Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Velocity Conference Santa Clara 2014 Ignite

Bea Hughes
June 24, 2014
Technology
2
1.1k

Velocity Conference Santa Clara 2014 Ignite

Security - go do this.

Video at https://www.youtube.com/watch?v=8GMIm_Pcxuw

I have a version with notes, which may or may not be more useful. Email/message me if you want them!

Bea Hughes

June 24, 2014
Tweet

More Decks by Bea Hughes

See All by Bea Hughes
"Is security even important?" and other clickbait titles
barnbarn
1
310
Osquery, He Knows Me
barnbarn
0
480
Layer 2 person spoofing and impostor syndrome
barnbarn
2
720
MacOS security, hardening and forensics 101 workshop
barnbarn
2
1.4k
How you a actually get hacked!
barnbarn
7
4.9k
Why won’t my DevOps team talk to my Security team?
barnbarn
3
330
Impostor Syndrome in tech
barnbarn
4
520
SecDevOps: Creating cultural change to bridge between security and DevOps?
barnbarn
3
540
Security for non-Unicorns!
barnbarn
5
1.5k

Other Decks in Technology

See All in Technology
Kafka Consumers at Naver
dongjin
0
180
ChatGPTをプロダクトに入れる開発が"毎日がAfter GPT"だった件/ChatGPT LT Link and Motivation
lmi
1
1.1k
S3からBigQueryへ閉域ネットワーク経由でデータ転送する方法
sbtechnight
PRO
0
370
位置情報ビッグデータの可視化技術の紹介と実社会での活用
sbtechnight
PRO
1
370
リアルとデジタルをつなぐ、Web3社会実装への取り組み
sbtechnight
PRO
0
380
「新卒エンジニアが1年間で顔を売るために取った行動100連発」/YAPC::Kyoto 2023 前日祭 ネコトーストラボ杯争奪東西対抗LTマッチ
arthur1
0
520
NIST SP800-63-4 IPD 63A: Identity Proofing 概要紹介
kthrtty
0
390
竹芝地区のデジタルツイン開発と3D人流シミュレーション開発
sbtechnight
PRO
0
350
CDK使用歴1年の僕が現場でCDK導入するときに得たTips
miura55
0
190
エラーログをAlertで引っ掛けるときにEventTimer使ってみた話
sparty
0
150
Finally_I_can_kichijojipm32
kaznishi
0
150
Wrangler って何だ?-ちょっとよく分からないのでCloudflareのCLIツールを深掘りしてみる-
kentosuzuki
0
200

Featured

See All Featured
Unsuck your backbone
ammeep
659
56k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
152
13k
We Have a Design System, Now What?
morganepeng
37
6k
Reflections from 52 weeks, 52 projects
jeffersonlam
339
18k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
214
12k
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.7k
Large-scale JavaScript Application Architecture
addyosmani
499
110k
Building a Scalable Design System with Sketch
lauravandoore
451
31k
Ruby is Unlike a Banana
tanoku
93
9.6k
10 Git Anti Patterns You Should be Aware of
lemiorhan
643
55k
What’s in a name? Adding method to the madness
productmarketing
PRO
13
2k
5 minutes of I Can Smell Your CMS
philhawksworth
198
18k

Transcript

  1. Security: I Have 5 minutes,
    You Have a Lifetime
    Ben Hughes, Etsy, obviously,
    just look at this slide.

    View Slide

  2. These are real graphs of *something*

    View Slide

  3. Mean Time to PasteBin™

    View Slide

  4. `
    photo by https://secure.flickr.com/photos/asjaboros/

    View Slide

  5. https://secure.flickr.com/photos/izik/
    SSL*
    *(TLS really)

    View Slide

  6. https://secure.flickr.com/photos/refractedmoments/

    View Slide

  7. https://secure.flickr.com/photos/gaby1

    View Slide

  8. https://isTLSfastyet.com/
    Ummm, yeah, fast enough.
    big shout out to the design of this slide.

    View Slide

  9. View Slide

  10. Password hashing: Just use bcrypt.

    View Slide

  11. BUT WHAT ABOUT scrypt/
    PBKDF2/SpecialThing?

    View Slide

  12. Cross Site Request Forgery

    View Slide

  13. And you were worried HTTPS would slow things down…

    View Slide

  14. Multi factor
    authentication
    Awesome taken apart SecureID token by https://www.flickr.com/photos/travisgoodspeed

    View Slide

  15. View Slide

  16. Responsible
    disclosure is
    pretty cool!

    View Slide

  17. The winner takes it all!

    View Slide

  18. Bounty Hunters
    You may want to consider
    their kind of scum.

    View Slide

  19. View Slide

  20. https://github.com/etsy
    http://codeascraft.com/
    @benjammingh
    [email protected]

    View Slide