SlideShare ist ein Scribd-Unternehmen logo

Twubhubbook - it's like appsec, but for startups

Neil Matatall
Neil Matatall

Version with notes: https://speakerdeck.com/oreoshake/twubhubbook-its-like-appsec-but-for-startups-with-notes

Software
1 von 30
Downloaden Sie, um offline zu lesen
I T ’ S L I K E A P P S E C , B U T F O R S T A R T U P S TWUBHUBOOK
Originally from the bay, Brent spends his time doing all the fun things LA has to offer while he longs for the days when he can move back home. Finally has a twitter account. a.k.a. @brentjo on GitHub @gsmbj on twitter Brent Johnson TROJAN. BOUNTY TRIAGE EXPERT. BUSINESS LOGIC FLAWS ARE HIS FRIEND.
I like dog. Twitter: @ndm Neil “oreoshake” Matatall ASPIRING PARK RANGER. DOES NOT LIKE COMPUTERS.
W H A T ’ S A T W U B H U B B O O K Greenfield In many disciplines a greenfield project is one that lacks constraints imposed by prior work. The analogy is to that of construction on greenfield land where there is no need to work within the constraints of existing buildings or infrastructure - Wikipedia
W H A T ’ S A T W U B H U B B O O K C O N T ’ D Young application Think pre-pre-pre-pre-pre-IPO.
W H A T ’ S A T W U B H U B B O O K C O N T ’ D Mature application
The Future: 2025 D A Y O N E O N T H E J O B Oddly, the mannequin challenge is still even in 2025.
2 4 | Agree on acceptable technology | Always stay current | Review architecture | Code review culture
4 | Agree on acceptable technology | Always stay current | Review architecture | Code review culture
4 | Agree on acceptable technology | Always stay current | Review architecture | Code review culture
| Agree on acceptable technology | Always stay current | Review architecture | Code review culture
B E I N T H E B U S I N E S S O F P R E V E N T I O N SECURITY DOES NOT HAVE TIME TO FIX OR FIND BUGS
What have we accomplished?
Building a healthy culture W E E K 2 O N T H E J O B
W E ’ R E H E R E T O S A Y “ B E C A R E F U L ” SECURITY IS NOT HERE TO SAY “NO”
Twubhubbook hits its first milestone 1,000,000 MAUS
What have we accomplished?
The game has changed, strategies must be updated. PROCESSES MUST SCALE CULTURE MUST STAY STRONG FLEXIBILITY IS IMPORTANT
FOCUS ON LEARNING “I TOLD YOU SO” IS FORBIDDEN “The incident”
What have we accomplished?
The security team grows D A Y ? ? ? O F ? ? ? Mommy, wow! I’m a big kid now.
| FRAMEWORK HARDENING 2 4 3 1 | COLLAB WITH STANDARDS BODIES | SHARED RESPONSIBILITY
The bug bounty turns 3! MORE BUGS, BIGGER BOUNTIES
HOLD ON FOR YOUR ASSES PERHAPS TAKE UP MEDITATION Pre-IPO
I HEARD YOU HAD TO WRITE A FIFO CACHE IN COLLEGE — CAN YOU REVIEW THIS MIPS CODE OUR CORE BUSINESS OPS NOW DEPEND ON? Stack Diversifies
Development stack consolidates DON’T BUDGE ON SECURE BY DEFAULT, HARDEN THE FRAMEWORK, DESIGN SERVICES SECURELY.
TESTS FOR EVERYTHING. ROLES FOR EVERYONE. Beyond basic appsec
The IPO engineer = Twubhubbook.appsec_team.first; engineer.company = BayArea.startups.next;
“STARTING UP SECURITY” - RYAN MCGEEHAN HTTPS://MEDIUM.COM/STARTING-UP-SECURITY “THE SAAS CTO SECURITY CHECKLIST” - SQREEN HTTP://CTO-SECURITY-CHECKLIST.SQREEN.IO/ Further Reading
KAILUA KONA, HAWAI’I APRIL 2018 LOCOMOCOSEC.COM @LOCOMOCOSEC Loco Moco Security Conference

Empfohlen

XII Waves Hitlist
XII Waves HitlistXII Waves Hitlist
XII Waves HitlistMichel Vos
 
The IoT For Real
The IoT For Real The IoT For Real
The IoT For Real University of Hertfordshire
 
