Recommended
More Related Content
Similar to Building a Security Program at Grammarly - XP Days 2019
Similar to Building a Security Program at Grammarly - XP Days 2019 (20)
Recently uploaded
Recently uploaded (20)
Building a Security Program at Grammarly - XP Days 2019
- 1. Building a Security Program at Grammarly Dima Tiagulskyi - Software Engineer, Security Team
- 70. ● Early Life ○ https://twitter.com/badthingsdaily ○ https://enterprise.verizon.com/resources/reports/dbir/ ○ https://krebsonsecurity.com/ ○ https://www.loopio.com/blog/respond-security-questionnaires-3 ● Bug Bounty ○ https://danielmiessler.com/study/security-assessment-types/ ○ https://hackerone.com/grammarly ○ https://www.bugcrowd.com/ ○ https://hackerone.com/dropbox ○ https://securitytxt.org/ References
- 71. References ● Jurassic CorpSec ○ Building Identity for an Open Perimeter ○ https://www.gartner.com/reviews/market/access-management ○ https://support.1password.com/create-share-vaults/ ○ https://aws.amazon.com/blogs/aws/built-in-authentication-in-alb/ ● Protecting Endpoints ○ https://www.jamf.com/ ○ https://en.wikipedia.org/wiki/Endpoint_Detection_and_Response ○ Configure an external recipient warning ● Security Team ○ https://about.gitlab.com/handbook/engineering/security/#security-department ○ https://www.owasp.org/index.php/OWASP_SAMM_Project ○ https://www.cisecurity.org/controls/cis-controls-list/
- 72. ● Incident Detection and Response ○ https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Auditing.html ○ https://www.dmtf.org/standards/cadf ○ https://aws.amazon.com/products/security/ ○ https://www.sumologic.com/security/ ○ https://www.cisecurity.org/cis-benchmarks/ ● Infrastructure ○ https://aws.amazon.com/organizations/ ○ https://aws.amazon.com/controltower/ ○ https://aws.amazon.com/blogs/compute/refreshing-an-amazon-ecs-container-instance-cluster-with-a-new-ami/ ● Abuse Research and Infrastructure ○ https://www.troyhunt.com/ ○ https://elie.net/ References
- 73. ● Security Culture ○ https://www.owasp.org/index.php/Security_Champions_Playbook ○ https://www.amazon.com/Securing-DevOps-Security-Julien-Vehent/dp/1617294136 ○ https://www.amazon.com/Agile-Application-Security-Enabling-Continuous/dp/1491938846 ● OWASP ○ https://www.owasp.org/index.php/OWASP_SAMM_Project ○ https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project ○ https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project ○ https://cheatsheetseries.owasp.org/ ● Integrating Security in Development ○ https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP ○ https://report-uri.com/ ○ https://web.dev/samesite-cookies-explained/ ○ https://www.chromium.org/updates/same-site ○ https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html References