Baking Security into your workflow - Early

A more Developer focused security talk, about security and automation.

Tim Nash

January 01, 2017

Tweet

More Decks by Tim Nash

See All by Tim Nash

Testing Fortifications - WordCamp Brighton

0

470

Come to the dark side, they have cookies

0

1.3k

Come to the dark side

0

68

Practical WordPress Security 2018

0

410

Practical WordPress Security

0

1.7k

0

1k

Security is Everyone responsibility

0

1.1k

Other Decks in Programming

See All in Programming

AI & Enginnering

0

110

例外処理とどう使い分ける？Result型を使ったエラー設計 #burikaigi

16

6.1k

Best-Practices-for-Cortex-Analyst-and-AI-Agent

1

100

AIによるイベントストーミング図からのコード生成 / AI-powered code generation from Event Storming diagrams

2

1.9k

それ、本当に安全？ファイルアップロードで見落としがちなセキュリティリスクと対策

7

3.9k

「ブロックテーマでは再現できない」は本当か？

0

980

AI巻き込み型コードレビューのススメ

1

230

15年続くIoTサービスのSREエンジニアが挑む分散トレーシング導入

2

200

高速開発のためのコード整理術

1

400

なるべく楽してバックエンドに型をつけたい！(楽とは言ってない)

0

140

コントリビューターによるDenoのすゝめ / Deno Recommendations by a Contributor

0

200

MDN Web Docs に日本語翻訳でコントリビュート

0

650

Featured

See All Featured

Building Flexible Design Systems

yeseniaperezcruz

330

40k

Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum

0

320

Rebuilding a faster, lazier Slack

85

9.4k

Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf

0

450

Public Speaking Without Barfing On Your Shoes - THAT 2023

1

310

Designing Dashboards & Data Visualisations in Web Apps

231

54k

Design and Strategy: How to Deal with People Who Don’t "Get" Design

133

19k

The Mindset for Success: Future Career Progression

PRO

0

240

The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)

PRO

0

240

Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]

11

830

From π to Pie charts

0

120

Raft: Consensus for Rubyists

141

7.3k

Transcript

Baking Security  In To Your Workﬂow Tim Nash - @tnash
None
What is security?
Governance Security
Who is responsible?
YOU! [insert picture of crowd here]
What’s in scope?
Production
Staging?
Staging? Development?
Global workplace?
None
None
“I am not in the ofﬁce at the moment. Send
any work to be translated”
Education, Education, Education
Tooling
Burp Suite OWASP Zap w3af sqlmap wfuzz Arachni
Automating security
You already do tests right?
Mittn BDD-Security gauntlt
Or use your existing tools
Keeping Secrets Safe
Vault credstash git crypt
Logging and Audit trails
Serverless Infrastructure
Containers & Orchestration
“Developers focus on solving a problem, security looks at what
else those solutions can be used for” Mark Nunnikhoven
Be a chaos monkey
None
Photo credits: Siobhan Hancock Daniel Foster David Goehring Jim Lukach
Rich Savage Stephen Bowler Found Art Photography Martin Kriebernegg Alvaro Carou Jumilia
WordPress Hosting Experts
Tim Nash @tnash timnash.co.uk @34SP  34SP.com