Hacking Portugal Dinis CruzLisbon, 29 Nov 2016

Making Portugal a global player in software development

I’m Portuguese , living in London for 20 years

Application Security consultant and mentor (SMEs, FTSE 100)

Very technical with developers very pragmatic with management

very strategic with boards

Extended version• Book:

https://leanpub.com/hacking-portugal

• BSidesLisbon Keynote (103 slides)https://github.com/DinisCruz/keynote-bsideslisbon/issues

• GitHub repohttps://github.com/DinisCruz/keynote-bsideslisbon

• All content released under Creative Commons (CC BY 4.0)

• Even more ‘interesting’ ideas :)

Hacking Portugal• As technology and software becomes more and more

important to Portuguese society it is time to take it seriously and really become a player in that world.

• Application Security can act as an enabler, due to its focus on how code/apps actually work, and its enormous drive on secure-coding, testing, dev-ops and quality.

• This presentation will provide a number of paths for making Portugal a place where programming, TDD, Open Source, learning how to code, hacking and DevOps are first class citizens.

5

Key concepts

6

• Portugal has sovereignty over it’s cyber network • Portugal network and applications are NOT secure

• it’s safe due to lack of attackers • the problem are criminals and their evolving business models

• Hacking is good and everybody should hack • Portugal can become a leader in cyber and Application

Security • Portugal should strategically embrace Open Source and

Creative Commons • Government is key player in innovation and infrastructure • Use Risk Workflows and Data to expose reality (and insure it)

Key suggested ideas

7

• Make Portugal's internet a hostile place to create, publish, and host insecure applications and IoT appliances

• Create Ministry of Software • Portuguese Hacking Service (instead of ‘Servico Militar Obrigatorio’) • Portuguese Hackathon League • Bug bounties for everything inside Portuguese cyber network • Clear Software Act • Software Testing Institute • ASAE for Code

• Create ‘Code Made in Portugal’ brand • All code created and bought by Government is Open Source • Open Source Portuguese code

Portuguese Network to be hostile to insecure code

Allergic to insecure code• Make Portugal’s internet a hostile place to create,

publish, and host insecure applications and IoT appliances

• Portugal has sovereignty over it’s network, it can pass laws to protect it

• Supported by an collaborative commons • Strong enforcement, regulation and market pressure

9

Attack vulnerable code• I want vulnerable apps and appliances that are plugged

into the PT national network to be hacked within seconds • Hacked by good guys who are trying to help, by fixing or by

disabling • Mandate from government to authorise hacking to vulnerable

devices (computers, routes, IoT) and fix them • This mandate is ‘given’ to us by the manufacturers, once

they push apps/code with vulnerabilities

10

Next generation of internet users• We can’t allow them to:

• fear the internet • allow fear to govern their actions • lose trust on the Internet via repeated negative experiences,

for example: • identity/credentials stollen • maliciously hacked doll or light bulb • malicious ‘trusted’ website attacks their computer • lose control of email account or other online account • car or phone malfunction • ransomware attacks on files, doorknobs, fridges or even hospitals

11

Hackers

Hacking created the Internet • It is important to state that hackers are the good guys. • ‘Hack’ is to solve problems, to find innovative solutions in

a creative way. • The press abuses the term ‘hacker’. • Instead, they should qualify the word by saying ‘Malicious

Hackers’ or ‘Cyber Attacks’ or ‘Cyber Criminals’. • The internet and just about most of the technology we

use today was dreamed and created by hackers

13

Hacker’s values• The Software, InfoSec and Hacking community has a

strong ethical foundation, based on the following qualities: • sharing • respect • friendship • trust • non-discrimination • humanity and companionship

14

Inspire next generation• We want to inspire the next generation with these values.

• it is very important to have frames of reference for things that work

• we need to provide an alternative narrative to the current mainstream narrative of ‘lies’, ‘non-experts-welcome’ and ‘infotainment’.

