Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DIY security for the amateur superhero

Laura Bell
August 05, 2016
Technology
0
250

DIY security for the amateur superhero

So the world is a mess. The internet is a toxic wasteland and you and your organisation have decided to fill this space with another application to disrupt the world. Awesome. Sounds like fun. Trouble is, there are a whole range of reasons why this may end badly.For every beautiful system we build, there are equally elegant attacks out there waiting. Boo hoo. We need to take security into our own hands. It's time to defend ourselves and our data, with the only skill we know we can trust - engineering.
Come learn to be a security superhero and learn a range of DIY security approaches to suit any application and operations environment. Manage your vulnerabilities, bring security to your builds and monitor the heck out of your world. Guaranteed vendor device free zone. Bring your skills and let's solve some of your security challenges together.

Laura Bell

August 05, 2016
Tweet

More Decks by Laura Bell

See All by Laura Bell
Hackcon 11 - Protecting our people
ladynerd
0
230
Security in a container based world
ladynerd
0
150
Securing Microservice Architectures
ladynerd
2
350
Better Connected
ladynerd
0
64
Continuous Security
ladynerd
3
1.1k
Automated Human Vulnerability Scanning with AVA
ladynerd
3
2.7k
Blindsided by security
ladynerd
0
92
Practical tools for privacy audit
ladynerd
0
180
For the greater good? Open sourcing weaponisable code
ladynerd
1
320

Other Decks in Technology

See All in Technology
彩の国で始めよう。おっさんエンジニアから共有したい、当たり前のことを当たり前にする技術
otsuki
0
160
クォータ監視、AWS Organizations環境でも楽勝です✌️
iwamot
PRO
1
340
AIにおけるソフトウェアテスト_ver1.00
fumisuke
1
210
Стильный код: натуральный поиск редких атрибутов по картинке. Юлия Антохина, Data Scientist, Lamoda Tech
lamodatech
0
800
Bazel for Ruby (RubyKaigi 2025)
p0deje
0
120
生成AIによるCloud Native基盤構築の可能性と実践的ガードレールの敷設について
nwiizo
7
1.2k
QA/SDETの現在と、これからの挑戦
imtnd
0
150
今日からはじめるプラットフォームエンジニアリング
jacopen
8
1.6k
C++26アップデート 2025-03
faithandbrave
0
1.1k
React ABC Questions
hirotomoyamada
0
540
テストって楽しい!開発を加速させるテストの魅力 / Testing is Fun! The Fascinating of Testing to Accelerate Development
aiandrox
0
110
AWSで作るセキュアな認証基盤with OAuth mTLS / Secure Authentication Infrastructure with OAuth mTLS on AWS
kaminashi
0
190

Featured

See All Featured
Faster Mobile Websites
deanohume
306
31k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
34
2.2k
Speed Design
sergeychernyshev
29
900
A Modern Web Designer's Workflow
chriscoyier
693
190k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
60k
Intergalactic Javascript Robots from Outer Space
tanoku
270
27k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
12k
The Pragmatic Product Professional
lauravandoore
33
6.6k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
23
2.7k
Testing 201, or: Great Expectations
jmmastey
42
7.5k
Code Reviewing Like a Champion
maltzj
522
40k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
104
19k

Transcript

  1. Laura Bell Founder and Lead Consultant - SafeStack @lady_nerd [email protected]

    http:/ /safestack.io DIY Security for the amateur superhero
  2. None
  3. None
  4. None
  5. None
  6. None
  7. None
  8. None
  9. None
  10. None
  11. None

  12. it’s up to you to Detect

  13. Accept Protect Watch Respond Learn

  14. Accept

  15. None

  16. (we love you but seriously…)

  17. You (every single one of us…)

  18. code base development Initial idea Product launch Maturity Initiatives do

    security stuff

  19. Attack Defense help!

  20. Meanwhile in the security industry

  21. None

  22. (like OWASP and Troy Hunt)

  23. (perfect people are liars)

  24. (it’s ok to not know everything)

  25. (and here’s why…)

  26. Protect

  27. None

  28. (YOUR software has security flaws…)

  29. None

  30. (** inception fog horn noise **)

  31. None

  32. technologies

  33. Oh noes.. a wild demo appears OWASP Dependency Checker Libraries.io

  34. § https://libraries.io/ § https://www.owasp.org/index.php/OWASP_Dependen cy_Check

  35. Watch

  36. None

  37. (if you’re not looking)

  38. you

  39. Challenge yours

  40. Security team Managed border devices Budget Management support Erm.. Does

    watching mr robot count? Security Engineering

  41. ?? Wait? Hold on? Logging tools Contextual knowledge Access Incentive

    Security Engineering

  42. All

  43. Application Database Operating system Border devices Cloud tools

  44. destruction

  45. like actually, for real, not just when you’re debugging

  46. if the internet has already done it for you

  47. Be kind demo gods… please LastPass Lambda Logs Sumo Siemonster

    and ELK
  48. None

  49. make kittens cry

  50. can be the cost of DIY

  51. s/real/a real pain in the …/

  52. _sourceCategory=Apache/Acces | extract "\"[A-Z]+ \S+ HTTP/[\d\.]+\" \S+ \S+ \S+ \"(?<agent>[^\"]+?)\""

    | if (agent matches "*MSIE*",1,0) as ie | if (agent matches "*Firefox*",1,0) as firefox | if (agent matches "*Safari*",1,0) as safari | if (agent matches "*Chrome*",1,0) as chrome | sum(ie) as ie, sum(firefox) as firefox, sum(safari) as safari, sum(chrome) as chrome

  53. It’s better to see it coming Even if you can’t

    stop it

  54. § https://github.com/SafeStack/lambda_logs § https://elk-docker.readthedocs.io/ § https://siemonster.com/

  55. Respond

  56. (Incident Response skill isn’t innate)

  57. None
  58. None
  59. None

  60. § http://standards.iso.org/ittf/PubliclyAvailableStandard s/c045170_ISO_IEC_29147_2014.zip § https://github.com/Netflix/SimianArmy/wiki/Chaos- Monkey § https://hackerone.com/ § https://bugcrowd.com/

  61. Learn

  62. None

  63. (Every. Single. Day.)

  64. Security

  65. Accept Protect Watch Respond Learn

  66. Laura Bell Founder and Lead Consultant - SafeStack @lady_nerd [email protected]

    http:/ /safestack.io Questions?