SlideShare a Scribd company logo

Continuous Security - NDC Sydney 2017

L
Laura Bell

Agile development is a powerful tool for the creation of high-quality software products. It has however scared the life out of many security managers and risk leaders. Once the job of a dedicated security team, security is now the responsibility of all members of our Agile teams. So how do we bring continuous security to our lifecycles without compromising velocity and innovation? What tools and techniques do we need and when should we apply them? In this talk, we will examine why security is the new key skills for successful Agile development teams and what you can do to bring it to your teams. This is a talk of war stories from the SCRUM team trenches and real world tools, techniques and processes that are less about 'managing' security than they are about building amazing(secure) things, fast.

1 of 66
Download to read offline
Founder and Lead Consultant - SafeStack @lady_nerd laura@safestack.io http://safestack.io Continuous Security
https://dfend.io
once upon a time*… * Sometime in the last week for some of you
and the whole world went to hell
lets do that again! faster this time!
common misconceptions
it’s not my job (that’s whywe have a security team)
border devices will save us
it’s impossible so why try
we’ve always done this… nobody’s hacked us yet awwww cute <3
we’re too little to fail (at security)
we are compliant
compliance has us racing to the bottom
what is continuous security?
design code stuffidea test deploy
design code stuffidea test deploy Initial Risk Assessment Design Review Code and Implementation Review Penetration Testing
continuous
principles of continuous security
automated autonomous integrated repeatable scalable
automated “the best technical people I know work really hard to make themselves redundant”
Deployment Provisioning Testing Static analysis Vulnerability mgmt
autonomous “no bottlenecks, breakdowns or ripples”
Skills Authority Accountability every team
integrated “bite-sized security that works with every step of your lifecycle”
Woven in to keep you going Respected enough to stop you
repeatable “security fails when it’s a special event”
It’s time for the age of collaborative defense
scalable “more than just a single team experiment”
Business as usual Managed Measured Controlled Universal Special Proof of concept Blue sky Experiment Innovation
How to: Continuous Security
Design Security Grooming, Security Personas and Threat Assessment
Key Concept 40 Security Persona Security personas identify the user motivations, expectations and goals responsible for driving bad behaviour, and bring users to life.
Three elements of security personas Resources Access to essentials including money, expertise and access Skill Ability to achieve their objective Motivation What drives this individual or group to act
Financial Egotistical Personal Political
Motivations give clues to attacker objectives Financial Steal money Steal things to sell for money Corporate espionage Extortion Insider trading
Name Narrative Motivation and objectives Skill Level Resources Attack plan
Threat Assessment S.T.R.I.D.E Spoofing Tampering Repudiation Information Disclosure Denial of Service Escalation of Privilege
▪ https://msdn.microsoft.com/en- us/library/ee823878(v=cs.20).aspx ▪ https://www.microsoft.com/en-us/sdl/
Code Peer Review, Linters, Static Analysis
verify and validate with OWASP ASVS “if you don’t validate it’s a fairy story”
Every story Every sprint Every developer Every time
Standard Security Stories http://safecode.org/publication/SAFECode_A gile_Dev_Security0712.pdf
▪ https://www.owasp.org/index.php/Category:OWASP_ Application_Security_Verification_Standard_Project ▪ http://safecode.org/publication/SAFECode_Agile_Dev _Security0712.pdf
Test BDD Security, Security Unit Tests
Security Testing “you created this … you are responsible for checking the basics”
▪ http://katrinatester.blogspot.com.au/2015/09/security- testing-pathway.html ▪ http://gauntlt.org/ & https://www.continuumsecurity.net/bdd-security/ ▪ https://www.owasp.org/index.php/OWASP_Testing_G uide_v4_Table_of_Contents
Build Dependency Checkers, VulnerabilityAssessment
Build Time Checks “Pre-flight checks…finding security issues before the internet since [insert date you start doing this]”
Warning Balancing you build time with security checks and assessments is hard. You will make people angry
▪ https://libraries.io/ ▪ https://www.owasp.org/index.php/OWASP_Dependen cy_Check
Deploy Configuration Review
Validate Regularly and Measure Welcome to the DevSecOps jungle Learn from those who came before you DevOps Defense Toolkit
▪ https://www.ssllabs.com/ ▪ https://github.com/docker/docker-bench-security ▪ https://s3-us-west- 2.amazonaws.com/images.itrevolution.com/documen ts/DevOps_Audit_Defense_Toolkit_v1.0.pdf
Maintain/Monitor Incident Response, Responsible Disclosure,
Dear <your company> I have discovered a critical vulnerability in your application. Do you pay rewards?
▪ http://standards.iso.org/ittf/PubliclyAvailableStandards /c045170_ISO_IEC_29147_2014.zip ▪ https://github.com/Netflix/SimianArmy/wiki/Chaos- Monkey ▪ https://hackerone.com/ ▪ https://bugcrowd.com/
Founder and Lead Consultant - SafeStack @lady_nerd laura@safestack.io http://safestack.io Questions?