15

Securing our future• The ‘hackers’ that grow-up creating distributed bots to attack

insecure apps/code/appliance in the PT network (as part of the Portuguese Hacking Service) …

• … are the same ones who will create a ’distributed peer-to-peer drone network, to combat fires in Portugal’

• … or the ones that will create technology to sell Portuguese products around the world

• … or the ones that will make Portugal a leader in alternative energies

• … or the ones that will develop innovative financial services or even currencies

• … etc… 16

Privacy and Liberty

Defend privacy• Privacy and Anonymity are human rights • All should be innocent until proven guilty. • The US and the NSA redefined the notion of surveillance to

be ‘looking at data’, rather than ‘capturing data’. • Large tech companies’ business models are often based

on their users having no, or reduced privacy • Governments are actively making the internet less secure in

order to continue to easily access user’s data • There is space for new global players that play by different

rules • namely rules that defend the individual and civil society

18

“Arguing that you don’t care about the right to privacy …

…because you have nothing to hide,

…is no different than saying that you don’t care about free speech,

… because you have nothing to say”(who said this?)

Cryptography• Cryptography underpins Privacy which is essential for human

dignity • Cryptography is a public service and capability. It is crucial to

protect user data • Cryptography also has an excellent tradition of not relying on

security by obscurity, and expecting the attacker to have all code and encrypted data (the only private data are the encryption keys)

• Strong cryptography should be seen as a good thing, specially if it enables the end-user to control their data.

• We need a healthy level of civil disobedience in society, or new ideas will not get the space to flourish and gain wider acceptance by society.

20

The Need for Disclosure• We need disclosure of what is going on with technology in

companies. • Companies today, even Open Source ones, don’t have to offer

full disclosure. • The market doesn’t work, doesn't reward good, ethical players.

• To change this system, we need to use the power of disclosure to make Government and companies play fairly and correctly.

• The government could use its purchasing power to define the rules of engagement, • … if EU laws don’t allow it, then Portugal should sue the EU :) • … it’s time we pushed some of our rules and ideas onto the table.

21

Whistleblowers have an important role• Whistleblowers are important because they can make the

markets more efficient. • Whistleblowers are not needed when public actions, and

statements, match (the real) private actions. • Of course, there will still be secrets, but in smaller

numbers, and they will be very well protected (as they are today). • “When everything is a secret, nothing is a secret”.

22

Important concept:

Integrity and availability are much harder and dangerous than

confidentiality

Compare that with all the current focus on data privacy or credit

cards leaks

Attacking Portugal

Cyber crime is the problem• The real danger is from criminals who use the internet and

vulnerable code for financial gain • They run highly professional and well staffed operations • They have great customer service • They have amazing technical skills (cryptography, peer-to-

peer networks, PaaS, marketplaces) • Sophisticated business models (getting better all the time) • Already making millions and billions of euros in revenue • We need to make Portuguese network hostile to criminal

activity • Police and Hackers (i.e. civil society) have a big role to play

25

Attackers ROI (return on investment)• What can they do with $100K investment

• buy zero-days • buy compromised machines inside .pt networks • buy botnets to be used to attack .pt companies

• How much money is it worth?

• What is the ROI for the attacker?

• Who would survive?

26

Cost of to buy an zero day

Thank your attackers• “If the attacker tells you about the attack, they are your

friends” • The real attackers (namely criminals and nation states)

will not tell you since it is against their own interests. • Once you know about it, you will find a way to protect it

and fix the vulnerability exploited. • The positive side effects of any public attack (data

dumps, site defacing, DDoS) are bigger budgets, board-level attention and demands for security, an increase in AppSec staff hires, and more collaboration between ‘companies on the defence side of things’.

27

How Secure is Portugal?• How secure and safe are Portuguese companies and

infrastructures? • Portugal today is a very digital country, and most Portuguese

companies are software companies. • If you look at how they operate, all of them use software and

controlled by software • The question is, how secure are they?

• How well can they sustain an attack? • How well can they detect and react to a possible attack on their

digital infrastructure? • What is the probability of an attack happening in the short term? • How safe are they?

28

Is Portugal safe?• Yes! • Is it secure? • No! • Portugal’s Government, Companies and citizens current ‘secure state’

(i.e likelihood of attack is low), depends on: • A low number of attackers • A low level of skills of existing attackers • Unsophisticated business model of existing attackers

• Bottom line: • Portuguese companies and individuals … • … are not attacked because they are secure • … they are not attacked • … due to lack of ‘commercially focused’ attackers 29

The Emperor has no clothes• To be clear, Portuguese government agencies and companies are NOT

secure, and have many high-risk vulnerabilities and exploitable assets. • It is very important that we accept this fact so that we can find the

necessary political, economic, educational, and social solutions • There are no silver bullets or easy solutions, and anyone who says so is a

snake-oil merchant. • The ideas in this presentation are about making Portugal a player, rather

than being played, and giving Portugal a chance to defend itself, and improve Portuguese society.

