Enviar búsqueda
Cargar
Security First - Adam Baldwin
•
2 recomendaciones
•
971 vistas
Adam Baldwin
Seguir
JSConfEU 2013
Leer menos
Leer más
Tecnología
Noticias y política
Vista de diapositivas
Denunciar
Compartir
Vista de diapositivas
Denunciar
Compartir
1 de 59
Descargar ahora
Descargar para leer sin conexión
Recomendados
Worlds 1st DIY for Emergency & Wandering Help
Worlds 1st DIY for Emergency & Wandering Help
Neha Anand
Security & App Development - CSO Summit Mid 2014
Security & App Development - CSO Summit Mid 2014
Amod Malviya (आमोद मालवीय, ಆಮೋದ ಮಾಲವೀಯ)
CyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging Fruit
Chema Alonso
Cyber security Guide
Cyber security Guide
Ila Group
Amy mania - Put Words In My Mouth - DC2711 2019
Amy mania - Put Words In My Mouth - DC2711 2019
DC2711 - DEF CON GROUP - Johannesburg
Privacy on the Series of Tubes of Things
Privacy on the Series of Tubes of Things
EFF-Austin
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Dana Gardner
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
Evan Francen
Recomendados
Worlds 1st DIY for Emergency & Wandering Help
Worlds 1st DIY for Emergency & Wandering Help
Neha Anand
Security & App Development - CSO Summit Mid 2014
Security & App Development - CSO Summit Mid 2014
Amod Malviya (आमोद मालवीय, ಆಮೋದ ಮಾಲವೀಯ)
CyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging Fruit
Chema Alonso
Cyber security Guide
Cyber security Guide
Ila Group
Amy mania - Put Words In My Mouth - DC2711 2019
Amy mania - Put Words In My Mouth - DC2711 2019
DC2711 - DEF CON GROUP - Johannesburg
Privacy on the Series of Tubes of Things
Privacy on the Series of Tubes of Things
EFF-Austin
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Dana Gardner
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
Evan Francen
Continuous Security
Continuous Security
Adam Baldwin
Nodevember 2015
Nodevember 2015
Adam Baldwin
Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)
Guy Podjarny
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Adam Baldwin
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
Adam Baldwin
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Adam Baldwin
portfolio.docx
portfolio.docx
DasolGaming
The Difference Between Being Secure And Being Compliant
The Difference Between Being Secure And Being Compliant
John Bedrick
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Sounil Yu
10 Components of Business Cyber Security
10 Components of Business Cyber Security
Comodo SSL Store
How to Secure America
How to Secure America
SecurityStudio
Information Security Awareness Session -2020
Information Security Awareness Session -2020
Ismail Oduoye CISSP,CISA, CCNP-ROUTE,CCNA, MCITP,MCTS
Giant bags of mostly water
Giant bags of mostly water
roensel
Evolving threat landscape
Evolving threat landscape
Motiv
Cyber Security
Cyber Security
Ncell
Lkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & Sanjay
Quek Lilian
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Lode Emmanuel Palle
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
Rob Fuller
eSafety and online security within schools
eSafety and online security within schools
Webanywhere Ltd
CYBER AWARENESS.pptx cyber security ppt harika
CYBER AWARENESS.pptx cyber security ppt harika
palaharika13
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
joshquarrie
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
SecurityStudio
Más contenido relacionado
Destacado
Continuous Security
Continuous Security
Adam Baldwin
Nodevember 2015
Nodevember 2015
Adam Baldwin
Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)
Guy Podjarny
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Adam Baldwin
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
Adam Baldwin
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Adam Baldwin
Destacado
(6)
Continuous Security
Continuous Security
Nodevember 2015
Nodevember 2015
Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Similar a Security First - Adam Baldwin
portfolio.docx
portfolio.docx
DasolGaming
The Difference Between Being Secure And Being Compliant
The Difference Between Being Secure And Being Compliant
John Bedrick
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Sounil Yu
10 Components of Business Cyber Security
10 Components of Business Cyber Security
Comodo SSL Store
How to Secure America
How to Secure America
SecurityStudio
Information Security Awareness Session -2020
Information Security Awareness Session -2020
Ismail Oduoye CISSP,CISA, CCNP-ROUTE,CCNA, MCITP,MCTS
Giant bags of mostly water
Giant bags of mostly water
roensel
Evolving threat landscape
Evolving threat landscape
Motiv
Cyber Security
Cyber Security
Ncell
Lkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & Sanjay
Quek Lilian
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Lode Emmanuel Palle
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
Rob Fuller
eSafety and online security within schools
eSafety and online security within schools
Webanywhere Ltd
CYBER AWARENESS.pptx cyber security ppt harika
CYBER AWARENESS.pptx cyber security ppt harika
palaharika13
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
joshquarrie
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
SecurityStudio
Human is an amateur; the monkey is an expert. How to stop trying to secure yo...