Recommended

Red Team Operations: Attack and Think Like a Criminal
Red Team Operations: Attack and Think Like a CriminalRed Team Operations: Attack and Think Like a Criminal
Red Team Operations: Attack and Think Like a Criminal
Infosec
 
Defender economics
Defender economicsDefender economics
Defender economics
addelindh
 
Introduction to security testing
Introduction to security testingIntroduction to security testing
Introduction to security testing
Nagasahas DS
 
Continuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityContinuous security testing - sharing responsibility
Continuous security testing - sharing responsibility
VodqaBLR
 
Beating the 1:100 Odds with Team Design for Security @ Open Security Summit, ...
Beating the 1:100 Odds with Team Design for Security @ Open Security Summit, ...Beating the 1:100 Odds with Team Design for Security @ Open Security Summit, ...
Beating the 1:100 Odds with Team Design for Security @ Open Security Summit, ...
Manuel Pais
 
Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)
ENOInstitute
 
Threat Modeling: Report from the Trenches
Threat Modeling: Report from the TrenchesThreat Modeling: Report from the Trenches
Threat Modeling: Report from the Trenches
OWASP
 
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan MarcilOWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
Jonathan Marcil
 

Recommended

Red Team Operations: Attack and Think Like a Criminal
Red Team Operations: Attack and Think Like a CriminalRed Team Operations: Attack and Think Like a Criminal
Red Team Operations: Attack and Think Like a Criminal
Infosec
 
Defender economics
Defender economicsDefender economics
Defender economics
addelindh
 
Introduction to security testing
Introduction to security testingIntroduction to security testing
Introduction to security testing
Nagasahas DS
 
Continuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityContinuous security testing - sharing responsibility
Continuous security testing - sharing responsibility
VodqaBLR
 
Beating the 1:100 Odds with Team Design for Security @ Open Security Summit, ...
Beating the 1:100 Odds with Team Design for Security @ Open Security Summit, ...Beating the 1:100 Odds with Team Design for Security @ Open Security Summit, ...
Beating the 1:100 Odds with Team Design for Security @ Open Security Summit, ...
Manuel Pais
 
Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)
ENOInstitute
 
Threat Modeling: Report from the Trenches
Threat Modeling: Report from the TrenchesThreat Modeling: Report from the Trenches
Threat Modeling: Report from the Trenches
OWASP
 
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan MarcilOWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
Jonathan Marcil
 
What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
TEST Huddle
 
Secure Code Reviews
Secure Code ReviewsSecure Code Reviews
Secure Code ReviewsMarco Morana
 
Introduction to Threat Modeling
Introduction to Threat ModelingIntroduction to Threat Modeling
Introduction to Threat Modeling
InMobi Technology
 
Machine Learning in Malware Detection
Machine Learning in Malware DetectionMachine Learning in Malware Detection
Machine Learning in Malware Detection
Kaspersky
 
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea, Inc.
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling Everything
Anne Oikarinen
 
How I Learnt hacking in High School - BSidesLV - 2015
How I Learnt hacking in High School - BSidesLV - 2015How I Learnt hacking in High School - BSidesLV - 2015
How I Learnt hacking in High School - BSidesLV - 2015
lokeshpidawekar
 
Bug bounty
Bug bountyBug bounty
Bug bounty
n|u - The Open Security Community
 
Threat Modeling Lessons from Star Wars
Threat Modeling Lessons from Star WarsThreat Modeling Lessons from Star Wars
Threat Modeling Lessons from Star Wars
Adam Shostack
 
A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013 A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013
Sorina Chirilă
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Invincea, Inc.
 
Owasp2013 johannesullrich
Owasp2013 johannesullrichOwasp2013 johannesullrich
Owasp2013 johannesullrichdrewz lin
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
Ramin Farajpour Cami
 
Evolving challenges for modern enterprise architectures in the age of APIs
Evolving challenges for modern enterprise architectures in the age of APIsEvolving challenges for modern enterprise architectures in the age of APIs
Evolving challenges for modern enterprise architectures in the age of APIs
Dinis Cruz
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
Megha Sahu
 
Planning and Integrating Deception into Computer Security Defenses
Planning and Integrating Deception into Computer Security DefensesPlanning and Integrating Deception into Computer Security Defenses
Planning and Integrating Deception into Computer Security Defenses
Mohammed Almeshekah
 
Setup Your Personal Malware Lab
Setup Your Personal Malware LabSetup Your Personal Malware Lab
Setup Your Personal Malware Lab
Digit Oktavianto
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
 
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed
Rashid Khatmey
 
Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...
Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...
Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...Sherif Koussa
 
Laura Bell (SafeStack)
Laura Bell (SafeStack)Laura Bell (SafeStack)
Laura Bell (SafeStack)
AgileNZ Conference
 
