
hands,
just
go
slowly,
try
to
understand.
What's
the
problem
here
read
the
mode
of
solution
that
we
literally
have
in
a
lot
of
detail
with
a
lot
of
references
and
if
you
don't
manage
to
solve
a
level
like,
for
example,
level,
2
is
not
so
easy
for
you,
you
can't
go
to
level
three.
Every
level
is
independent.
Every
level
has
a
different
vulnerability.
B
B
Mistakes
sometimes
are
easy
to
spot,
sometimes
are
not
so
easy
to
spot
and
that's
the
magic
behind
it.
I
had
a
hard
time
finding
this
bug
and
that's
why
I
included
in
the
game
as
a
level
one
because
for
me
it
was
a
big,
the
biggest
shock,
so
I
might
overhyped
it,
but
this
is
what
it
is
and
I
would
love
to
know.
Your
opinion
feel
free
to
like
post
about
it
or
create
and
contribute
into
the
discussions
we
have
here
in
the
in
the
game.
A
A
I
love
that
wait,
I
will
remove
your
screen
just
for
a
moment.
Someone
said
this
is
that
subtly
excellent
people
are
saying
amazing
to
learn
great
stuff.
I
already
want
to
start.
Samuel
bang
asks
where
can
I
find
this
repo
just
to
show
you
again,
it's
gh.io,
secure
code,
game,
I.
Think
someone
also
answered
you
and
gave
you
the
long
form.
Url
I
think
someone
kind
of
gave
us
a
little
bit
of
a
hint.
They
said
just
notice
that
they
can
buy
things
without
paying,
because
the
net
can
be
negative.
A
Another
person
said
this
looks
amazing
and
I
think
in
response
to
it
being
Black
Friday.
They
said
why
not
Cyber
Monday
very.
B
Good
very
good,
I
I
didn't
think
about
that
at
the
time.
So
yeah
very
good
comment:
I
loved
it
yeah.
A
And
then
one
last
comment
was
gamifying
a
problem
statement.
It's
always
a
good
way
to
build
a
winning
mindset
while
completing
the
purpose.
I
actually
have
a
question,
so
you
said
you
had
a
hard
time
solving.
Some
of
these
is
this
like
it
like
problems,
you've
seen
in
the
real
world
that
you
experience
and
then
you're
like.
Let
me
put
this
into
the
game.
B
Yes,
and
no
so
I've
built
this
game
from
scratch,
I've
written
every
single
line
of
code,
they
are
I've
made
it
after
research
and
the
research
is.
We
chose
two
programming
languages
to
start
the
first
season
of
the
game,
which
is
Python
and
C.
Okay,.
A
B
First
level
is
in
Python.
The
second
level
is
in
C
and
the
rest
of
three
levels:
game
three
level,
three,
four
and
five
are
in
python
before
going
to
have
like
new
programming
languages,
requirements
or
suggestions
in
the
chat.
B
I
would
love
to
tell
you
that
we
have
new
languages
coming
in
the
new
season,
but
before
dropping
the
big
news,
I
would
love
to
mention
the
reason
behind
it,
which
is
I
thought
what
is
publicly
available
about
python.
But
what
do
people
don't
know
or
what
is
a
shocking
thing
to
know
about
python
that
not
so
many
people
know?
Okay
for
the
level
three
level,
four
level
five
I
wanted
to
show
I
know
wasp
top
10.
Some
things
are,
people
can
get
a
bit
of
broader
and
deeper
understanding
level.
B
Five
is
about
crypto
level.
4
is
about
some,
let's
say
path
related
stuff
level.
Three
is
a
very
classic
SQL
injection
related
material
but
level.
One
and
level
two
is
I
believe
that
they
should
still
know
so.
I
took
things
out,
it
wasn't
so
clear
on
my
10-year
developer
journey
and
I
wanted
to
put
them
there
for
everybody
to
know.
Yeah.
A
B
Absolutely
so
let
me
restart
my
screen
and
I
see
a
very
nice
comment
from
void
who
went.
B
I
totally
agree
with
that:
coming
I
just
want
to
keep
things
super
simple
and
focus
on
the
let's
say
the
nature:
the
root
of
the
problem,
so
I
totally
agree
with
you
that
you
can
solve
it
in
a
different
way.
But
if
you
follow
the
model
solution,
you
will
understand
that
our
approach
is
not
flowed
versus
integers.
