Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Twubhubbook - it's like appsec, but for startups (without notes)

Twubhubbook - it's like appsec, but for startups (without notes)

Neil Matatall

January 24, 2017
Tweet

More Decks by Neil Matatall

Other Decks in Technology

Transcript

  1. I T ’ S L I K E A P

    P S E C , B U T F O R S T A R T U P S TWUBHUBOOK
  2. Originally from the bay, Brent spends his time doing all

    the fun things LA has to offer while he longs for the days when he can move back home. Finally has a twitter account. a.k.a. @brentjo on GitHub @gsmbj on twitter Brent Johnson TROJAN. BOUNTY TRIAGE EXPERT. BUSINESS LOGIC FLAWS ARE HIS FRIEND.
  3. W H A T ’ S A T W U

    B H U B B O O K Greenfield In many disciplines a greenfield project is one that lacks constraints imposed by prior work. The analogy is to that of construction on greenfield land where there is no need to work within the constraints of existing buildings or infrastructure - Wikipedia
  4. W H A T ’ S A T W U

    B H U B B O O K C O N T ’ D Young application Think pre-pre-pre-pre-pre-IPO.
  5. W H A T ’ S A T W U

    B H U B B O O K C O N T ’ D Mature application
  6. The Future: 2025 D A Y O N E O

    N T H E J O B Oddly, the mannequin challenge is still even in 2025.
  7. 2 4 | Agree on acceptable technology | Always stay

    current | Review architecture | Code review culture
  8. 4 | Agree on acceptable technology | Always stay current

    | Review architecture | Code review culture
  9. 4 | Agree on acceptable technology | Always stay current

    | Review architecture | Code review culture
  10. | Agree on acceptable technology | Always stay current |

    Review architecture | Code review culture
  11. B E I N T H E B U S

    I N E S S O F P R E V E N T I O N SECURITY DOES NOT HAVE TIME TO FIX OR FIND BUGS
  12. W E ’ R E H E R E T

    O S A Y “ B E C A R E F U L ” SECURITY IS NOT HERE TO SAY “NO”
  13. The game has changed, strategies must be updated. PROCESSES MUST

    SCALE CULTURE MUST STAY STRONG FLEXIBILITY IS IMPORTANT
  14. The security team grows D A Y ? ? ?

    O F ? ? ? Mommy, wow! I’m a big kid now.
  15. | FRAMEWORK HARDENING 2 4 3 1 | COLLAB WITH

    STANDARDS BODIES | SHARED RESPONSIBILITY
  16. I HEARD YOU HAD TO WRITE A FIFO CACHE IN

    COLLEGE — CAN YOU REVIEW THIS MIPS CODE OUR CORE BUSINESS OPS NOW DEPEND ON? Stack Diversifies
  17. “STARTING UP SECURITY” - RYAN MCGEEHAN HTTPS://MEDIUM.COM/STARTING-UP-SECURITY “THE SAAS CTO

    SECURITY CHECKLIST” - SQREEN HTTP://CTO-SECURITY-CHECKLIST.SQREEN.IO/ Further Reading