Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Prioritizing Trust while Creating Applications

Prioritizing Trust while Creating Applications

Managing risk needs to scale as your product grows in popularity and complexity. In traditional software development, security was often treated as a last gating factor at best and post-incident concern at worst. You need to shift your security processes left—in other words, earlier in the development lifecycle. The cost of applying security practices too late can be catastrophic to a company, leading to the loss of customer trust and affecting the bottom line.

Join Jennifer Davis to gain an overview of security tools and practices to adopt, including the CIA triad and why security matters, motivations of attackers, core foundation practices, defense in depth, threat modeling, making choices in your architecture based on operational concern, testing code, coding standards, securing code reviews, handling incidents, and advanced practices such as bug bounty problems, capture the flag, and red team exercises.

Jennifer Davis

November 06, 2019
Tweet

More Decks by Jennifer Davis

Other Decks in Technology

Transcript

  1. Framework
    Choice

    View full-size slide

  2. https://haveibeenpwned.com/

    View full-size slide

  3. Discovery
    Development
    Build
    Release
    Deploy
    Monitor

    View full-size slide

  4. Common
    Context

    View full-size slide

  5. OWASP:
    Application Security Verification Standard Project

    View full-size slide

  6. Serverless
    Software
    Platform
    Infrastructure
    On-Prem

    View full-size slide

  7. Source: https://www.imperialviolet.org/2014/02/22/applebug.html

    View full-size slide

  8. Minimum Viable Response Plan: jhand.co/CreateResponsePlan

    View full-size slide

  9. Discovery
    Development
    Build
    Release
    Deploy
    Monitor

    View full-size slide

  10. Advanced
    Topics

    View full-size slide

  11. CTF with Google
    CTF Circle

    View full-size slide

  12. “Fundamentally, if somebody wants
    to get in, they’re getting in…accept
    that. What we tell clients is:
    Number one, you’re in the fight,
    whether you thought you were or
    not. Number two, you almost
    certainly are penetrated.”

    View full-size slide

  13. Build
    Community.
    Bit Community by Ashley McNamara is licensed under CC BY-NC-SA 4.0

    View full-size slide

  14. Session page on conference website

    View full-size slide