We
are
trying
to
show
something
like
what,
where
are
the
numbers
end?
Let's
give
this
kind
of
hint
and
yeah:
let's
execute
some
code
together
now
yeah
on
the
code
spaces.
B
So
for
the
sake
of
argument,
let's
say
that
I
want
to
run
the
tests,
so
I
can
come
in
the
tests
and
click
around
python
filing
terminal
which
makes
the
tests
to
pass.
So
this
is
a
form
of
code
execution.
B
If
you
want,
you
can
around
the
hack
file,
which
is
here
so,
for
example,
by
clicking
right
click
and
then
run
python
file
in.
B
B
So
when
I
run
the
hack
file,
we
see
that
we
have
some
failures,
so
I'm
still
not
able
to
progress
to
the
next
level,
because
I
am
failing
the
first
one
and
just
because
you
might
I
might
scare
you
a
bit
about
level
one
and
when
I
open
the
code,
it
might
be
not
so
easy
for
you.
You
can
see
level
five,
it's
not
a
lot
of
code,
oh
yeah,
exactly
but
level
three
for
the
people
who
love
maybe
no
level.
Four
for
the
people
who
love
along
their
code
bases.
B
We
have
a
longer
code
with
multiple
mistakes
here
in
code
and
again,
you
can
learn
multiple
things
and
just
to
help
you
out,
I
want
to
show
you
another
cool
thing:
we've
done,
which
is
the
following.
So
I
want
to
go
to
my
report
just
to
show
you
again
how
you
might
get
help.
B
B
You
can
click
if
you
want,
and
by
clicking
you
can
see
an
explanation
about
it
with
URLs,
so
you
can
read
more
about
it
outside
in
my
trip,
which
is
a
collection
of
security
vulnerabilities
with
examples,
and
you
are
kind
of
inside
a
PR
for
those
who
feel
like,
let's
say
in
their
more
natural
environment
here
with
explanations,
recommendations
Etc.
This
means
that
you
can
read
what
is
here.
B
You
can
go
to
the
specific
line
that
there's
a
problem.
You
can
fix
it.
You
can't
push
your
solution
and
you
can
come
back
and
check
what
is
the
number
here
in
the
security
if
you
now
dropped,
for
example,
to
12?
You
know
that
you
have
fixed
something,
and
here
you
see
that
in
level
four,
you
have
one
two
three
four
five,
six
problems
that
are
smaller
problems
to
fix
once
you
fix
all
of
them
and
the
official
hack
file
is
failing
is
sorry,
it's
passing.
So
you
are
passing
the
hack
file.
B
You
are
also
passing
the
tests
again
by
running
with
this
button
or
by
the
button
here
at
the
top.
You
can
proceed
to
the
next
level,
so
we
give
you
two
ways
to
help
you
by
seeing
the
total
number
of
alerts
and
by
slowly
slowly
getting
guided
through
the
hints
we
have
at
every
level.
For
you,
you
see,
the
hints
are
including
code
explanations,
sometimes
references
and
so
do.
B
A
I
love
that
first
off
I
learned
a
couple
things
from
you:
even
I
I've,
never
clicked
the
Run
python
round
in
Python
for
in
terminal
file
before
a
button,
I
usually
just
type
it
in
the
terminal.
So.
A
And
that
was
actually
a
question.
I
was
going
to
ask
you
is
what
will
people
take
away
from
the
security
game
and
I
guess
it
is
to
write
code
with
less
vulnerabilities
in
the
future?
A
There's
a
couple
of
I
guess
void,
had
more
comments,
and
just
maybe
I
guess,
see,
feedback
and
suggestions
and
I
think
this
could
also
help
us
lead
into.
How
can
people
contribute
and
what
can
they
contribute,
because
a
lot
of
people
are
also
commenting?
Can
we
have
this
in
typescript
and
Java
I
know
you
just
said
that
different
languages
are
coming
out,
but
I'll
also
just
mention
what
void
said.
B
Pr,
so
we
welcome
PRS
to
fix
bugs,
of
course,
to
improve
the
current
version
of
the
game
and,
as
you
ask
Riz,
we
are
also
welcoming
contributions
for
the
upcoming
season
of
the
game.
Okay,
we
have
the
contributing
dot
MD
file
that
you
can
find
the
url
at
the
top
of
the
game,
with
instructions
on
what
kind
of
languages
we
are
heading
towards
and
what
kind
of
security
vulnerabilities.