Human is an amateur; the monkey is an expert. How to stop trying to secure yo...
Vlad Styran
Opsec for security researchers
Opsec for security researchers
vicenteDiaz_KL
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
Dana Gardner
Module1_Intro to Security_Final.ppt
Module1_Intro to Security_Final.ppt
zenotechae
Similar a Security First - Adam Baldwin
(20)
portfolio.docx
portfolio.docx
The Difference Between Being Secure And Being Compliant
The Difference Between Being Secure And Being Compliant
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
10 Components of Business Cyber Security
10 Components of Business Cyber Security
How to Secure America
How to Secure America
Information Security Awareness Session -2020
Information Security Awareness Session -2020
Giant bags of mostly water
Giant bags of mostly water
Evolving threat landscape
Evolving threat landscape
Cyber Security
Cyber Security
Lkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & Sanjay
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
eSafety and online security within schools
eSafety and online security within schools
CYBER AWARENESS.pptx cyber security ppt harika
CYBER AWARENESS.pptx cyber security ppt harika
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
Human is an amateur; the monkey is an expert. How to stop trying to secure yo...
Human is an amateur; the monkey is an expert. How to stop trying to secure yo...
Opsec for security researchers
Opsec for security researchers
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
Module1_Intro to Security_Final.ppt
Module1_Intro to Security_Final.ppt
Más de Adam Baldwin
Attacking open source using abandoned resources
Attacking open source using abandoned resources
Adam Baldwin
JavaScript Supply Chain Security
JavaScript Supply Chain Security
Adam Baldwin
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into It
Adam Baldwin
Hunting for malicious modules in npm - NodeSummit
Hunting for malicious modules in npm - NodeSummit
Adam Baldwin
Node Security Project - LXJS 2013
Node Security Project - LXJS 2013
Adam Baldwin
JSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs Breakers
Adam Baldwin
EV1LSHA - Misadventures in the land of Lua
EV1LSHA - Misadventures in the land of Lua
Adam Baldwin
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy steps
Adam Baldwin
Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010
Adam Baldwin
Más de Adam Baldwin
(9)
Attacking open source using abandoned resources
Attacking open source using abandoned resources
JavaScript Supply Chain Security
JavaScript Supply Chain Security
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into It
Hunting for malicious modules in npm - NodeSummit
Hunting for malicious modules in npm - NodeSummit
Node Security Project - LXJS 2013
Node Security Project - LXJS 2013
JSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs Breakers
EV1LSHA - Misadventures in the land of Lua
EV1LSHA - Misadventures in the land of Lua
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy steps
Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010
Último
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Deepika Singh
Architecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Remote DBA Services
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
apidays
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
johnbeverley2021
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
Último
(20)
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Architecting Cloud Native Applications
Architecting Cloud Native Applications
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Security First - Adam Baldwin
1.
Security First
2.
3.
4.
Thanks First
5.
Hi, I’m Adam
6.
Hi, I’m Adam @adam_baldwin @liftsecurity @nodesecurity
7.
Hi, I’m Adam @evilpacket
8.
9.
andbang.com
10.
andbang.com
11.
12.
13.
Node Security Project nodesecurity.io
14.
Security First
15.
We’re Fucked
16.
Nothing is 100% Secure.
17.
18.
19.
Defender Attacker
20.
Defender Attacker
21.
22.
AttackerDefender
23.
Software is Hard
24.
Software is full
of opinions
25.
26.
Mobile First
27.
Mobile First Content First
28.
Mobile First Content First Offline
First
29.
Mobile First Content First Offline
First SECURITY
30.
Software is full
of constraints
31.
Security is one
of those
32.
Who’s responsible for security?
33.
Who’s responsible for security? You
are.
34.
Why?
35.
36.
NSA Spent $25
million on ‘software vulnerabilities’ in 2013
37.
Stay off the
menu.
38.
Litigation is coming.
39.
Litigation is coming.
40.
Enough Doom &
Gloom already!
41.
Enough Doom &
Gloom already!
42.
Something has to change
43.
Let’s build a Security
First culture
44.
45.
Why do we
avoid security?
46.
- Ignorance - Procrastination -
Not Exciting work - Not Rewarded
47.
Education Understand Vulnerabilities
48.
The simple stuff still
works.
49.
50.
Validation / Sanitization Cryptohttp://www.matasano.com/articles/crypto-challenges/ http://owasp.org
51.
npm install all
the things™
52.
npm install coffeescript
53.
so..ahhh. what else?
54.
Process It’s not immutable
55.
Community Bridge all the
worlds http://blog.andyet.com/2013/09/11/shame-and-security
56.
security.md
57.
Homework. - Learn about
1 vuln - Audit some code - Teach a Friend
58.
confwork? Talk to each
other about security...
59.
</PRESENTATION> @adam_baldwin | @LiftSecurity
Descargar ahora