BBC Studios - Instagram’s Underdog - Rethinking IGTV and Finding Success With...
BBC Studios - Instagram’s Underdog - Rethinking IGTV and Finding Success With...BBC Studios - Instagram’s Underdog - Rethinking IGTV and Finding Success With...
BBC Studios - Instagram’s Underdog - Rethinking IGTV and Finding Success With...Falcon.io
 
Thinking like a Network
Thinking like a NetworkThinking like a Network
Thinking like a NetworkJonas Altman
 
Digital transformation in the Public Sector. By Tommaso Di Bartolo. Silicon V...
Digital transformation in the Public Sector. By Tommaso Di Bartolo. Silicon V...Digital transformation in the Public Sector. By Tommaso Di Bartolo. Silicon V...
Digital transformation in the Public Sector. By Tommaso Di Bartolo. Silicon V...Tommaso Di Bartolo
 
How NOT to fuck up remote development
How NOT to fuck up remote developmentHow NOT to fuck up remote development
How NOT to fuck up remote developmentChris Philipps
 
The Biggest Problem In TV: Split... Attention
The Biggest Problem In TV: Split... AttentionThe Biggest Problem In TV: Split... Attention
The Biggest Problem In TV: Split... AttentionTodd Green
 
Assignment 2 with script
Assignment 2 with scriptAssignment 2 with script
Assignment 2 with scriptMaxineOwens
 

Empfohlen

XII Waves Hitlist
XII Waves HitlistXII Waves Hitlist
XII Waves HitlistMichel Vos
 
The IoT For Real
The IoT For Real The IoT For Real
The IoT For Real University of Hertfordshire
 
BBC Studios - Instagram’s Underdog - Rethinking IGTV and Finding Success With...
BBC Studios - Instagram’s Underdog - Rethinking IGTV and Finding Success With...BBC Studios - Instagram’s Underdog - Rethinking IGTV and Finding Success With...
BBC Studios - Instagram’s Underdog - Rethinking IGTV and Finding Success With...Falcon.io
 
Thinking like a Network
Thinking like a NetworkThinking like a Network
Thinking like a NetworkJonas Altman
 
Digital transformation in the Public Sector. By Tommaso Di Bartolo. Silicon V...
Digital transformation in the Public Sector. By Tommaso Di Bartolo. Silicon V...Digital transformation in the Public Sector. By Tommaso Di Bartolo. Silicon V...
Digital transformation in the Public Sector. By Tommaso Di Bartolo. Silicon V...Tommaso Di Bartolo
 
How NOT to fuck up remote development
How NOT to fuck up remote developmentHow NOT to fuck up remote development
How NOT to fuck up remote developmentChris Philipps
 
The Biggest Problem In TV: Split... Attention
The Biggest Problem In TV: Split... AttentionThe Biggest Problem In TV: Split... Attention
The Biggest Problem In TV: Split... AttentionTodd Green
 
Assignment 2 with script
Assignment 2 with scriptAssignment 2 with script
Assignment 2 with scriptMaxineOwens
 
Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...
Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...
Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...Riccardo Spinelli
 
The digital revolution and the future 2012
The digital revolution and the future 2012The digital revolution and the future 2012
The digital revolution and the future 2012Bex Lewis
 
Disruptive Innovations and Local Government Strategies for Embracing these In...
Disruptive Innovations and Local Government Strategies for Embracing these In...Disruptive Innovations and Local Government Strategies for Embracing these In...
Disruptive Innovations and Local Government Strategies for Embracing these In...Dustin Haisler
 
Digital Trends in CCSS & PBL
Digital Trends in CCSS & PBLDigital Trends in CCSS & PBL
Digital Trends in CCSS & PBLMartin Cisneros
 
Telescope Pitch Deck
Telescope Pitch DeckTelescope Pitch Deck
Telescope Pitch DeckNino Panes
 
Science and Engineering Out of The Box
Science and Engineering Out of The BoxScience and Engineering Out of The Box
Science and Engineering Out of The BoxUniversity of Hertfordshire
 
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...Brandon Zoras
 
Good presentation
Good presentationGood presentation
Good presentationBrandon Jackson
 
Good presentation
Good presentationGood presentation
Good presentationBrandon Jackson
 
Wireless Past Present Future
Wireless Past Present FutureWireless Past Present Future
Wireless Past Present FutureUniversity of Hertfordshire
 
