Velocity Conference Santa Clara 2014 Ignite

Velocity Conference Santa Clara 2014 Ignite

Security - go do this.

Video at https://www.youtube.com/watch?v=8GMIm_Pcxuw

I have a version with notes, which may or may not be more useful. Email/message me if you want them!

C7bf554286ede7cb2786b5b19649c19b?s=128

Bea Hughes

June 24, 2014
Tweet

Transcript

  1. Security: I Have 5 minutes, You Have a Lifetime Ben

    Hughes, Etsy, obviously, just look at this slide.
  2. These are real graphs of *something*

  3. Mean Time to PasteBin™

  4. ` photo by https://secure.flickr.com/photos/asjaboros/

  5. https://secure.flickr.com/photos/izik/ SSL* *(TLS really)

  6. https://secure.flickr.com/photos/refractedmoments/

  7. https://secure.flickr.com/photos/gaby1

  8. https://isTLSfastyet.com/ Ummm, yeah, fast enough. big shout out to the

    design of this slide.
  9. None
  10. Password hashing: Just use bcrypt.

  11. BUT WHAT ABOUT scrypt/ PBKDF2/SpecialThing?

  12. Cross Site Request Forgery

  13. And you were worried HTTPS would slow things down…

  14. Multi factor authentication Awesome taken apart SecureID token by https://www.flickr.com/photos/travisgoodspeed

  15. None
  16. Responsible disclosure is pretty cool!

  17. The winner takes it all!

  18. Bounty Hunters You may want to consider their kind of

    scum.
  19. None
  20. https://github.com/etsy http://codeascraft.com/ @benjammingh ben@etsy.com