• The worst aspect of our status is that we are not prepared for what is coming next, in terms of AppSec.

• Our response to terrorist incidents in the past shows how badly we respond as a society to security incidents for which we are not prepared.

30

Think I’m wrong?• If you don’t believe that Portugal is insecure, then prove me

wrong in your answers to the following questions: • Where is the evidence of Security and AppSec practices? • How big is the Cyber/App Security market in Portugal? • How many threat models are created per week? • How many lines of code are reviewed for security per week (aka

‘security eyeballs’)? (Bear in mind that secure code reviews are very different from normal code reviews).

• Security, like Quality, just “doesn’t happen” • It needs focused effort and strong feedback loops • The current Portuguese security model is based on

‘Security Fairies magic pixie dust’. 31

Don’t worry, you’re safe• Although these are contradictory concepts, my thesis is

that Portugal is both highly insecure, and, for the moment, quite safe.

• Portugal is safe is because there are not enough attackers targeting the current insecurities of the system.

• This will probably remain the case for the next couple of years.

• The problem is what happens after that, when the criminals improve their business models and start to focus on Portuguese assets.

32

Be proactive and profitable• The question is:Does Portugal want to be like the rest of Europe and get caught in the crossfire?

• Or does it want to be proactive, and create an industry which could become very powerful, very effective, and very profitable for Portugal, • that could also help to secure Europe and help the world?

• Note that as attackers get more sophisticated they will gravitate to countries/companies with weaker defences

• Massive worldwide Cyber/AppSec skills shortage today • Big opportunity for countries like Portugal

33

Public health analogy• Cyber Security is a public health problem • We should be training cyber/AppSec specialists using

similar techniques to the ones we use to train doctors, nurses, etc

• We have an epidemic at hand at the moment • We need to gain immunity

• The decisions that we make in the next couple of years will determine how well prepared we will be to deal with wider outbreaks, and how quickly we can learn

34

Red or blue pill?• We need to choose whether the paradigm for cyber

security is one based on: • the military (offensive, top-down) • or on public health (defensive, distributed)

• There is a reason why the army is not supposed to be involved in civil activities such as crowd control or disaster support • the military is designed to defend us from our enemies • police and other civil forces should focus on protecting the

individual • We need to focus on Defence not on Attack

35

Hack like football

We are global ‘players’ in Football• Portugal is one of the best teams in the world • Portugal is currently 8th in the Fifa world ranking, and we

deserve to be there! • Why is that? • Is this an exception or can it be repeated in other

industries?

37

Why is Portugal so good at football• Everybody can play football • Because our kids play it all the time • They love it when they play, so they are in the ‘zone’

• most optimal place to learn • Supported by school’s activities • Good social rewards and locally community support • Great support system (to find, select and nurture talent) • Good financial rewards for a large number of players (not

just the top)

38

Let’s do the same for hacking• Everybody can hack (from the kids, to the unemployed, to

the convicted criminals, to the retired) • Our kids should be hacking all the time • They will love it when they hack, so they are in the ‘zone’

• most optimal place to learn • Support those activities on school

• ‘Caputure the (school) flag’ should be an source of pride • Provide good social rewards (vs treating them as criminals) • Create support network to find, select and nurture talent • There will be good financial rewards for a large number of

hackers (there is a massive skills shortage in our industry)39

Portugal Hackathon League • Organize Hackathons in Portugal

• Just like we do for Football • Bring ‘PT Hacking’ teams to DefCon

• sponsored by PT Government and PT Companies • See these teams as source of pride • Best way to learn is to be asked to solve a problem from

all sorts of angles (and technologies) • Solve maths problems using code and graphs (not ‘only’

on paper)

40

Portuguese Hacking ServicePHS

PHS• In the past Portugal had a Military Service called ‘Servico

Militar Obrigatorio’. • We should update this service to the 21st Century, and make

it a Portuguese Hacking Service, for 15 to 21 year olds, with the following mission objectives: • hack everything that is plugged-in into PT’s network • hack companies with public bug-bounties • code-review Open Source code developed in PT • code-review code marked as ‘strategic interest for Portugal’ (i.e.

widely used by PT companies and mission critical for them) • contribute to Open Source projects with patches and fixes • help SMEs with their digital security and DevOps

42

Embrace criminals and elderly talent• Teach convicted criminals how to hack (in jail or after release)

• good use of their ‘skills’ • give them a career • show them a way to make money legally • teach them ethics and the value of collaborating • most criminals are there due to bad choices or unfortunate events (and

deserve a chance at a better life) • Encourage retired people to hack

• we lose a lot by not using their expertise (and by not learning from them) • In the past, the old ones, where the wise ones

• They are engineers, doctors, programmers, teachers, accountants, architects, parents, etc.