B
So
far,
we
had
two
contributors
providing
new
levels
of
the
game
and
we
have
space
for
more
contributions.
So
I
would
like
to
welcome
you
to
open
a
discussion
following
the
instructions
we
have.
More
people
can
cooperate
towards
one
level
of
the
game.
B
It's
a
way
for
you
to
get
credit,
it's
a
way
for
you
to
contribute
into
the
open
source
security
by
creating
content
you
let
more
people
play
what
you
have
created,
which
is
very
fulfilling,
and
you
give
more
people
the
chance
to
try
some
amazing
products
of
GitHub
for
free,
but
they
are
free
for
open
source
like
for
example,
code
ql
is
free
for
open
source,
which
is
how
we
spot
the
security
bugs
code
spaces.
B
You
have
60
hours
for
free
every
month
and
of
course,
you
can
use
maybe
the
power
of
AI
to
get
some
suggestions
or
spot
some
mistakes
here
and
there
in
the
game
I've
seen
some
people
getting
some
extra
hints
from
copilot.
Who
knows?
Maybe
you
have
this
security
developer,
AI
integration
through
the
game
and
you
are
in
a
safe
environment
that
you
can
try
out.
A
I
love
that
that's
so
cool
so
definitely
contribute
y'all,
go
to
gh.io,
secure
code
game
just
to
respond
to
a
couple
of
comments.
I
think
this
user
might
have
missed
when
we
showed
the
executing
the
coding
in
GitHub
code
space,
but
just
go
ahead
and
Rewind
the
video
and
then
you
will
be
able
to
see
when
we
did
that
we
showed
how
to
do
that.
Someone
said.
Thank
you
for
this
talk,
I,
truly
appreciate
it
share
the
repo
again.
A
B
We
have
just
reached
1K
Stars
wow.
The
numbers
show
that
one
1200
people
have
played
their
game
so
far
in
the
past
almost
four
months.
So
thanks
for
your
support,
thanks
for
your
love
and
again
feel
free
to
contribute,
feel
free
to
join
the
wave
of
gamified
security
and,
let's
be
all
part
of
the
same
Community,
the
community
of
the
GitHub
security
lab
yeah.
A
This
is
so
exciting
congrats
at
reaching
that
oh
I
also
forgot
to
say:
I
didn't
even
realize
that
security
Tab
and
how
to
read
the
vulnerabilities
just
having
you
walk
through
that
that
made
way
more
sense
to
me.
I
do
have
a
couple
more
questions
for
you,
and
some
of
the
questions
are.
A
Let's
say
someone
here
does
want
to
learn
the
the
or
want
to
go
through
the
secure
code
game
and
we're
not
at
the
next
season
yet
with
the
different
languages,
but
they
don't
know
whatever
language
it's
written
in
or
or
they
don't
have
the
prerequisites.
Do
you
have
any
suggestions
for
getting
those
prereqs
before
jumping
into
the
game.
B
For
sure
I
might
be
a
bit
biased,
because
the
secure
I
think
you'll
have
security.
Lab
produces
some
content
that
is
developer
first
I
will
say:
do
follow
us
at
GH
security
lab
in
Twitter.
If
you
are
following
GitHub
in
the
rest
of
social
media,
you'll
see
a
lot
of
educational
content
that
is
direct
directed
to
developers
and
it's
about
security.
A
B
B
Online
I
haven't
really
spent
time
on
those
for
the
past
three
four
years,
so
I
might
not
be
super
up
to
date
with
those
ways,
but
if
you
know
a
website
that
is
free
or
paid
or
whatever,
and
you
are
happy
about
the
quality
of
learning,
let's
say
JavaScript
from
from
there
do
get
started
with
security,
and
if
you
follow
the
right,
Pages
like
the
GitHub
security
Lab
at
GH
security
lab
you'll
see
more
news
about
security.
The
GitHub
blog
is
also
a
great
resource
and
you'll
get
updated.
A
Awesome
and
I
see
a
question
here,
which
is
actually
a
question.
I
was
going
to
ask
is
like
on
the
note
of
contributing
more
levels.
Should
each
level
be
contribute
incrementally
harder
than
the
other,
like
any
suggestions
for
contributing
new
levels.
B
I
will
say
that,
and
maybe
Ahmed
first
of
all
great
question
I
will
say,
do
contribute.
