Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Continuous Security - Paris.rb

Adam Surak
October 04, 2016
Technology
2
120

Continuous Security - Paris.rb

Talk about how we use public bug bounty program to continuously test our security and our experience with HackerOne for more than a year.

Adam Surak

October 04, 2016
Tweet

More Decks by Adam Surak

See All by Adam Surak
Own your reliability - Velocity Amsterdam 2016
adamsurak
2
560
Own your reliability - Amsterdam
adamsurak
1
100
Own your reliability - Tech Summit 2016
adamsurak
1
150

Other Decks in Technology

See All in Technology
[OpsJAWS Meetup33 AIOps] Amazon Bedrockガードレールで守る安全なAI運用
akiratameto
1
130
Cracking the Coding Interview 6th Edition
gdplabs
14
28k
Amazon Q Developerの無料利用枠を使い倒してHello worldを表示させよう!
nrinetcom
PRO
2
120
"TEAM"を導入したら最高のエンジニア"Team"を実現できた / Deploying "TEAM" and Building the Best Engineering "Team"
yuj1osm
1
230
JavaにおけるNull非許容性
skrb
2
2.7k
Platform Engineeringで クラウドの「楽しくない」を解消しよう
jacopen
4
180
ABWG2024採択者が語るエンジニアとしての自分自身の見つけ方〜発信して、つながって、世界を広げていく〜
maimyyym
1
200
Apache Iceberg Case Study in LY Corporation
lycorptech_jp
PRO
0
360
株式会社Awarefy(アウェアファイ)会社説明資料 / Awarefy-Company-Deck
awarefy
3
11k
いまからでも遅くない!コンテナでWebアプリを動かしてみよう!コンテナハンズオン編
nomu
0
170
E2Eテスト自動化入門
devops_vtj
1
110
Qiita Organizationを導入したら、アウトプッターが爆増して会社がちょっと有名になった件
minorun365
PRO
1
300

Featured

See All Featured
Faster Mobile Websites
deanohume
306
31k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Fontdeck: Realign not Redesign
paulrobertlloyd
83
5.4k
For a Future-Friendly Web
brad_frost
176
9.6k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
193
16k
Become a Pro
speakerdeck
PRO
26
5.2k
Being A Developer After 40
akosma
89
590k
Rebuilding a faster, lazier Slack
samanthasiow
80
8.9k
Designing on Purpose - Digital PM Summit 2013
jponch
117
7.1k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.2k

Transcript

  1. Build Unique Search Experiences Adam Surak SRE & Security Engineer

    adam.surak@algolia.com @AdamSurak Continuous Security

  2. @AdamSurak Core Core Core Core Security

  3. @AdamSurak Core Core Core Core Core Core

  4. @AdamSurak Penetration testing Quality varies Very detailed and understandable outcomes

    Higher price* One shot -> outdated in few hours

  5. @AdamSurak Responsive disclosure security@algolia.com “Give me money!” “Give me money

    or I will not tell you what I’ve found!” How do you send money to India, Pakistan, … ?

  6. @AdamSurak Public Bug Bounty Program HackerOne, Bugcrowd, … All the

    reports in one place Protects both reporter and site owner Clean accounting Possible swag-only

  7. @AdamSurak 1 year with HackerOne

  8. @AdamSurak 1 year with HackerOne 12.2% 42.2% 23.2% 22.4%

  9. @AdamSurak All-time vs last 6 months 12.2% 42.2% 23.2% 22.4%

    18.2% 22.9% 13.5% 45.3%

  10. @AdamSurak 1 year with HackerOne

  11. @AdamSurak All-time vs last 6 months All-time Last 6 months

    Response time 2 days 1 day Resolution time 21 days 11 days Bounties $10,125 $4,000

  12. @AdamSurak Learnings PenTesters think differently Beginning is hard Have patience

    with communication You can’t do it best effort There will be noise No matter what, they will use automatic scanners

  13. W e are hiring in Paris and SF QUESTIONS? Build

    Unique Search Experiences adam@algolia.com @AdamSurak