• People grow old, not because of age, but because they stop being mentally and physically active

43

Leader in Application Security

Past innovations • Portugal has a great history of

inventions:

• Carrack (Nau) - the Oceanic Carrack (a new and different model, and largest carrack)

• Galleon (the Oceanic Galleon)

• Square-rigged caravel (Round caravel). …

• The Nonius.

• The Mariner’s astrolabe.

• The Passarola, the first known airship.

• The Pyreliophorus.

• Tempura.

Drugs Decriminalisation

• great success story of what happens when bold decisions are made.

• Portugal went from a very high rate of consumption and overdose, to one of the lowest (in 14 years)

Portugal as a Leader in AppSec• Portugal could be a leader in AppSec. • Portugal has a rich history of providing leading innovators

and ground-breaking researchers in navigation, in maritime research, and exploration.

• In the same way that Portugal navigated and lead the seas, Portugal could now an lead in coding.

• Portuguese researchers are highly innovative. • Let’s follow our great history of leading important change

and discovery.

47

“Code Made in Portugal” brand• Code written in Portugal will make a massive difference • Key to create supply chains of quality and talent • Good software development teams (from developers to

management) are one of the most important assets of a company and country. • They are the ones who add value. • They create reality, and ultimately they control your lives.

• “Made in Portugal” is the key for PT economy (and Europe’s sustainability)

• key objective is to encourage and foment the Portuguese software industry (which will have massive multiplier in other industries)

• The age of sustainability is upon us, let’s put Portugal in the middle of it

48

What is Portugal the best at

• for PT it says “Portugal - rate -graduating high school” • we can do better than that • we should be world leaders in: software, craftsmanship,

cyber security, secure coding, devops, food 49

Government

Government’s role• The Government has a big role to play in this

transformation, not as a ‘Command and Control’ entity, but as a benign influence to level the playing field.

• A major problem at the moment is that many world governments view technology as a way to exert more control over their citizens.

51

Who controls the world• The world is dominated by entities and companies who:

• control finance • control technology • control networks (made of technology) • control intellectual property

• Unfortunately for Portugal, it’s strength does not lie in these areas

• Portugal must challenge the rules of the game • aligned with its strategy and sovereign interests

• Moving to Open Source values and activities, and embracing secure coding/hacking will change how this game is played.

52

Code is law• Software is made of Code • Code is Law (since it defines the ‘rules of the game’) • Code controls Portugal, • … which means that Software controls Portugal

• The problem is, Portugal controls very little of the software it uses

• It is time for Portugal to take control of the software. • This should be a strategic objective of both Portuguese

companies and the Portuguese government.

53

Iterate Exponentially• All ideas presented should NOT be implemented as a Big Policy or a Big

Vision! • Anyone who sells a big, expensive solution, that only major companies

can implement, is selling a scam. • Small changes, and marginal gains, are the right way to implement

DevOps and government policies: 1.Start small 2.Deploy 3.Learn from deployment 4.Make changes (enhance, fix or refactor) 5.Go to step 2, and repeat

• These are the solutions for SMEs, individuals, and small teams who work on the ground, understand reality, and are accountable to their local communities.

54

Ministry of Software• Everything is software, i.e. code

• including all DevOps scripts and even things like Firewall rules • Managed at high level within Government • PT CTO and CISO • Create Code For Portugal initiative using a collaborative commons

model (similar to the USA’s @codeforamerica) • Manage the PHS (Portuguese Hacking Service) • Commitment to only buy, commission and use applications/websites

that: • have released their code under Open Source licenses • have released all their info and schemas under non-restrictive Creative

Commons licenses • Manage Portuguese bug-bounties and hacking championships

55

Clear Software Act• Clear Software Act, like the ‘Clean Air Act’, but focused on code

quality and security, would go some way to changing the game and how it’s played.

• Large numbers of our community are resistant to any kind of regulation, and there are many companies that profit from this resistance.

