• Team: Ninja Unicorns (And a little bit of CCS) • Community admin (Slack & Forum) • I maintain the StripeSlackBot • That’s Python , SilverStripe 4 & Solr • Author of MFA modules for SilverStripe 3 & 4 • Cat owner • Hans the cow is my mascotte • I have a zoo on my desk • Scarily obsessed with security • Also Solr and search in general • LEGO! • Born Dutch (expect cursing) • Originator and former organizer of StripeCon EU • I wonder how much I can fit on a single slide • Yes, this is on purpose • Bribable with Whisk(e)y, beer or LEGO That’s me ➡ Although, I’m standing right over here, if you hadn’t noticed. That’s my cat, Marika ⬇ That’s Hans ➡ The zoo ⬇ ⬅ Apollo 13 Saturn V LEGO rocket!
breached. If not today, it’ll be tomorrow • Preparing for the worst is better than hoping for the best • Most breaches are due to bad practices by (in no particular order): • SysOps • DevOps • Software Engineers • Clients • End users • CMS Users • Bad password practices • Not using a password manager Simon `Firesphere` Erkelens | 2018
• Explain to your client why • Explain the benefits • DO NOT EVER disable pasting of passwords in password fields • Suggest them to your client, here are a few: • BitWarden (My favourite, I’m not being paid to say this) • 1Password • LastPass Simon `Firesphere` Erkelens | 2018
for “Secure Connection” • Try visiting an http site on hotel wifi and compare it to https • See screenshots on next slide • Let’s Encrypt • CertBot, ACME2, Secure updates… Let’s Encrypt • Don’t go EV, never go EV • Seriously, it’s a waste of money nowadays • Keep your certificates up to date • CertBot does that for you • Register as HSTS • Force HTTPS across your entire site • Show your clients Troy Hunt’s demo if they are not sure Simon `Firesphere` Erkelens | 2018
little bit • Check new passwords against known breaches • Block known breached passwords • Doesn’t matter if it wasn’t a breach from your site • Don’t reuse your passwords • Don’t expire passwords • No, seriously, don’t expire passwords • Unless they’re breached that is Simon `Firesphere` Erkelens | 2018