Continuous Security - Paris.rb

Transcript

1. Build Unique Search Experiences Adam Surak SRE & Security Engineer

   [email protected] @AdamSurak Continuous Security

2. @AdamSurak Core Core Core Core Security

3. @AdamSurak Core Core Core Core Core Core

4. @AdamSurak Penetration testing Quality varies Very detailed and understandable outcomes

   Higher price* One shot -> outdated in few hours

5. @AdamSurak Responsive disclosure [email protected] “Give me money!” “Give me money

   or I will not tell you what I’ve found!” How do you send money to India, Pakistan, … ?

6. @AdamSurak Public Bug Bounty Program HackerOne, Bugcrowd, … All the

   reports in one place Protects both reporter and site owner Clean accounting Possible swag-only

7. @AdamSurak 1 year with HackerOne

8. @AdamSurak 1 year with HackerOne 12.2% 42.2% 23.2% 22.4%

9. @AdamSurak All-time vs last 6 months 12.2% 42.2% 23.2% 22.4%

   18.2% 22.9% 13.5% 45.3%

10. @AdamSurak 1 year with HackerOne

11. @AdamSurak All-time vs last 6 months All-time Last 6 months

    Response time 2 days 1 day Resolution time 21 days 11 days Bounties $10,125 $4,000

12. @AdamSurak Learnings PenTesters think differently Beginning is hard Have patience

    with communication You can’t do it best effort There will be noise No matter what, they will use automatic scanners

13. W e are hiring in Paris and SF QUESTIONS? Build

    Unique Search Experiences [email protected] @AdamSurak