Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The security issue that killed a financial prod...
Search
Cucumber
April 04, 2019
Technology
0
36
The security issue that killed a financial product launch - Nicola Sedgwick
Cucumber
April 04, 2019
Tweet
Share
More Decks by Cucumber
See All by Cucumber
Don't restrict your living documentation to a living documentation - Laurent Py and Vincent Pretre
cucumberbdd
0
60
Examples, Emotion, Entropy - An experience report of working with Cucumber people and methods to make better things and things better - Chris Young
cucumberbdd
0
38
Why silos are corporate chocolate cake - Katherine Kirk
cucumberbdd
0
47
Fighting crime and protecting vulnerable people using Gherkin, autism and a half-built kit car. Jamie Knight and Mike Southgate
cucumberbdd
0
99
Whole team quality: In the same boat or up the creek? - Alex Schladebeck
cucumberbdd
1
120
Between quality and time to market. How to specify and test an application in an agile context with a BDD approach - Christine Groebel
cucumberbdd
0
42
Doodle-Driven Development - Ciaran McNulty
cucumberbdd
0
90
Antifragility or taming the hydra - Katja Obring
cucumberbdd
0
43
Domain Storytelling - How to learn a domain language with examples from healthcare
cucumberbdd
0
37
Other Decks in Technology
See All in Technology
Kiroと学ぶコンテキストエンジニアリング
oikon48
6
9.8k
【初心者向け】ローカルLLMの色々な動かし方まとめ
aratako
7
3.4k
スマートファクトリーの第一歩 〜AWSマネージドサービスで 実現する予知保全と生成AI活用まで
ganota
1
200
下手な強制、ダメ!絶対! 「ガードレール」を「檻」にさせない"ガバナンス"の取り方とは?
tsukaman
2
420
職種の壁を溶かして開発サイクルを高速に回す~情報透明性と職種越境から考えるAIフレンドリーな職種間連携~
daitasu
0
140
未経験者・初心者に贈る!40分でわかるAndroidアプリ開発の今と大事なポイント
operando
3
290
オブザーバビリティが広げる AIOps の世界 / The World of AIOps Expanded by Observability
aoto
PRO
0
330
大「個人開発サービス」時代に僕たちはどう生きるか
sotarok
20
9.6k
2025年になってもまだMySQLが好き
yoku0825
8
4.5k
LLMを搭載したプロダクトの品質保証の模索と学び
qa
0
1k
現場で効くClaude Code ─ 最新動向と企業導入
takaakikakei
1
200
これでもう迷わない!Jetpack Composeの書き方実践ガイド
zozotech
PRO
0
270
Featured
See All Featured
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
800
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
61k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
111
20k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
51
5.6k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
GitHub's CSS Performance
jonrohan
1032
460k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
We Have a Design System, Now What?
morganepeng
53
7.8k
Imperfection Machines: The Place of Print at Facebook
scottboms
268
13k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
229
22k
Six Lessons from altMBA
skipperchong
28
4k
Transcript
None
the security issue that killed a financial product launch (that
was missed by the professional penetration testers and security ‘experts’)
#Cukenfest | nicolasedgwick me. (ex)Tester Agile Coach Rocket Scientist Mead
Maker CultureCon Co-Creator
bounty. Image credit https://internetbugbounty.org/ crowd. #Cukenfest | nicolasedgwick
crowd. Photo credit Rob Curran on Unsplash #Cukenfest | nicolasedgwick
reputation. crowd. #Cukenfest | nicolasedgwick
competition. Photo credit Patryk Sobczak on Unsplash crowd. #Cukenfest |
nicolasedgwick
reward. Photo credit Christian Dubovan on Unsplash crowd. #Cukenfest |
nicolasedgwick
story. Photo credit Sharon McCutcheon on Unsplash #Cukenfest | nicolasedgwick
vulnerable. Photo credit Mihály Köles on Unsplash story. #Cukenfest |
nicolasedgwick
ethics. story. Photo credit Cristian Newman on Unsplash #Cukenfest |
nicolasedgwick
challenge. Photo credit Luke van Zyl on Unsplash #Cukenfest |
nicolasedgwick
shopping. challenge. Photo credit rawpixel on Unsplash #Cukenfest | nicolasedgwick
practicalities. Photo credit Fancycrave on Unsplash challenge. #Cukenfest | nicolasedgwick
situation. Photo credit Matt Botsford on Unsplash #Cukenfest | nicolasedgwick
owasp. https://www.owasp.org situation. #Cukenfest | nicolasedgwick
professionals. Photo credit Hello I'm Nik on Unsplash crowd. #Cukenfest
| nicolasedgwick
tools. situation. #Cukenfest | nicolasedgwick
understanding. Photo credit John Carlisle on Unsplash situation. #Cukenfest |
nicolasedgwick
photo. #Cukenfest | nicolasedgwick analysis. Photo credit Luke van Zyl
on Unsplash #Cukenfest | nicolasedgwick
protected. Photo credit Robert Hickerson on Unsp analysis. #Cukenfest |
nicolasedgwick
impenetrable. Photo credit Ben Hershey on Unsplash analysis. #Cukenfest |
nicolasedgwick
landscape. Photo credit Luo Lei on Unsplash analysis. #Cukenfest |
nicolasedgwick
sense. Photo credit Vladislav Klapin on Unspla analysis. #Cukenfest |
nicolasedgwick
hacking. Photo credit Markus Spiske on Unsplash #Cukenfest | nicolasedgwick
vulnerability. Photo credit Hans-Peter Gauster on Unsplash hacking. #Cukenfest |
nicolasedgwick
system. Photo credit rawpixel on Unsplash hacking. #Cukenfest | nicolasedgwick
transmission. Photo credit Jack Price-Burns on Unsplash hacking. #Cukenfest |
nicolasedgwick
breach. Photo credit Ben Hershey on Unsplash hacking. #Cukenfest |
nicolasedgwick
disbelief. Photo credit Jonathan Hoxmark on Unsplash #Cukenfest | nicolasedgwick
denied. Photo credit B J on Unsplash disbelief. #Cukenfest |
nicolasedgwick
perhaps. Photo credit Mike Wilson on Unsplash disbelief. #Cukenfest |
nicolasedgwick
repetition. Photo credit Tine Ivanič on Unsplash #Cukenfest | nicolasedgwick
footsteps. Photo credit eberhard grossgasteiger o repetition. #Cukenfest | nicolasedgwick
advice. Photo credit Melinda Gimpel on Unsplash repetition. #Cukenfest |
nicolasedgwick
realisation. Photo credit Jez Timms on Unsplash repetition. #Cukenfest |
nicolasedgwick
Photo credit Stephanie Watters Flores on Unsplash outcome. #Cukenfest |
nicolasedgwick
bounty. Photo credit Brian Mann on Unsplash outcome. #Cukenfest |
nicolasedgwick
#Cukenfest | nicolasedgwick takeaways. • You already have the skill
you need to find security issues … your brain! • Critical thinking skills are perfect for locating security problems. • Engage security assessment as part of architecture planning and throughout development.
#Cukenfest | nicolasedgwick summary. experts CAN be wrong penetration tests
are NOT security think security at ALL points this is NOT an isolated situation
None