Pair Programming
Pair ProgrammingPair Programming
Pair ProgrammingCarlos Corrêa da Silva
 
Creating an Agile Business
Creating an Agile BusinessCreating an Agile Business
Creating an Agile BusinessZach Nies
 
Talk to MOE educators@Singapore Science Centre for Animate@South Zone
Talk to MOE educators@Singapore Science Centre for Animate@South ZoneTalk to MOE educators@Singapore Science Centre for Animate@South Zone
Talk to MOE educators@Singapore Science Centre for Animate@South ZoneJames Chan
 
2015 Arts Midwest Workshop: Embracing the Digital Age
2015 Arts Midwest Workshop: Embracing the Digital Age2015 Arts Midwest Workshop: Embracing the Digital Age
2015 Arts Midwest Workshop: Embracing the Digital AgeThe Metropolitan Museum of Art
 
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USP
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USPTelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USP
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USPMarcio
 
The Tech Lab - Company Profile V1.4
The Tech Lab - Company Profile V1.4The Tech Lab - Company Profile V1.4
The Tech Lab - Company Profile V1.4ShayonKhaled
 
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015Toan Bach Quang Bao
 
Understanding innovation
Understanding innovationUnderstanding innovation
Understanding innovationjacquelineyeye
 
The trek towards sustainability - truth, tale, or transition?
The trek towards sustainability - truth, tale, or transition?The trek towards sustainability - truth, tale, or transition?
The trek towards sustainability - truth, tale, or transition?Birgit Penzenstadler
 
The mobile ecosystem & technological strategies
The mobile ecosystem & technological strategiesThe mobile ecosystem & technological strategies
The mobile ecosystem & technological strategiesIvano Malavolta
 
Owasp austin
Owasp austinOwasp austin
Owasp austinNeil Matatall
 
Putting to your Robots to Work V1.1
Putting to your Robots to Work V1.1Putting to your Robots to Work V1.1
Putting to your Robots to Work V1.1Neil Matatall
 

Weitere ähnliche Inhalte

Ähnlich wie Twubhubbook - it's like appsec, but for startups

Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...
Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...
Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...Riccardo Spinelli
 
The digital revolution and the future 2012
The digital revolution and the future 2012The digital revolution and the future 2012
The digital revolution and the future 2012Bex Lewis
 
Disruptive Innovations and Local Government Strategies for Embracing these In...
Disruptive Innovations and Local Government Strategies for Embracing these In...Disruptive Innovations and Local Government Strategies for Embracing these In...
Disruptive Innovations and Local Government Strategies for Embracing these In...Dustin Haisler
 
Digital Trends in CCSS & PBL
Digital Trends in CCSS & PBLDigital Trends in CCSS & PBL
Digital Trends in CCSS & PBLMartin Cisneros
 
Telescope Pitch Deck
Telescope Pitch DeckTelescope Pitch Deck
Telescope Pitch DeckNino Panes
 
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...Brandon Zoras
 
Creating an Agile Business
Creating an Agile BusinessCreating an Agile Business
Creating an Agile BusinessZach Nies
 
Talk to MOE educators@Singapore Science Centre for Animate@South Zone
Talk to MOE educators@Singapore Science Centre for Animate@South ZoneTalk to MOE educators@Singapore Science Centre for Animate@South Zone
Talk to MOE educators@Singapore Science Centre for Animate@South ZoneJames Chan
 
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USP
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USPTelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USP
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USPMarcio
 
The Tech Lab - Company Profile V1.4
The Tech Lab - Company Profile V1.4The Tech Lab - Company Profile V1.4
The Tech Lab - Company Profile V1.4ShayonKhaled
 
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015Toan Bach Quang Bao
 
Understanding innovation
Understanding innovationUnderstanding innovation
Understanding innovationjacquelineyeye
 
The trek towards sustainability - truth, tale, or transition?
The trek towards sustainability - truth, tale, or transition?The trek towards sustainability - truth, tale, or transition?
The trek towards sustainability - truth, tale, or transition?Birgit Penzenstadler
 
The mobile ecosystem & technological strategies
The mobile ecosystem & technological strategiesThe mobile ecosystem & technological strategies
The mobile ecosystem & technological strategiesIvano Malavolta
 

Ähnlich wie Twubhubbook - it's like appsec, but for startups (20)

Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...
Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...
Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...
 