Do
make
sure
that
you
read
the
previous
pull
request,
so
you
understand
what
other
people
have
contributed
already
and
that's
not
a
problem.
I
wouldn't
tell
you
to
create
something
that
is
for
a
level
four
or
a
level.
B
Five,
let's
make
a
discussion
about
it
in
GitHub
discussions
understand
what
you
want
to
contribute,
how
you
can
help
they
are
and
leave
it
on
us
to
decide
if
it's
a
good
level
to
level
one
level.
Three,
okay,.
A
B
B
But
the
first
level
of
the
second
season
should
be
at
the
same
difficulty
as
level
one.
You
know,
because
it's
different
languages,
different
vulnerabilities,
it's
not
a
level
six,
it's
a
level
one
in
a
new
season,
I'm
relying
on
a
lot
of
our
open
source
contributors
today
that
they
want
to
contribute
to
open
source.
That's
a
way
to
help.
Also
I
would
like
to
mention
that
yesterday
there
was
a
Canadian
physical
security
company
called
swiftconnect
that
they
created
a
hackathon
out
of
this
a
QR
code
game.
A
B
You're
welcome
every
language.
However,
we
have
some
preferences.
Let's
say
that
you
have
more
chances
for
your
contribution
to
end
up
publicly
available.
We
do
have
some
preference
for
JavaScript,
Java
and
c-sharp
for
this
season
yeah.
So
we
complete
the
Matrix
of
the
most
popular
languages
in
Open
Source
by
adding
into
Python
and
C
of
our
first
season.
Awesome.
A
Awesome
I
have
a
like
a
question
for
you:
I
guess
not
necessarily
related
to
the
game,
but
still
towards
security
and
I'll
still
look
at
the
chat,
but
I'm
just
curious
like.
Why
do
you
think
that
security
ends
up
getting
like
overlooked
during
the
development
phase?.
B
I
think
that
sometimes
that's
a
one
million
Dollar
Question
well
I
ended
up
thinking
that
maybe
the
reason
is
because
writing
functional
code
is
about
forward.
Looking
you
build
great
features
that
you
progress,
something
while
security
is
kind
of
retrospectively
looking
and
you
try
to
fix
backwards.
You
can't
really
fix
forward,
because
that
thing
you
want
to
fix
doesn't
exist.
Maybe
that's
the
way.
B
That's
the
reason,
but
in
the
same
way
developers
see
an
art
in
creating
and
building
and
conceptualize
something
I
personally
see
an
art
in
finding
a
problem
in
something
and
exploiting
it.
But
again
we
are
Developer.
First,
we
want
to
make
sure
that
our
approach
is.
How
do
you
have
security
in
as
a
mindset
from
the
beginning,
yeah.
A
Awesome
we
have
another
comment
that
said,
they
love
the
hints
and
solution,
explanations
that
you
provided
super
helpful.
I
love
the
the
fact
that
that's
added
as
well,
so
people
don't
get
lost
and
then
do
you
have
any
like
little
tips
that
people
that
individuals
can
do
to
improve
Security
in
their
applications
as
they
like
code.
What
are
things
they
can
start
thinking
about
yeah.
B
So
what
I
can
start
thinking
about
is
that
just
visit
the
security
tab
in
your
GitHub
wrapper,
you
have
some
pointers
there
like,
for
example,
having
a
security
policy.
If
you
are
maintaining
a
project
for
sure
my
number
one
scene
is
to
turn
on
the
code
scanning,
which
is
codeql
supported.
Codrell
is
our
like
industry
leading
solution
to
find
vulnerabilities
using
static
code
analysis?
This
way,
every
time
you
push,
you
are
going
to
have
an
alert
in
the
same
way.
I've
shown
you
about
it
and
you
can
just
go
and
fix
it.
B
Another
quick
win
I
can
think
about.
Is
that
always
think
what
can
go
wrong
if
you
are
having,
for
example,
an
input
field
that
is
asking
for
a
name
and
a
surname?
B
You
might
be
very
innocent
if
you
think
that
every
person
around
the
world
that
is
has
access
to
Internet
is
going
to
add
their
name
and
their
surname.
People
might
try
to
add
other
things
and
try
to
understand
your
security.
The
security
of
the
application
and
the
final
tip
is
that
try
not
to
reinvent
the
wheel
security
is
not
a
problem
but
started
today.
There
are
solutions
to
known
problems.
