Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Velocity Conference Santa Clara 2014 Ignite

Velocity Conference Santa Clara 2014 Ignite

Security - go do this.

Video at https://www.youtube.com/watch?v=8GMIm_Pcxuw

I have a version with notes, which may or may not be more useful. Email/message me if you want them!


Bea Hughes

June 24, 2014


  1. Security: I Have 5 minutes, You Have a Lifetime Ben

    Hughes, Etsy, obviously, just look at this slide.
  2. These are real graphs of *something*

  3. Mean Time to PasteBin™

  4. ` photo by https://secure.flickr.com/photos/asjaboros/

  5. https://secure.flickr.com/photos/izik/ SSL* *(TLS really)

  6. https://secure.flickr.com/photos/refractedmoments/

  7. https://secure.flickr.com/photos/gaby1

  8. https://isTLSfastyet.com/ Ummm, yeah, fast enough. big shout out to the

    design of this slide.
  9. None
  10. Password hashing: Just use bcrypt.

  11. BUT WHAT ABOUT scrypt/ PBKDF2/SpecialThing?

  12. Cross Site Request Forgery

  13. And you were worried HTTPS would slow things down…

  14. Multi factor authentication Awesome taken apart SecureID token by https://www.flickr.com/photos/travisgoodspeed

  15. None
  16. Responsible disclosure is pretty cool!

  17. The winner takes it all!

  18. Bounty Hunters You may want to consider their kind of

  19. None
  20. https://github.com/etsy http://codeascraft.com/ @benjammingh ben@etsy.com