Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security First

Adam Baldwin
September 15, 2013
Technology
0
71

Security First

JSConfEU 2013

Adam Baldwin

September 15, 2013
Tweet

Other Decks in Technology

See All in Technology
Google Cloud Next '24 Recap(Cloud Run/k8s)
mokocm
0
340
Amplify 🩷 Bedrock 〜生成AI入門〜
minorun365
PRO
8
970
Azureの基本的な権限管理の勉強会
yhana
1
2.1k
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
5
37k
生産性向上チームの紹介
cybozuinsideout
PRO
1
940
Gemini, Google's Large Language Model
glaforge
0
110
R3のコードから見る実践LINQ実装最適化・コンカレントプログラミング実例
neuecc
3
2.9k
EMとして2023年度に頑張ったこと / What we did well in FY2023 as a EM
pauli
1
260
非同期推論システムによるコスト削減と信頼性向上
koki_nishihara
1
370
JAWS-UG Bedrock Claude Night
yamahiro
3
740
Max out Local LLM in Challenging Environments
sashimimochi
1
140
MapLibreとAmazon Location Service
dayjournal
1
190

Featured

See All Featured
Art, The Web, and Tiny UX
lynnandtonic
290
19k
Done Done
chrislema
178
15k
Statistics for Hackers
jakevdp
790
220k
Clear Off the Table
cherdarchuk
85
310k
Designing for humans not robots
tammielis
247
25k
Fontdeck: Realign not Redesign
paulrobertlloyd
76
4.9k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
Rebuilding a faster, lazier Slack
samanthasiow
74
8.2k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
104
6.6k
Building Better People: How to give real-time feedback that sticks.
wjessup
356
18k
Git: the NoSQL Database
bkeepers
PRO
423
63k
Why Our Code Smells
bkeepers
PRO
331
56k

Transcript

  1. Security First

  2. None
  3. None

  4. Thanks First

  5. Hi, I’m Adam

  6. Hi, I’m Adam @adam_baldwin @liftsecurity @nodesecurity

  7. Hi, I’m Adam @evilpacket

  8. None

  9. andbang.com

  10. andbang.com

  11. None
  12. None

  13. Node Security Project nodesecurity.io

  14. Security First

  15. We’re Fucked

  16. Nothing is 100% Secure.

  17. None
  18. None

  19. Defender Attacker

  20. Defender Attacker

  21. None

  22. Attacker Defender

  23. Software is Hard

  24. Software is full of opinions

  25. None

  26. Mobile First

  27. Mobile First Content First

  28. Mobile First Content First Offline First

  29. Mobile First Content First Offline First SECURITY

  30. Software is full of constraints

  31. Security is one of those

  32. Who’s responsible for security?

  33. Who’s responsible for security? You are.

  34. Why?

  35. None

  36. NSA Spent $25 million on ‘software vulnerabilities’ in 2013

  37. Stay off the menu.

  38. Litigation is coming.

  39. Litigation is coming.

  40. Enough Doom & Gloom already!

  41. Enough Doom & Gloom already!

  42. Something has to change

  43. Let’s build a Security First culture

  44. None

  45. Why do we avoid security?

  46. - Ignorance - Procrastination - Not Exciting work - Not

    Rewarded

  47. Education Understand Vulnerabilities

  48. The simple stuff still works.

  49. None

  50. Validation / Sanitization Crypto http://www.matasano.com/articles/crypto-challenges/ http://owasp.org

  51. npm install all the things™

  52. npm install coffeescript

  53. so..ahhh. what else?

  54. Process It’s not immutable

  55. Community Bridge all the worlds http://blog.andyet.com/2013/09/11/shame-and-security

  56. security.md

  57. Homework. - Learn about 1 vuln - Audit some code

    - Teach a Friend

  58. confwork? Talk to each other about security...

  59. </PRESENTATION> @adam_baldwin | @LiftSecurity