Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security First

Avatar for Adam Baldwin Adam Baldwin
September 15, 2013
Technology
0
75

Security First

JSConfEU 2013

Avatar for Adam Baldwin

Adam Baldwin

September 15, 2013
Tweet

Other Decks in Technology

See All in Technology
~Everything as Codeを諦めない~ 後からCDK
Avatar for mu7889yoon / Yuta Nakamura mu7889yoon
3
270
SREが向き合う大規模リアーキテクチャ 〜信頼性とアジリティの両立〜
Avatar for Kuniaki Moriya zepprix
0
400
制約が導く迷わない設計 〜 信頼性と運用性を両立するマイナンバー管理システムの実践 〜
Avatar for ないとー bwkw
3
860
使いにくいの壁を突破する
Avatar for SansanTech sansantech
PRO
1
120
All About Sansan – for New Global Engineers
Avatar for Sansan, Inc. sansan33
PRO
1
1.3k
入社1ヶ月でデータパイプライン講座を作った話
Avatar for Yuta Ozaki waiwai2111
1
240
usermode linux without MMU - fosdem2026 kernel devroom
Avatar for Hajime Tazaki thehajime
0
210
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
Avatar for Sansan, Inc. sansan33
PRO
0
3k
セキュリティについて学ぶ会 / 2026 01 25 Takamatsu WordPress Meetup
Avatar for Rocket Martue rocketmartue
1
290
会社紹介資料 / Sansan Company Profile
Avatar for Sansan, Inc. sansan33
PRO
15
400k
GitHub Issue Templates + Coding Agentで簡単みんなでIaC/Easy IaC for Everyone with GitHub Issue Templates + Coding Agent
Avatar for AEON aeonpeople
1
180
オープンウェイトのLLMリランカーを契約書で評価する / searchtechjp
Avatar for Sansan R&D sansan_randd
3
650

Featured

See All Featured
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
77
5.2k
AI in Enterprises - Java and Open Source to the Rescue
Avatar for ivargrimstad ivargrimstad
0
1.1k
Mind Mapping
Avatar for Hélio Medeiros helmedeiros
PRO
0
77
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
5
880
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.8k
The Mindset for Success: Future Career Progression
Avatar for Greg Gifford greggifford
PRO
0
230
Git: the NoSQL Database
Avatar for Brandon Keepers bkeepers
PRO
432
66k
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
Avatar for Tech SEO Connect techseoconnect
PRO
0
100
30 Presentation Tips
Avatar for Ian Lurie portentint
PRO
1
210
A Guide to Academic Writing Using Generative AI - A Workshop
Avatar for Kenji Saito ks91
PRO
0
190
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
9.1k
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
348
40k

Transcript

  1. Security First

  2. None
  3. None

  4. Thanks First

  5. Hi, I’m Adam

  6. Hi, I’m Adam @adam_baldwin @liftsecurity @nodesecurity

  7. Hi, I’m Adam @evilpacket

  8. None

  9. andbang.com

  10. andbang.com

  11. None
  12. None

  13. Node Security Project nodesecurity.io

  14. Security First

  15. We’re Fucked

  16. Nothing is 100% Secure.

  17. None
  18. None

  19. Defender Attacker

  20. Defender Attacker

  21. None

  22. Attacker Defender

  23. Software is Hard

  24. Software is full of opinions

  25. None

  26. Mobile First

  27. Mobile First Content First

  28. Mobile First Content First Offline First

  29. Mobile First Content First Offline First SECURITY

  30. Software is full of constraints

  31. Security is one of those

  32. Who’s responsible for security?

  33. Who’s responsible for security? You are.

  34. Why?

  35. None

  36. NSA Spent $25 million on ‘software vulnerabilities’ in 2013

  37. Stay off the menu.

  38. Litigation is coming.

  39. Litigation is coming.

  40. Enough Doom & Gloom already!

  41. Enough Doom & Gloom already!

  42. Something has to change

  43. Let’s build a Security First culture

  44. None

  45. Why do we avoid security?

  46. - Ignorance - Procrastination - Not Exciting work - Not

    Rewarded

  47. Education Understand Vulnerabilities

  48. The simple stuff still works.

  49. None

  50. Validation / Sanitization Crypto http://www.matasano.com/articles/crypto-challenges/ http://owasp.org

  51. npm install all the things™

  52. npm install coffeescript

  53. so..ahhh. what else?

  54. Process It’s not immutable

  55. Community Bridge all the worlds http://blog.andyet.com/2013/09/11/shame-and-security

  56. security.md

  57. Homework. - Learn about 1 vuln - Audit some code

    - Teach a Friend

  58. confwork? Talk to each other about security...

  59. </PRESENTATION> @adam_baldwin | @LiftSecurity