Save 37% off PRO during our Black Friday Sale! »

Prioritizing Trust while Creating Applications

Prioritizing Trust while Creating Applications

Managing risk needs to scale as your product grows in popularity and complexity. In traditional software development, security was often treated as a last gating factor at best and post-incident concern at worst. You need to shift your security processes left—in other words, earlier in the development lifecycle. The cost of applying security practices too late can be catastrophic to a company, leading to the loss of customer trust and affecting the bottom line.

Join Jennifer Davis to gain an overview of security tools and practices to adopt, including the CIA triad and why security matters, motivations of attackers, core foundation practices, defense in depth, threat modeling, making choices in your architecture based on operational concern, testing code, coding standards, securing code reviews, handling incidents, and advanced practices such as bug bounty problems, capture the flag, and red team exercises.

9e76c1b7e657dfdb8eef1214c02ca79f?s=128

Jennifer Davis

November 06, 2019
Tweet

Transcript

  1. None
  2. None
  3. Trust

  4. Framework Choice

  5. https://haveibeenpwned.com/

  6. None
  7. @sigje

  8. Discovery Development Build Release Deploy Monitor

  9. None
  10. @sigje

  11. Common Context

  12. @sigje

  13. None
  14. None
  15. Foundations

  16. None
  17. None
  18. OWASP: Application Security Verification Standard Project

  19. None
  20. None
  21. Serverless Software Platform Infrastructure On-Prem

  22. None
  23. None
  24. Source: https://www.imperialviolet.org/2014/02/22/applebug.html

  25. None
  26. None
  27. Minimum Viable Response Plan: jhand.co/CreateResponsePlan

  28. None
  29. None
  30. None
  31. Discovery Development Build Release Deploy Monitor

  32. Advanced Topics

  33. None
  34. CTF with Google CTF Circle

  35. “Fundamentally, if somebody wants to get in, they’re getting in…accept

    that. What we tell clients is: Number one, you’re in the fight, whether you thought you were or not. Number two, you almost certainly are penetrated.”
  36. None
  37. @sigje

  38. Build Community. Bit Community by Ashley McNamara is licensed under

    CC BY-NC-SA 4.0
  39. Session page on conference website