• As Upton Sinclair said, “It is difficult to get a man to understand something, when his salary depends upon his not understanding it”.

• The problem however is not regulation and standards, but bad regulation and standards.

• Good regulation, in areas like health and environment, has made major improvements, and we need to do the same for software and code.

56

Software Testing Institute• We need to measure and visualize the side effects of code,

and we need to measure the ‘pollution’ created by insecure code and apps.

• We need a focus on Quality and Services, where we want to encourage innovation and make it easy and cheap to create (secure) code in Portugal.

• Portugal could adopt, and use testing as a way to leapfrog more advanced nations.

• A Software Testing Institute would allow us to measure and capture this information. The work of such an institute should focus on testing code and apps and creating labels for them.

• Embrace DevOps and Containers movement57

Portugal wide bug bounty• A Portuguese Software Testing Institute could also include bug-

bounties as a core activity. • Today, there are bug bounties everywhere, and they are a sign of good

InfoSec and AppSec • Portugal is already one of the top contributors to global bug bounty

programs • Is there any public bug-bounties for a Portuguese company? • Even the Pentagon has a bug-bounty program • These must be a core activity of both business and government

• Receiving appropriate investment and publicity. • Crowdsourcing the solution

• Lead the creation of standards and metrics for the Insurance companies/industry.

58

ASAE for codeAutoridade de Segurança Alimentar e EconómicaAuthority for Economic andFood Security

When regulation loses the plot• We need to learn from what worked and what didn’t

work with ASAE • There was a severe lack of common sense and everything

that is bad with ‘security regulation’ • An ASAE for code mustn’t kill innovation and become a

‘TAX’. • It needs to empower and reward good behaviour, and

have a common-sense approach to its operations. • As cyber security gets worse, if we don’t have good,

positive alternatives, an ASAE is exactly what we will get. This is not a good prospect.

60

Insurance• The insurance industry is key to making this work. It will

push for good metrics to measure secure coding and secure deployments (i.e. how code/apps/software are used in the real world).

• It will provide a way to compare companies and technologies, and this will make the market more efficient.

• Many companies will decide to insure insecure code, and teams that create insecure code/apps. • That is ok, as long as that information is disclosed. • The insurance companies will increase the premiums

depending on how secure an Company or App is

61

Code Nationalisation• Nationalising code is a nuclear option for cases where

companies refuse to share their code. • It is essential to move to a world where good regulation allows

every line of code that is running and touches our data to be: • public • peer-reviewable by independent parties • compilable by independent parties • signed

• This not only includes websites and ‘traditional software’, but also operating systems, device drivers, IoT devices, network devices, microchips, etc.: in short, anything that can access or manipulate data.

62

63

• I’m a strong European and I believe in Europe • But Europe needs to change and refocus on country sustainability • Portugal should not have to ‘beg’ the EU for funds to support these ideas. • EU, and other global organisations and companies, should choose to

invest in Portugal because they want to benefit from the perfect storm of talent, energy, regulation, focus and activities that will exist here.

• They should invest and participate here because it is in their best interests, and it is where they will get the best return on investment.

• This kind of collaboration and investment is what the EU should be all about: • a Collaborative Commons • a global village • shared care and respect for each other (and their contributions)

European Union

New currencies for southern Europe • A good solution for the Euro Problem (for weaker

economies like Portugal) is to create alternative currencies • We know how to do this now (with blockchain technology) • Multiple Fintech companies exploring all sorts of business

models and workflows • These currencies should be 100% compatible with Euro

(so that they work side-by-side) • Created by next generation of Portuguese Hackers

• Hacking a currency is quite a nice challenge

64

Open Source Portugal

Openness and transparency are key• For most of the ideas defended here to work, and not back-

fire even if they create strong command-and-control systems/environments, we need a very high degree of transparency and openness.

• This is exactly what the Open Source and Creative Commons worlds provide.

• OWASP is a good example of an organisation that has a very strong open model, from what is created, to its governance and fiscal transparency.