A
Okay,
that's
so
true,
actually,
because
there's
going
to
be
problems
that
people
have
seen
time
and
time
again,
there's
already
solutions
to
them.
Why
create
a
new
Solution?
That's
so
true,
and
then
there's
a
lot
of
people
in
the
chat
that
I,
think
and
and
that
play
the
game
that
are
really
excited
to
start
their
careers
within
security.
Do
you
have
any
tips
for
or
advice
for
people
looking
to
focus
their
career
on
security.
B
B
Try
to
stay
up
to
date
with
security,
which
is
difficult
and
always
try
to
have
a
technical
balance
and
Theory
balance?
You
have
to
understand
things
in
depth
in
order
to
exploit
them
in
order
to
understand
what
can
go
wrong,
read
great
resources,
again,
GitHub
security
lab
with
so
much
great
research
about
it,
where
class
and
at
the
end
of
the
day
is
the
same
advice
in
every
field.
If
you
do
security
or
if
you
are
doing
art,
if
you
are
passionate
about
it,
there's
always
a
way.
A
That
is
really
really
great
advice,
I
will
say,
reading
and
and
just
understanding
how
vast
the
field
is
as
well
a
lot
of
times.
People
like
oh
I
want
to
get
into
engineering
or
devrel
or
whatever
I'm
like
there
are
so
many
different
little
sectors
that
it's
good
to
understand.
All
of
the
different
like
areas
in.
B
Here
by
the
way,
am
I
right
thinking
that
we
have
thousands
of
comments
today,
like
I
I,
can't
believe
the
number
of
comments,
and
thanks
so
much
for
your
love
and
your
support.
We
would
love
to
hear
more
from
you
in
the
upcoming
days
about
the
security
game
or
your
ideas
around
security
thanks
so
much
for
joining
us
today
and
we
have
more
stay.
A
Here,
yeah
yeah,
I'm,
really
I'm,
I'm,
loving
the
comments,
I
love,
doing
open
source
Friday
because
everyone
gets
really
engaged
but
I'm
very
like
impressed
at
how
many
people
are
interested
in
security
and
learning
more
about
security.
A
B
So
it
was
an
idea
of
my
manager
Soviet.
He
always
thought
that
if
security
is
gamified
and
if
they
come,
if
the
users
and
players
can
have
these
cut
ends
of
seeing
an
alert
and
fixing
an
alert,
it's
gonna
be
nearer
to
them,
and
then
it
was
all
about.
How
do
we
do
this?
How
can
we
execute
something
that
is
nearer
to
them?
B
B
A
I
love
that
thank
you,
okay,
so
I
think
we
kind
of
covered
most
of
the
things
like
why
we
built
it.
We
got
to
see
a
demo.
People
are
interested
they've,
seen
the
link
on
your
strategy,
how
people
can
navigate
their
security
careers
before
I
move
into
like
some
of
the
fun
questions.
Are
there
any
things
that
you
wanted
to
either
bring
up
that
I
didn't
get
a
chance
to
bring
up
or
you
wanted
to
emphasize.
B
I
will
say
that
I
think
we
covered
pretty
much
everything
that
I
wanted
to
cover
today.
B
I
will
say
that
in
the
beginning,
when
we
released
this,
it
was
an
experiment,
because
you
never
know
if
people
are
gonna
be
interested
in
security.
It's
really
hard
to
to
get
the
attention
of
Developers
for
security,
but
the
biggest
lesson
learned
is
that
maybe
the
Aries
meet
for
security
education.
There
is
a
need
for
people
to
learn
security.
B
The
way
that
it's
not
shifting
their
feelings,
I've,
seen
security
being
a
way
to
make
people
feel
a
bit
of
less
or
not
so
capable
of
what
they
do
in
the
same
way
that
if
I
ask
someone
to
spot
the
mistake
in
level
one,
maybe
if
they
don't
spot
it
in
the
first
five
minutes,
they
feel
that
they
are
not
good,
Technologies
or
good
developers.
They
are
something
like
that
in
in
security.
So
the
biggest
lesson
for
me
is
that
everybody
is
different.
Everybody
is
great
at
different
things.
B
Everybody
learns
at
their
own
pace,
for
example,
I'm
someone
who
learns
in
a
visual
Manner
and
if
I
learn
something
that
I'm
not
interested
at
or
I,
don't
really
like
the
delivery
of
it.
I
just
get
turned
off
straight
away.
So
that
was
something
that
it
was
a
very
big
lesson.