The digital revolution and the future 2012
The digital revolution and the future 2012The digital revolution and the future 2012
The digital revolution and the future 2012
 
Disruptive Innovations and Local Government Strategies for Embracing these In...
Disruptive Innovations and Local Government Strategies for Embracing these In...Disruptive Innovations and Local Government Strategies for Embracing these In...
Disruptive Innovations and Local Government Strategies for Embracing these In...
 
Digital Trends in CCSS & PBL
Digital Trends in CCSS & PBLDigital Trends in CCSS & PBL
Digital Trends in CCSS & PBL
 
Telescope Pitch Deck
Telescope Pitch DeckTelescope Pitch Deck
Telescope Pitch Deck
 
Science and Engineering Out of The Box
Science and Engineering Out of The BoxScience and Engineering Out of The Box
Science and Engineering Out of The Box
 
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...
 
Good presentation
Good presentationGood presentation
Good presentation
 
Good presentation
Good presentationGood presentation
Good presentation
 
Wireless Past Present Future
Wireless Past Present FutureWireless Past Present Future
Wireless Past Present Future
 
Pair Programming
Pair ProgrammingPair Programming
Pair Programming
 
Creating an Agile Business
Creating an Agile BusinessCreating an Agile Business
Creating an Agile Business
 
Talk to MOE educators@Singapore Science Centre for Animate@South Zone
Talk to MOE educators@Singapore Science Centre for Animate@South ZoneTalk to MOE educators@Singapore Science Centre for Animate@South Zone
Talk to MOE educators@Singapore Science Centre for Animate@South Zone
 
2015 Arts Midwest Workshop: Embracing the Digital Age
2015 Arts Midwest Workshop: Embracing the Digital Age2015 Arts Midwest Workshop: Embracing the Digital Age
2015 Arts Midwest Workshop: Embracing the Digital Age
 
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USP
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USPTelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USP
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USP
 
The Tech Lab - Company Profile V1.4
The Tech Lab - Company Profile V1.4The Tech Lab - Company Profile V1.4
The Tech Lab - Company Profile V1.4
 
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015
 
Understanding innovation
Understanding innovationUnderstanding innovation
Understanding innovation
 
The trek towards sustainability - truth, tale, or transition?
The trek towards sustainability - truth, tale, or transition?The trek towards sustainability - truth, tale, or transition?
The trek towards sustainability - truth, tale, or transition?
 
The mobile ecosystem & technological strategies
The mobile ecosystem & technological strategiesThe mobile ecosystem & technological strategies
The mobile ecosystem & technological strategies
 

Mehr von Neil Matatall

Putting to your Robots to Work V1.1
Putting to your Robots to Work V1.1Putting to your Robots to Work V1.1
Putting to your Robots to Work V1.1Neil Matatall
 
2013: OC Rails Jan - SecureHeaders library and content security policy
2013: OC Rails Jan - SecureHeaders library and content security policy2013: OC Rails Jan - SecureHeaders library and content security policy
2013: OC Rails Jan - SecureHeaders library and content security policyNeil Matatall
 
2012: Putting your robots to work: security automation at Twitter
2012: Putting your robots to work: security automation at Twitter2012: Putting your robots to work: security automation at Twitter
2012: Putting your robots to work: security automation at TwitterNeil Matatall
 
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...Neil Matatall
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security TutorialNeil Matatall
 
Educause Annual 2007
Educause Annual 2007Educause Annual 2007
Educause Annual 2007Neil Matatall
 

Mehr von Neil Matatall (8)

Owasp austin
Owasp austinOwasp austin
Owasp austin
 
Putting to your Robots to Work V1.1
Putting to your Robots to Work V1.1Putting to your Robots to Work V1.1
Putting to your Robots to Work V1.1
 
2013: OC Rails Jan - SecureHeaders library and content security policy
2013: OC Rails Jan - SecureHeaders library and content security policy2013: OC Rails Jan - SecureHeaders library and content security policy
2013: OC Rails Jan - SecureHeaders library and content security policy
 
2012: Putting your robots to work: security automation at Twitter
2012: Putting your robots to work: security automation at Twitter2012: Putting your robots to work: security automation at Twitter
2012: Putting your robots to work: security automation at Twitter
 