• Git is also a key part of this, since Git enables effective collaboration, allowing others to contribute, even if they are direct competitors in other products/services

66

Open Source is not communism• Proven business model with Billion dollar companies • Used by all major companies and governments in the world • Proven community model with large successful enterprise

software developed by thousands of developers • Open Source is not just code • Open Source (and Creative Commons) is an approach to

how to communicate, live and share • Embracing open source values makes markets more

efficient, fair and profitable (for a wider group) • Use Open Source as a way to change the rules of the game • Its a matter of when not if

67

FOSS values• FOSS (Free and Open Source) programs are a good model to

use, as they allow users to share and collaborate programs. • They empower users, and could potentially create thousands

of PT based FOSS companies. • The positive values of Open Sourcing are as follows:

• access to code • no lock in • no discrimination • liquid collaboration

• Of course, using Open Source code doesn’t mean that it will be perfect.

68

Open Source is expensive• We need companies to sell Open Source code

• The take-up of Open Source will help us to remove the ‘proprietary lock’ of closed software, which creates perverse incentives and does not allow the peripheral countries (or players) to have a strong role in the quality and security of that code.

• Open Source software is not Free • Any code has a cost and a side effect. Using Open source

code doesn’t mean that you don’t pay for it, it just means that you pay in other ways than a direct financial transaction.

69

OpenSource.pt• All code written (and paid) for Government agencies to be

released under an Open Source license • All Government created documents to be released under

Creative Commons • Portuguese companies to publish their code under Open

Source license, and technical documentation under Creative Commons

• Pay for Open Source software (in license and per usage) • The financial model for this needs careful consideration.

• The key is that the makers of Open Source code that is used, should have a revenue stream equivalent to that use, so that they can spend more time with that software, and even hire more devs to work on it

70

Open the source of Portuguese code• Government and private companies to create venture

capital funds to buy existing software companies and Open Source their code

• Those companies should use part of that money to transform their business model into one based on the Open Source stack • they wrote it, so have a massive competitive advantage • but local companies would also be able to provide those

services • ROI of investment on PT economy would be much bigger

then amount invested71

Why Portugal

Easier in small country• It is easy on a smaller country, with less agendas and big

lobby groups • we already have the power to make these changes • this is an issue of sovereignty and independence

73

Big questions and answers• We are currently faced with big questions and changes on

privacy, liberty, humanity, freedom, work … • … which are all centered on technology (and secure code), • … these questions need to be discussed, understood and

addressed: • there are no perfect solutions • we need to achieve a workable compromise and make sure we take

the best course of action • I don’t claim that all my ideas are good, that they will work or are even

all realistic, especially in the current political and economic ecosystem • but I know that big changes occur when we head in the right direction

and can experiment, adapt, refactor and improve

74

Raise the bar of the discussion• We live in an era where ideas are not debated, experts

are ignored, science is not respected, and lies are accepted • this is very dangerous for us … • … for our kids • … for Portugal • I want to discuss and act on ideas (not on events or people) • we need a better, more informed, more knowledgeable, more

empowered media, to keep the system accountable

75

Protect the internet• The internet is one of the biggest gifts given to humanity • The first generation made it open and free (in both cost

and freedom) • Internet’s success is a testament to those decisions and their

values • Now the time has come for our generation to continue on

their footsteps and keep it that way (for the next generation)

76

Portugal has…• Strong sense of ethics and community • Good engineering and math education • Good ability to ‘solve problems’ (and make it work) • Learned the hard way what it feels like to be the junior

player (financial markets’ speculation on PT’s economy helped to create the situation that lead to the EU bailouts) • we have hit rock-bottom with multiple financial crises and

several a European bailouts • only way is up

77

Our turn to fight for what we believe• Our parents fought against fascism, against racism, for

pensions, for human rights, for women rights, for rock & roll, etc… • it is our turn to realign society and shift the balance of power • this is about removing control from central organisations

(governments, big companies) and give them to individuals and collaborative commons

• currently the power is in the hands of who controls the networks • It’s time to change that

78

What is the future of Portugal• to be a garden for Europe, a holiday destination • to be a small pawn in the global forces that control the

worldor

• To work together with CPLP (Community of the Portuguese Speaking Countries) in an united partnership

• To be a powerhouse that inspires and leads the world in technology and secure coding

79

Sail the code• Lets use code to create a generation

with strong work ethic and values • Lets create a new reality for Portugal

• The same way that Portuguese navigators once looked at the unknown sea and conquered it

• Our new digital navigators must do the same with code.

80

Thanks

Any questions?• @diniscruz • dinis.cruz@owasp.org • http://blog.diniscruz.com/ • https://github.com/DinisCruz • https://leanpub.com/u/diniscruz

82