So
try
the
game,
try
to
understand
if
you
like
security,
if
you
don't
like
security
or
what
you
don't
like,
is
the
way
that
security
was
taught
or
provided
to
you
in
the
past
from
there
take
it
easy,
don't
get
intimidated.
B
If
you
feel
that
it's
harder
than
your
abilities,
everybody
is
different
thanks.
So
much
for
your
comments,
I'm
reading
the
child
at
the
same
time,
take
it
slow.
If
someone
can
solve
this
in
I,
don't
know
five
hours.
Maybe
they
cheat
so
take
it
slow.
Everybody
learns
differently
and
trust
me.
I
have
a
hard
time
and
I
take
a
lot
of
things
to
learn
my
life
in
all
other
areas,.
A
I
love
that
you
brought
that
up,
because
I
do
think
it
can
be.
Security
can
be
intimidating
and
there
could
be
people
that
are
watching
that
are
like
oh
they're
able
to
do
this
because
they're
they're
on
a
twitch
stream,
but
I
also
I,
agree
with
you
saying
it
takes
me
some
time
to
like
learn
a
lot
of
technical
things.
I
have
to
take
my
time
and
read
and
try
things
out,
I'm
more
of
a
Hands-On
learner.
A
A
All
right,
so
I'm
gonna
move
to
some
of
the
to
the
fun
questions
that
I
normally
ask
guests
they're,
just
they
have
nothing
to
do
with
open
source
or
anything.
It's
just
fun
to
talk
about,
and
my
first
question.
Well,
it
gets
a
little
bit
technical,
but
my
first
question
is:
what
is
the
first
programming
language
you
learned.
B
Okay,
I'm
gonna,
that's
gonna,
be
like
a
Snowball
Effect
like
an
avalanche
in
the
comments
right
now,
people
are
gonna,
get
it
I,
don't
know:
okay,
the
first
programming
language
that
I
was
forced
to
learn.
Okay,
it
wasn't
my
choice.
It
was
the
choice
of
the
curriculum
of
the
course
that
I
started
and
I
had
to
do
it
for
three
months.
B
B
B
A
Doesn't
a
good
question
so
technically
I
don't
know
if
these
are
really
considered
programming
languages,
I
learned
SQL
first,
because
I
was
like
I
want
to
learn
to
code
and
I,
didn't
really
know
what
coding
was
so
I
just
started.
Learning
SQL
and
I
was
like:
how
does
this
build
a
website?
I
don't
get
it
and
then
after
that,
I
learned,
HTML,
CSS
JavaScript,
but
yeah.
That's
what
I
learned
first
next
question
for
you:
if
money
wasn't
an
issue,
how
would
you
ideally
spend
your
time
whether
it's
job-wise
or
not,
job-wise.
B
B
Because
it's
very
cheeky,
if
you
just
ask
the
people
coming
in
the
show
so
moving
from
like
the
technical
thing
straight
away
into
what
your?
What
did
you
eat
like
before,
coming
in
the
show
like?
What's
your
last
text
message
and
the
other
questions
I
I
had
to
answer
last
time,
I
was
in
the
show
with
Zab
and
met
has
Floyd.
So
it's
not
so
fair,
so
I
I
returned
like.
A
I
have
to
okay,
I
gotta,
get
prepared
before
I.
Actually,
the
next
question,
other
people
are
saying
what
they
learn.
Someone
said
they
are
just
said:
they
started
with
C
in
Java.
At
the
same
time,
because
College
professors
told
made
them
sequel
is
fun,
someone
said
cue,
basic
or
Fortran.
This
is
awesome,
I
love
it
all
right.
Myrn
stack,
okay,
cool,
so
I
gotta
get
prepared
to
answer
this
question
before.
A
But
my
next
question
to
you
is:
what
did
you
learn
today
and
the
reason
I
asked
that
is
because
I
had
Sam
Simon
Willison
on
the
show
and
like
that
was
one
of
the
things
he
brought
up
like
the
things
that
he
learns
each
day
like
he
tries
to
learn
one
thing:
even
if
it's
not
technical,
so
I
I
decided
to
ask
people
that
okay.
B
What
did
I
learn
today,
super
unrelated
Okay,
so
yesterday,
I'm
gonna
come
to
today.
Just
give
me
a
moment
so
yesterday,
I
went
for
Iran
and
my
feet
didn't
fit
great
at
all,
so
I
realized
that
I
need
to
change.