2012: Passw3rd
2012: Passw3rd2012: Passw3rd
2012: Passw3rd
 
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security Tutorial
 
Educause Annual 2007
Educause Annual 2007Educause Annual 2007
Educause Annual 2007
 

Kürzlich hochgeladen

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....ShaimaaMohamedGalal
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 

Kürzlich hochgeladen (20)

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 

Twubhubbook - it's like appsec, but for startups

  • 1. I T ’ S L I K E A P P S E C , B U T F O R S T A R T U P S TWUBHUBOOK
  • 2. Originally from the bay, Brent spends his time doing all the fun things LA has to offer while he longs for the days when he can move back home. Finally has a twitter account. a.k.a. @brentjo on GitHub @gsmbj on twitter Brent Johnson TROJAN. BOUNTY TRIAGE EXPERT. BUSINESS LOGIC FLAWS ARE HIS FRIEND.
  • 3. I like dog. Twitter: @ndm Neil “oreoshake” Matatall ASPIRING PARK RANGER. DOES NOT LIKE COMPUTERS.
  • 4. W H A T ’ S A T W U B H U B B O O K Greenfield In many disciplines a greenfield project is one that lacks constraints imposed by prior work. The analogy is to that of construction on greenfield land where there is no need to work within the constraints of existing buildings or infrastructure - Wikipedia
  • 5. W H A T ’ S A T W U B H U B B O O K C O N T ’ D Young application Think pre-pre-pre-pre-pre-IPO.
  • 6. W H A T ’ S A T W U B H U B B O O K C O N T ’ D Mature application
  • 7. The Future: 2025 D A Y O N E O N T H E J O B Oddly, the mannequin challenge is still even in 2025.
  • 8. 2 4 | Agree on acceptable technology | Always stay current | Review architecture | Code review culture
  • 9. 4 | Agree on acceptable technology | Always stay current | Review architecture | Code review culture
  • 10. 4 | Agree on acceptable technology | Always stay current | Review architecture | Code review culture
  • 11. | Agree on acceptable technology | Always stay current | Review architecture | Code review culture
  • 12. B E I N T H E B U S I N E S S O F P R E V E N T I O N SECURITY DOES NOT HAVE TIME TO FIX OR FIND BUGS
  • 14. Building a healthy culture W E E K 2 O N T H E J O B
  • 15. W E ’ R E H E R E T O S A Y “ B E C A R E F U L ” SECURITY IS NOT HERE TO SAY “NO”
  • 18. The game has changed, strategies must be updated. PROCESSES MUST SCALE CULTURE MUST STAY STRONG FLEXIBILITY IS IMPORTANT
  • 19. FOCUS ON LEARNING “I TOLD YOU SO” IS FORBIDDEN “The incident”
  • 21. The security team grows D A Y ? ? ? O F ? ? ? Mommy, wow! I’m a big kid now.
  • 22. | FRAMEWORK HARDENING 2 4 3 1 | COLLAB WITH STANDARDS BODIES | SHARED RESPONSIBILITY
  • 23. The bug bounty turns 3! MORE BUGS, BIGGER BOUNTIES
  • 24. HOLD ON FOR YOUR ASSES PERHAPS TAKE UP MEDITATION Pre-IPO
  • 25. I HEARD YOU HAD TO WRITE A FIFO CACHE IN COLLEGE — CAN YOU REVIEW THIS MIPS CODE OUR CORE BUSINESS OPS NOW DEPEND ON? Stack Diversifies
  • 26. Development stack consolidates DON’T BUDGE ON SECURE BY DEFAULT, HARDEN THE FRAMEWORK, DESIGN SERVICES SECURELY.
  • 27. TESTS FOR EVERYTHING. ROLES FOR EVERYONE. Beyond basic appsec
  • 28. The IPO engineer = Twubhubbook.appsec_team.first; engineer.company = BayArea.startups.next;
  • 29. “STARTING UP SECURITY” - RYAN MCGEEHAN HTTPS://MEDIUM.COM/STARTING-UP-SECURITY “THE SAAS CTO SECURITY CHECKLIST” - SQREEN HTTP://CTO-SECURITY-CHECKLIST.SQREEN.IO/ Further Reading
  • 30. KAILUA KONA, HAWAI’I APRIL 2018 LOCOMOCOSEC.COM @LOCOMOCOSEC Loco Moco Security Conference