Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DIY security for the amateur superhero

Laura Bell
August 05, 2016
Technology
0
220

DIY security for the amateur superhero

So the world is a mess. The internet is a toxic wasteland and you and your organisation have decided to fill this space with another application to disrupt the world. Awesome. Sounds like fun. Trouble is, there are a whole range of reasons why this may end badly.For every beautiful system we build, there are equally elegant attacks out there waiting. Boo hoo. We need to take security into our own hands. It's time to defend ourselves and our data, with the only skill we know we can trust - engineering.
Come learn to be a security superhero and learn a range of DIY security approaches to suit any application and operations environment. Manage your vulnerabilities, bring security to your builds and monitor the heck out of your world. Guaranteed vendor device free zone. Bring your skills and let's solve some of your security challenges together.

Laura Bell

August 05, 2016
Tweet

More Decks by Laura Bell

See All by Laura Bell
Hackcon 11 - Protecting our people
ladynerd
0
220
Security in a container based world
ladynerd
0
130
Securing Microservice Architectures
ladynerd
2
340
Better Connected
ladynerd
0
52
Continuous Security
ladynerd
3
1.1k
Automated Human Vulnerability Scanning with AVA
ladynerd
3
2.6k
Blindsided by security
ladynerd
0
79
Practical tools for privacy audit
ladynerd
0
170
For the greater good? Open sourcing weaponisable code
ladynerd
1
300

Other Decks in Technology

See All in Technology
グローバル展開を見据えたサービスにおける機械翻訳プラクティス / dp-ai-translating
cyberagentdevelopers
PRO
1
150
APIテスト自動化の勘所
yokawasa
7
4.2k
Shift-from-React-to-Vue
calm1205
3
1.3k
CyberAgent 生成AI Deep Dive with Amazon Web Services / genai-aws
cyberagentdevelopers
PRO
1
480
10分でわかるfreeeのQA
freee
1
3.4k
2024-10-30-reInventStandby_StudyGroup_Intro
shinichirokawano
1
640
ガチ勢によるPipeCD運用大全〜滑らかなCI/CDを添えて〜 / ai-pipecd-encyclopedia
cyberagentdevelopers
PRO
3
210
AIを駆使したゲーム開発戦略: 新設AI組織の取り組み / sge-ai-strategy
cyberagentdevelopers
PRO
1
130
【若手エンジニア応援LT会】AWSで繋がり、共に成長! ~コミュニティ活動と新人教育への挑戦~
kazushi_ohata
0
180
【若手エンジニア応援LT会】AWS Security Hubの活用に苦労した話
kazushi_ohata
0
170
プロダクトチームへのSystem Risk Records導入・運用事例の紹介/Introduction and Case Studies on Implementing and Operating System Risk Records for Product Teams
taddy_919
1
170
Amazon FSx for NetApp ONTAPを利用するにあたっての要件整理と設計のポイント
non97
1
160

Featured

See All Featured
10 Git Anti Patterns You Should be Aware of
lemiorhan
654
59k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.2k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
Designing Experiences People Love
moore
138
23k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
664
120k
Building Adaptive Systems
keathley
38
2.2k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Intergalactic Javascript Robots from Outer Space
tanoku
268
27k
GitHub's CSS Performance
jonrohan
1030
460k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
The Invisible Side of Design
smashingmag
297
50k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k

Transcript

  1. Laura Bell Founder and Lead Consultant - SafeStack @lady_nerd [email protected]

    http:/ /safestack.io DIY Security for the amateur superhero
  2. None
  3. None
  4. None
  5. None
  6. None
  7. None
  8. None
  9. None
  10. None
  11. None

  12. it’s up to you to Detect

  13. Accept Protect Watch Respond Learn

  14. Accept

  15. None

  16. (we love you but seriously…)

  17. You (every single one of us…)

  18. code base development Initial idea Product launch Maturity Initiatives do

    security stuff

  19. Attack Defense help!

  20. Meanwhile in the security industry

  21. None

  22. (like OWASP and Troy Hunt)

  23. (perfect people are liars)

  24. (it’s ok to not know everything)

  25. (and here’s why…)

  26. Protect

  27. None

  28. (YOUR software has security flaws…)

  29. None

  30. (** inception fog horn noise **)

  31. None

  32. technologies

  33. Oh noes.. a wild demo appears OWASP Dependency Checker Libraries.io

  34. § https://libraries.io/ § https://www.owasp.org/index.php/OWASP_Dependen cy_Check

  35. Watch

  36. None

  37. (if you’re not looking)

  38. you

  39. Challenge yours

  40. Security team Managed border devices Budget Management support Erm.. Does

    watching mr robot count? Security Engineering

  41. ?? Wait? Hold on? Logging tools Contextual knowledge Access Incentive

    Security Engineering

  42. All

  43. Application Database Operating system Border devices Cloud tools

  44. destruction

  45. like actually, for real, not just when you’re debugging

  46. if the internet has already done it for you

  47. Be kind demo gods… please LastPass Lambda Logs Sumo Siemonster

    and ELK
  48. None

  49. make kittens cry

  50. can be the cost of DIY

  51. s/real/a real pain in the …/

  52. _sourceCategory=Apache/Acces | extract "\"[A-Z]+ \S+ HTTP/[\d\.]+\" \S+ \S+ \S+ \"(?<agent>[^\"]+?)\""

    | if (agent matches "*MSIE*",1,0) as ie | if (agent matches "*Firefox*",1,0) as firefox | if (agent matches "*Safari*",1,0) as safari | if (agent matches "*Chrome*",1,0) as chrome | sum(ie) as ie, sum(firefox) as firefox, sum(safari) as safari, sum(chrome) as chrome

  53. It’s better to see it coming Even if you can’t

    stop it

  54. § https://github.com/SafeStack/lambda_logs § https://elk-docker.readthedocs.io/ § https://siemonster.com/

  55. Respond

  56. (Incident Response skill isn’t innate)

  57. None
  58. None
  59. None

  60. § http://standards.iso.org/ittf/PubliclyAvailableStandard s/c045170_ISO_IEC_29147_2014.zip § https://github.com/Netflix/SimianArmy/wiki/Chaos- Monkey § https://hackerone.com/ § https://bugcrowd.com/

  61. Learn

  62. None

  63. (Every. Single. Day.)

  64. Security

  65. Accept Protect Watch Respond Learn

  66. Laura Bell Founder and Lead Consultant - SafeStack @lady_nerd [email protected]

    http:/ /safestack.io Questions?