My
running
shoes
and
I
did
some
research
last
night
about
like
latest
trends
in
running
shoes
and
technology
and
stuff
like
that,
because
there
are
the
past
time,
I
got
running
shoes.
B
It
was
like
three
years
ago,
so
I
have
a
brand
that
I
love
I,
can't
really
mention
in
life,
because
it's
kind
of
advertisement
for
free,
okay,
if
I've
brought
thousand
new
advertisements.
But
let's
say
that
I
learned
today
that
there's
another
brand
with
more
improved
technology.
That
cautioning
is
very
important
for
my
running
style,
so
I
went
somewhere
in
run
in
London
I'm,
based
in
London,
near
Central,
London
that
they
simulated
my
running
technique,
and
they
told
me
if
I'm,
like
touching
my
feet,
a
bit
more
forward
and
backwards.
B
A
That
is
so
cool
to
learn.
Okay,
there's
not
much
that
happened
today.
Besides
me
doing
open
source
Friday,
so
I
don't
know
if
this
is
a
cop-out,
but
I
still
I
still
just
learned
that
you
can
right
click
on
a
file
and
do
run
python
file
in
terminal.
So
someone
said:
is
it
just
shoes
when
you
can
just
do
it?
It.
B
Was
one
of
their
research
Brands
I've
done,
but
I
don't
want
to
disclose
if
I
have
the
simulation
there
or
not,.
B
Or
GIF,
okay,
so
my
allergic
is
that
you
know
a
gift
like
a
present
is
pronounced
gift
and
there
were,
for
example,
geek
g-e-ek
is
still
geek
So.
Based
on
that,
let's
say
that
gif
is
gift
without
the
Tia
the
end
different
things.
What
do
you
think
it
is
or
what
do
people
think
a
soft
T,
soft
G
or
hearty.
A
So
far
when
I've
had
people
come
on
the
the
show
most
people
say
GIF
but
I
say
GIF
I,
don't
know
why
I
just
say
Jeff,
because
that's
what
I
thought
it
was
and
I'll
continue
to
to
keep
saying
that
all
right
and
then
my
last
question
to
you
and
it's
okay.
If
you
don't
have
the
answer
to
this,
oh
Javier
said
as
if
English
pronunciation,
true.
B
Exactly
yeah
I,
like
Melody
and
find
out
I
believe
that
this
song
is
about
like
having
like
high
guards
because
of
past
experiences.
While
in
the
future
there
are
someone
that
you
can
draw,
they
got
so
it's
maybe
a
lesson
learned
for
everybody
again
level.
One
is
a
crackle
game.
If
you
feel
like
guard
is
very
high,
like
Beyonce
says,
hey,
look,
hello,
I,
remember
that
you
can
drop
it
in
level,
two
level,
three
Etc
and
yes,
I.
Don't
let
me
sing,
as
you
see
in
the
comments,
but.
B
I
think
the
last
time
in
the
show
it
was
like
who
run
the
world
girls?
Oh
yeah,
yeah,
exactly.
A
I
love
it
so
dang
I
have
a
lot
of
favorite
Beyonce
songs
right
now,
I
like
coffee
from
her
her
new,
album
Renaissance
but
I.
B
B
Before
this
goes
live
on
YouTube
and
stay
there
forever.
A
A
Thank
you
so
much
Joseph
for
coming
on
chatting
about
the
secure
code
game.
Thank
you
so
much
for
even
just
creating
it,
because
I
think
this
was
really
like
a
good
thing
that
developers
needed.
Clearly.
It
was
because
a
lot
of
people
tuned
in
a
lot
of
people
wanted
to
learn
about
security.
I
also
want
to
thank
like
a
lot
of
the
people
in
the
comments.
Just
thank
you
for
watching.
Thank
you
for
being
very
engaging.
B
Thanks
so
much
for
having
me
in
the
show,
and
thanks
again
to
the
like
the
the
response,
the
engagement
today,
the
the
flow
of
the
comments
was
so
fast.
I
couldn't
really
like
get
up
with
it.
In
the
beginning
of
the
of
the
show,
your
response
is
making
me
emotional.
This
is
one
of
my
favorite
like
times
in
the
show,
and
things
are
getting
released
for
the
invitation
and
thank
everybody.
Wherever
you
are
in
the
world
today,
we
are
united
by
gamified
security.
Yes,.