Suche senden
Hochladen
Security First - Adam Baldwin
•
2 gefällt mir
•
971 views
Adam Baldwin
Folgen
JSConfEU 2013
Weniger lesen
Mehr lesen
Technologie
News & Politik
Melden
Teilen
Melden
Teilen
1 von 59
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
Worlds 1st DIY for Emergency & Wandering Help
Worlds 1st DIY for Emergency & Wandering Help
Neha Anand
Security & App Development - CSO Summit Mid 2014
Security & App Development - CSO Summit Mid 2014
Amod Malviya (आमोद मालवीय, ಆಮೋದ ಮಾಲವೀಯ)
CyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging Fruit
Chema Alonso
Cyber security Guide
Cyber security Guide
Ila Group
Amy mania - Put Words In My Mouth - DC2711 2019
Amy mania - Put Words In My Mouth - DC2711 2019
DC2711 - DEF CON GROUP - Johannesburg
Privacy on the Series of Tubes of Things
Privacy on the Series of Tubes of Things
EFF-Austin
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Dana Gardner
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
Evan Francen
Empfohlen
Worlds 1st DIY for Emergency & Wandering Help
Worlds 1st DIY for Emergency & Wandering Help
Neha Anand
Security & App Development - CSO Summit Mid 2014
Security & App Development - CSO Summit Mid 2014
Amod Malviya (आमोद मालवीय, ಆಮೋದ ಮಾಲವೀಯ)
CyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging Fruit
Chema Alonso
Cyber security Guide
Cyber security Guide
Ila Group
Amy mania - Put Words In My Mouth - DC2711 2019
Amy mania - Put Words In My Mouth - DC2711 2019
DC2711 - DEF CON GROUP - Johannesburg
Privacy on the Series of Tubes of Things
Privacy on the Series of Tubes of Things
EFF-Austin
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Dana Gardner
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
Evan Francen
Continuous Security
Continuous Security
Adam Baldwin
Nodevember 2015
Nodevember 2015
Adam Baldwin
Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)
Guy Podjarny
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Adam Baldwin
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
Adam Baldwin
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Adam Baldwin
portfolio.docx
portfolio.docx
DasolGaming
The Difference Between Being Secure And Being Compliant
The Difference Between Being Secure And Being Compliant
John Bedrick
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Sounil Yu
10 Components of Business Cyber Security
10 Components of Business Cyber Security
Comodo SSL Store
How to Secure America
How to Secure America
SecurityStudio
Information Security Awareness Session -2020
Information Security Awareness Session -2020
Ismail Oduoye CISSP,CISA, CCNP-ROUTE,CCNA, MCITP,MCTS
Giant bags of mostly water
Giant bags of mostly water
roensel
Evolving threat landscape
Evolving threat landscape
Motiv
Cyber Security
Cyber Security
Ncell
Lkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & Sanjay
Quek Lilian
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Lode Emmanuel Palle
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
Rob Fuller
eSafety and online security within schools
eSafety and online security within schools
Webanywhere Ltd
CYBER AWARENESS.pptx cyber security ppt harika
CYBER AWARENESS.pptx cyber security ppt harika
palaharika13
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
joshquarrie
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
SecurityStudio
Weitere ähnliche Inhalte
Andere mochten auch
Continuous Security
Continuous Security
Adam Baldwin
Nodevember 2015
Nodevember 2015
Adam Baldwin
Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)
Guy Podjarny
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Adam Baldwin
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
Adam Baldwin
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Adam Baldwin
Andere mochten auch
(6)
Continuous Security
Continuous Security
Nodevember 2015
Nodevember 2015
Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Ähnlich wie Security First - Adam Baldwin
portfolio.docx
portfolio.docx
DasolGaming
The Difference Between Being Secure And Being Compliant
The Difference Between Being Secure And Being Compliant
John Bedrick
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Sounil Yu
10 Components of Business Cyber Security
10 Components of Business Cyber Security
Comodo SSL Store
How to Secure America
How to Secure America
SecurityStudio
Information Security Awareness Session -2020
Information Security Awareness Session -2020
Ismail Oduoye CISSP,CISA, CCNP-ROUTE,CCNA, MCITP,MCTS
Giant bags of mostly water
Giant bags of mostly water
roensel
Evolving threat landscape
Evolving threat landscape
Motiv
Cyber Security
Cyber Security
Ncell
Lkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & Sanjay
Quek Lilian
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Lode Emmanuel Palle
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
Rob Fuller
eSafety and online security within schools
eSafety and online security within schools
Webanywhere Ltd
CYBER AWARENESS.pptx cyber security ppt harika
CYBER AWARENESS.pptx cyber security ppt harika
palaharika13
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
joshquarrie
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
SecurityStudio
Human is an amateur; the monkey is an expert. How to stop trying to secure yo...
Human is an amateur; the monkey is an expert. How to stop trying to secure yo...
