The security issue that killed a financial product launch - Nicola Sedgwick

Transcript

1. None

2. the security issue that killed a financial product launch
 (that

   was missed by the professional penetration testers and security ‘experts’)

3. #Cukenfest | nicolasedgwick me. (ex)Tester Agile Coach Rocket Scientist Mead

   Maker CultureCon Co-Creator

4. bounty. Image credit https://internetbugbounty.org/ crowd. #Cukenfest | nicolasedgwick

5. crowd. Photo credit Rob Curran on Unsplash #Cukenfest | nicolasedgwick

6. reputation. crowd. #Cukenfest | nicolasedgwick

7. competition. Photo credit Patryk Sobczak on Unsplash crowd. #Cukenfest |

   nicolasedgwick

8. reward. Photo credit Christian Dubovan on Unsplash crowd. #Cukenfest |

   nicolasedgwick

9. story. Photo credit Sharon McCutcheon on Unsplash #Cukenfest | nicolasedgwick

10. vulnerable. Photo credit Mihály Köles on Unsplash story. #Cukenfest |

    nicolasedgwick

11. ethics. story. Photo credit Cristian Newman on Unsplash #Cukenfest |

    nicolasedgwick

12. challenge. Photo credit Luke van Zyl on Unsplash #Cukenfest |

    nicolasedgwick

13. shopping. challenge. Photo credit rawpixel on Unsplash #Cukenfest | nicolasedgwick

14. practicalities. Photo credit Fancycrave on Unsplash challenge. #Cukenfest | nicolasedgwick

15. situation. Photo credit Matt Botsford on Unsplash #Cukenfest | nicolasedgwick

16. owasp. https://www.owasp.org situation. #Cukenfest | nicolasedgwick

17. professionals. Photo credit Hello I'm Nik on Unsplash crowd. #Cukenfest

    | nicolasedgwick

18. tools. situation. #Cukenfest | nicolasedgwick

19. understanding. Photo credit John Carlisle on Unsplash situation. #Cukenfest |

    nicolasedgwick

20. photo. #Cukenfest | nicolasedgwick analysis. Photo credit Luke van Zyl

    on Unsplash #Cukenfest | nicolasedgwick

21. protected. Photo credit Robert Hickerson on Unsp analysis. #Cukenfest |

    nicolasedgwick

22. impenetrable. Photo credit Ben Hershey on Unsplash analysis. #Cukenfest |

    nicolasedgwick

23. landscape. Photo credit Luo Lei on Unsplash analysis. #Cukenfest |

    nicolasedgwick

24. sense. Photo credit Vladislav Klapin on Unspla analysis. #Cukenfest |

    nicolasedgwick

25. hacking. Photo credit Markus Spiske on Unsplash #Cukenfest | nicolasedgwick

26. vulnerability. Photo credit Hans-Peter Gauster on Unsplash hacking. #Cukenfest |

    nicolasedgwick

27. system. Photo credit rawpixel on Unsplash hacking. #Cukenfest | nicolasedgwick

28. transmission. Photo credit Jack Price-Burns on Unsplash hacking. #Cukenfest |

    nicolasedgwick

29. breach. Photo credit Ben Hershey on Unsplash hacking. #Cukenfest |

    nicolasedgwick

30. disbelief. Photo credit Jonathan Hoxmark on Unsplash #Cukenfest | nicolasedgwick

31. denied. Photo credit B J on Unsplash disbelief. #Cukenfest |

    nicolasedgwick

32. perhaps. Photo credit Mike Wilson on Unsplash disbelief. #Cukenfest |

    nicolasedgwick

33. repetition. Photo credit Tine Ivanič on Unsplash #Cukenfest | nicolasedgwick

34. footsteps. Photo credit eberhard grossgasteiger o repetition. #Cukenfest | nicolasedgwick

35. advice. Photo credit Melinda Gimpel on Unsplash repetition. #Cukenfest |

    nicolasedgwick

36. realisation. Photo credit Jez Timms on Unsplash repetition. #Cukenfest |

    nicolasedgwick

37. Photo credit Stephanie Watters Flores on Unsplash outcome. #Cukenfest |

    nicolasedgwick

38. bounty. Photo credit Brian Mann on Unsplash outcome. #Cukenfest |

    nicolasedgwick

39. #Cukenfest | nicolasedgwick takeaways. • You already have the skill

    you need to find security issues
 … your brain! • Critical thinking skills are perfect for locating security problems. • Engage security assessment as part of architecture planning and throughout development.

40. #Cukenfest | nicolasedgwick summary. experts CAN be wrong penetration tests

    are NOT security think security at ALL points this is NOT an isolated situation
41. None