Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security First
Search
Adam Baldwin
September 15, 2013
Technology
0
71
Security First
JSConfEU 2013
Adam Baldwin
September 15, 2013
Tweet
Share
Other Decks in Technology
See All in Technology
Google Cloud Next '24 Recap(Cloud Run/k8s)
mokocm
0
340
Amplify 🩷 Bedrock 〜生成AI入門〜
minorun365
PRO
8
970
Azureの基本的な権限管理の勉強会
yhana
1
2.1k
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
5
37k
生産性向上チームの紹介
cybozuinsideout
PRO
1
940
Gemini, Google's Large Language Model
glaforge
0
110
R3のコードから見る実践LINQ実装最適化・コンカレントプログラミング実例
neuecc
3
2.9k
EMとして2023年度に頑張ったこと / What we did well in FY2023 as a EM
pauli
1
260
非同期推論システムによるコスト削減と信頼性向上
koki_nishihara
1
370
JAWS-UG Bedrock Claude Night
yamahiro
3
740
Max out Local LLM in Challenging Environments
sashimimochi
1
140
MapLibreとAmazon Location Service
dayjournal
1
190
Featured
See All Featured
Art, The Web, and Tiny UX
lynnandtonic
290
19k
Done Done
chrislema
178
15k
Statistics for Hackers
jakevdp
790
220k
Clear Off the Table
cherdarchuk
85
310k
Designing for humans not robots
tammielis
247
25k
Fontdeck: Realign not Redesign
paulrobertlloyd
76
4.9k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
Rebuilding a faster, lazier Slack
samanthasiow
74
8.2k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
104
6.6k
Building Better People: How to give real-time feedback that sticks.
wjessup
356
18k
Git: the NoSQL Database
bkeepers
PRO
423
63k
Why Our Code Smells
bkeepers
PRO
331
56k
Transcript
Security First
None
None
Thanks First
Hi, I’m Adam
Hi, I’m Adam @adam_baldwin @liftsecurity @nodesecurity
Hi, I’m Adam @evilpacket
None
andbang.com
andbang.com
None
None
Node Security Project nodesecurity.io
Security First
We’re Fucked
Nothing is 100% Secure.
None
None
Defender Attacker
Defender Attacker
None
Attacker Defender
Software is Hard
Software is full of opinions
None
Mobile First
Mobile First Content First
Mobile First Content First Offline First
Mobile First Content First Offline First SECURITY
Software is full of constraints
Security is one of those
Who’s responsible for security?
Who’s responsible for security? You are.
Why?
None
NSA Spent $25 million on ‘software vulnerabilities’ in 2013
Stay off the menu.
Litigation is coming.
Litigation is coming.
Enough Doom & Gloom already!
Enough Doom & Gloom already!
Something has to change
Let’s build a Security First culture
None
Why do we avoid security?
- Ignorance - Procrastination - Not Exciting work - Not
Rewarded
Education Understand Vulnerabilities
The simple stuff still works.
None
Validation / Sanitization Crypto http://www.matasano.com/articles/crypto-challenges/ http://owasp.org
npm install all the things™
npm install coffeescript
so..ahhh. what else?
Process It’s not immutable
Community Bridge all the worlds http://blog.andyet.com/2013/09/11/shame-and-security
security.md
Homework. - Learn about 1 vuln - Audit some code
- Teach a Friend
confwork? Talk to each other about security...
</PRESENTATION> @adam_baldwin | @LiftSecurity