Vlad Styran
Opsec for security researchers
Opsec for security researchers
vicenteDiaz_KL
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
Dana Gardner
Module1_Intro to Security_Final.ppt
Module1_Intro to Security_Final.ppt
zenotechae
Ähnlich wie Security First - Adam Baldwin
(20)
portfolio.docx
portfolio.docx
The Difference Between Being Secure And Being Compliant
The Difference Between Being Secure And Being Compliant
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
10 Components of Business Cyber Security
10 Components of Business Cyber Security
How to Secure America
How to Secure America
Information Security Awareness Session -2020
Information Security Awareness Session -2020
Giant bags of mostly water
Giant bags of mostly water
Evolving threat landscape
Evolving threat landscape
Cyber Security
Cyber Security
Lkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & Sanjay
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
eSafety and online security within schools
eSafety and online security within schools
CYBER AWARENESS.pptx cyber security ppt harika
CYBER AWARENESS.pptx cyber security ppt harika
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
Human is an amateur; the monkey is an expert. How to stop trying to secure yo...
Human is an amateur; the monkey is an expert. How to stop trying to secure yo...
Opsec for security researchers
Opsec for security researchers
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
Module1_Intro to Security_Final.ppt
Module1_Intro to Security_Final.ppt
Mehr von Adam Baldwin
Attacking open source using abandoned resources
Attacking open source using abandoned resources
Adam Baldwin
JavaScript Supply Chain Security
JavaScript Supply Chain Security
Adam Baldwin
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into It
Adam Baldwin
Hunting for malicious modules in npm - NodeSummit
Hunting for malicious modules in npm - NodeSummit
Adam Baldwin
Node Security Project - LXJS 2013
Node Security Project - LXJS 2013
Adam Baldwin
JSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs Breakers
Adam Baldwin
EV1LSHA - Misadventures in the land of Lua
EV1LSHA - Misadventures in the land of Lua
Adam Baldwin
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy steps
Adam Baldwin
Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010
Adam Baldwin
Mehr von Adam Baldwin
(9)
Attacking open source using abandoned resources
Attacking open source using abandoned resources
JavaScript Supply Chain Security
JavaScript Supply Chain Security
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into It
Hunting for malicious modules in npm - NodeSummit
Hunting for malicious modules in npm - NodeSummit
Node Security Project - LXJS 2013
Node Security Project - LXJS 2013
JSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs Breakers
EV1LSHA - Misadventures in the land of Lua
EV1LSHA - Misadventures in the land of Lua
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy steps
Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010
Kürzlich hochgeladen
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
hariprasad279825
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Lars Bell
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
comworks
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Alan Dix
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Alex Barbosa Coqueiro
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Dilum Bandara
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Kürzlich hochgeladen
(20)
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Security First - Adam Baldwin
1.
Security First
2.
3.
4.
Thanks First
5.
Hi, I’m Adam
6.
Hi, I’m Adam @adam_baldwin @liftsecurity @nodesecurity
7.
Hi, I’m Adam @evilpacket
8.
9.
andbang.com
10.
andbang.com
11.
12.
13.
Node Security Project nodesecurity.io
14.
Security First
15.
We’re Fucked
16.
Nothing is 100% Secure.
17.
18.
19.
Defender Attacker
20.
Defender Attacker
21.
22.
AttackerDefender
23.
Software is Hard
24.
Software is full
of opinions
25.
26.
Mobile First
27.
Mobile First Content First
28.
Mobile First Content First Offline
First
29.
Mobile First Content First Offline
First SECURITY
30.
Software is full
of constraints
31.
Security is one
of those
32.
Who’s responsible for security?
33.
Who’s responsible for security? You
are.
34.
Why?
35.
36.
NSA Spent $25
million on ‘software vulnerabilities’ in 2013
37.
Stay off the
menu.
38.
Litigation is coming.
39.
Litigation is coming.
40.
Enough Doom &
Gloom already!
41.
Enough Doom &
Gloom already!
42.
Something has to change
43.
Let’s build a Security
First culture
44.
45.
Why do we
avoid security?
46.
- Ignorance - Procrastination -
Not Exciting work - Not Rewarded
47.
Education Understand Vulnerabilities
48.
The simple stuff still
works.
49.
50.
Validation / Sanitization Cryptohttp://www.matasano.com/articles/crypto-challenges/ http://owasp.org
51.
npm install all
the things™
52.
npm install coffeescript
53.
so..ahhh. what else?
54.
Process It’s not immutable
55.
Community Bridge all the
worlds http://blog.andyet.com/2013/09/11/shame-and-security
56.
security.md
57.
Homework. - Learn about
1 vuln - Audit some code - Teach a Friend
58.
confwork? Talk to each
other about security...
59.
</PRESENTATION> @adam_baldwin | @LiftSecurity
Jetzt herunterladen