Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security First

Avatar for Adam Baldwin Adam Baldwin
September 15, 2013
Technology
0
75

Security First

JSConfEU 2013

Avatar for Adam Baldwin

Adam Baldwin

September 15, 2013
Tweet

Other Decks in Technology

See All in Technology
なぜ今、コスト最適化(倹約)が必要なのか? ~AWSでのコスト最適化の進め方「目的編」~
Avatar for Hayato Tan htan
1
110
ZOZOにおけるAI活用の現在 ~開発組織全体での取り組みと試行錯誤~
Avatar for ZOZO Developers zozotech
PRO
4
4.8k
MySQLのJSON機能の活用術
Avatar for mikoma ikomachi226
0
150
会社紹介資料 / Sansan Company Profile
Avatar for Sansan, Inc. sansan33
PRO
15
400k
AzureでのIaC - Bicep? Terraform? それ早く言ってよ会議
Avatar for Toru Makabe torumakabe
1
230
IaaS/SaaS管理における SREの実践 - SRE Kaigi 2026
Avatar for Shun bbqallstars
4
1.6k
入社1ヶ月でデータパイプライン講座を作った話
Avatar for Yuta Ozaki waiwai2111
1
230
Bill One急成長の舞台裏 開発組織が直面した失敗と教訓
Avatar for SansanTech sansantech
PRO
1
280
GitLab Duo Agent Platform × AGENTS.md で実現するSpec-Driven Development / GitLab Duo Agent Platform × AGENTS.md
Avatar for Niishi Kubo n11sh1
0
120
Tebiki Engineering Team Deck
Avatar for Tebiki, Inc. tebiki
0
24k
(金融庁共催)第4回金融データ活用チャレンジ勉強会資料
Avatar for tak takumimukaiyama
0
120
Agile Leadership Summit Keynote 2026
Avatar for seki at druby.org m_seki
1
350

Featured

See All Featured
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
Avatar for Akash Hashmi akashhashmi
0
270
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
698
190k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
55
12k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
Avatar for Marc Duiker marcduiker
35
2.4k
Joys of Absence: A Defence of Solitary Play
Avatar for Sebastian Deterding codingconduct
1
290
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
287
14k
Tell your own story through comics
Avatar for letsgokoyo letsgokoyo
1
800
More Than Pixels: Becoming A User Experience Designer
Avatar for Michelle Schulp Hunt marktimemedia
3
320
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
12
1.4k
Getting science done with accelerated Python computing platforms
Avatar for Jacob Tomlinson jacobtomlinson
2
110
KATA
Avatar for Megan Lloyd mclloyd
PRO
34
15k
Primal Persuasion: How to Engage the Brain for Learning That Lasts
Avatar for Mike Taylor tmiket
0
240

Transcript

  1. Security First

  2. None
  3. None

  4. Thanks First

  5. Hi, I’m Adam

  6. Hi, I’m Adam @adam_baldwin @liftsecurity @nodesecurity

  7. Hi, I’m Adam @evilpacket

  8. None

  9. andbang.com

  10. andbang.com

  11. None
  12. None

  13. Node Security Project nodesecurity.io

  14. Security First

  15. We’re Fucked

  16. Nothing is 100% Secure.

  17. None
  18. None

  19. Defender Attacker

  20. Defender Attacker

  21. None

  22. Attacker Defender

  23. Software is Hard

  24. Software is full of opinions

  25. None

  26. Mobile First

  27. Mobile First Content First

  28. Mobile First Content First Offline First

  29. Mobile First Content First Offline First SECURITY

  30. Software is full of constraints

  31. Security is one of those

  32. Who’s responsible for security?

  33. Who’s responsible for security? You are.

  34. Why?

  35. None

  36. NSA Spent $25 million on ‘software vulnerabilities’ in 2013

  37. Stay off the menu.

  38. Litigation is coming.

  39. Litigation is coming.

  40. Enough Doom & Gloom already!

  41. Enough Doom & Gloom already!

  42. Something has to change

  43. Let’s build a Security First culture

  44. None

  45. Why do we avoid security?

  46. - Ignorance - Procrastination - Not Exciting work - Not

    Rewarded

  47. Education Understand Vulnerabilities

  48. The simple stuff still works.

  49. None

  50. Validation / Sanitization Crypto http://www.matasano.com/articles/crypto-challenges/ http://owasp.org

  51. npm install all the things™

  52. npm install coffeescript

  53. so..ahhh. what else?

  54. Process It’s not immutable

  55. Community Bridge all the worlds http://blog.andyet.com/2013/09/11/shame-and-security

  56. security.md

  57. Homework. - Learn about 1 vuln - Audit some code

    - Teach a Friend

  58. confwork? Talk to each other about security...

  59. </PRESENTATION> @adam_baldwin | @LiftSecurity