Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security First
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Adam Baldwin
September 15, 2013
Technology
0
75
Security First
JSConfEU 2013
Adam Baldwin
September 15, 2013
Tweet
Share
Other Decks in Technology
See All in Technology
コスト削減から「セキュリティと利便性」を担うプラットフォームへ
sansantech
PRO
3
1.3k
AIと新時代を切り拓く。これからのSREとメルカリIBISの挑戦
0gm
0
710
ZOZOにおけるAI活用の現在 ~開発組織全体での取り組みと試行錯誤~
zozotech
PRO
5
4.8k
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
42k
セキュリティについて学ぶ会 / 2026 01 25 Takamatsu WordPress Meetup
rocketmartue
1
290
Digitization部 紹介資料
sansan33
PRO
1
6.8k
Bill One急成長の舞台裏 開発組織が直面した失敗と教訓
sansantech
PRO
1
290
制約が導く迷わない設計 〜 信頼性と運用性を両立するマイナンバー管理システムの実践 〜
bwkw
3
860
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
3k
CDKで始めるTypeScript開発のススメ
tsukuboshi
1
320
プロポーザルに込める段取り八分
shoheimitani
1
170
Oracle Cloud Observability and Management Platform - OCI 運用監視サービス概要 -
oracle4engineer
PRO
2
14k
Featured
See All Featured
Google's AI Overviews - The New Search
badams
0
900
Prompt Engineering for Job Search
mfonobong
0
160
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.4k
Why Our Code Smells
bkeepers
PRO
340
58k
Designing Experiences People Love
moore
144
24k
What's in a price? How to price your products and services
michaelherold
247
13k
Stewardship and Sustainability of Urban and Community Forests
pwiseman
0
110
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
madoxten
56
50k
Information Architects: The Missing Link in Design Systems
soysaucechin
0
770
Between Models and Reality
mayunak
1
180
Speed Design
sergeychernyshev
33
1.5k
jQuery: Nuts, Bolts and Bling
dougneiner
65
8.4k
Transcript
Security First
None
None
Thanks First
Hi, I’m Adam
Hi, I’m Adam @adam_baldwin @liftsecurity @nodesecurity
Hi, I’m Adam @evilpacket
None
andbang.com
andbang.com
None
None
Node Security Project nodesecurity.io
Security First
We’re Fucked
Nothing is 100% Secure.
None
None
Defender Attacker
Defender Attacker
None
Attacker Defender
Software is Hard
Software is full of opinions
None
Mobile First
Mobile First Content First
Mobile First Content First Offline First
Mobile First Content First Offline First SECURITY
Software is full of constraints
Security is one of those
Who’s responsible for security?
Who’s responsible for security? You are.
Why?
None
NSA Spent $25 million on ‘software vulnerabilities’ in 2013
Stay off the menu.
Litigation is coming.
Litigation is coming.
Enough Doom & Gloom already!
Enough Doom & Gloom already!
Something has to change
Let’s build a Security First culture
None
Why do we avoid security?
- Ignorance - Procrastination - Not Exciting work - Not
Rewarded
Education Understand Vulnerabilities
The simple stuff still works.
None
Validation / Sanitization Crypto http://www.matasano.com/articles/crypto-challenges/ http://owasp.org
npm install all the things™
npm install coffeescript
so..ahhh. what else?
Process It’s not immutable
Community Bridge all the worlds http://blog.andyet.com/2013/09/11/shame-and-security
security.md
Homework. - Learn about 1 vuln - Audit some code
- Teach a Friend
confwork? Talk to each other about security...
</PRESENTATION> @adam_baldwin | @LiftSecurity
sansantech
0gm
zozotech
safie_recruit
rocketmartue
sansan33
bwkw
tsukuboshi
shoheimitani
oracle4engineer
badams
mfonobong
marcduiker
bkeepers
moore
michaelherold
pwiseman
madoxten
soysaucechin
mayunak
sergeychernyshev
dougneiner