The Principles of Secure Development - David Rook
The Principles of Secure Development - David RookThe Principles of Secure Development - David Rook
The Principles of Secure Development - David Rook
Security B-Sides
 

More Related Content

What's hot

What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
TEST Huddle
 
Secure Code Reviews
Secure Code ReviewsSecure Code Reviews
Secure Code ReviewsMarco Morana
 
Introduction to Threat Modeling
Introduction to Threat ModelingIntroduction to Threat Modeling
Introduction to Threat Modeling
InMobi Technology
 
Machine Learning in Malware Detection
Machine Learning in Malware DetectionMachine Learning in Malware Detection
Machine Learning in Malware Detection
Kaspersky
 
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea, Inc.
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling Everything
Anne Oikarinen
 
How I Learnt hacking in High School - BSidesLV - 2015
How I Learnt hacking in High School - BSidesLV - 2015How I Learnt hacking in High School - BSidesLV - 2015
How I Learnt hacking in High School - BSidesLV - 2015
lokeshpidawekar
 
Threat Modeling Lessons from Star Wars
Threat Modeling Lessons from Star WarsThreat Modeling Lessons from Star Wars
Threat Modeling Lessons from Star Wars
Adam Shostack
 
A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013 A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013
Sorina Chirilă
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Invincea, Inc.
 
Owasp2013 johannesullrich
Owasp2013 johannesullrichOwasp2013 johannesullrich
Owasp2013 johannesullrichdrewz lin
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
Ramin Farajpour Cami
 
Evolving challenges for modern enterprise architectures in the age of APIs
Evolving challenges for modern enterprise architectures in the age of APIsEvolving challenges for modern enterprise architectures in the age of APIs
Evolving challenges for modern enterprise architectures in the age of APIs
Dinis Cruz
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
Megha Sahu
 
Planning and Integrating Deception into Computer Security Defenses
Planning and Integrating Deception into Computer Security DefensesPlanning and Integrating Deception into Computer Security Defenses
Planning and Integrating Deception into Computer Security Defenses
Mohammed Almeshekah
 
Setup Your Personal Malware Lab
Setup Your Personal Malware LabSetup Your Personal Malware Lab
Setup Your Personal Malware Lab
Digit Oktavianto
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
 
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed
Rashid Khatmey
 
Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...
Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...
Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...Sherif Koussa
 

What's hot (20)

What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
 
Secure Code Reviews
Secure Code ReviewsSecure Code Reviews
Secure Code Reviews
 
Introduction to Threat Modeling
Introduction to Threat ModelingIntroduction to Threat Modeling
Introduction to Threat Modeling
 
Machine Learning in Malware Detection
Machine Learning in Malware DetectionMachine Learning in Malware Detection
Machine Learning in Malware Detection
 
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling Everything
 
How I Learnt hacking in High School - BSidesLV - 2015
How I Learnt hacking in High School - BSidesLV - 2015How I Learnt hacking in High School - BSidesLV - 2015
How I Learnt hacking in High School - BSidesLV - 2015
 
Bug bounty
Bug bountyBug bounty
Bug bounty
 
Threat Modeling Lessons from Star Wars
Threat Modeling Lessons from Star WarsThreat Modeling Lessons from Star Wars
Threat Modeling Lessons from Star Wars
 
A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013 A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
 
Owasp2013 johannesullrich
Owasp2013 johannesullrichOwasp2013 johannesullrich
Owasp2013 johannesullrich
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
 
Evolving challenges for modern enterprise architectures in the age of APIs
Evolving challenges for modern enterprise architectures in the age of APIsEvolving challenges for modern enterprise architectures in the age of APIs
Evolving challenges for modern enterprise architectures in the age of APIs
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
 
Planning and Integrating Deception into Computer Security Defenses
Planning and Integrating Deception into Computer Security DefensesPlanning and Integrating Deception into Computer Security Defenses
Planning and Integrating Deception into Computer Security Defenses
 
Setup Your Personal Malware Lab
Setup Your Personal Malware LabSetup Your Personal Malware Lab
Setup Your Personal Malware Lab
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed
 
Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...
Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...
Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...
 

Similar to Continuous Security - NDC Sydney 2017

Laura Bell (SafeStack)
Laura Bell (SafeStack)Laura Bell (SafeStack)
Laura Bell (SafeStack)
AgileNZ Conference
 
The Principles of Secure Development - David Rook
The Principles of Secure Development - David RookThe Principles of Secure Development - David Rook
The Principles of Secure Development - David Rook
Security B-Sides
 
Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment Services
Chris Nickerson
 
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
SeniorStoryteller
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work together
Wendy Knox Everette
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
Cybersecurity career options & Getting started
Cybersecurity career options & Getting started Cybersecurity career options & Getting started
Cybersecurity career options & Getting started
Balaji Rajasekaran
 
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?
Izar Tarandach
 
Break it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareBreak it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareLeigh Honeywell
 
The Principles of Secure Development - BSides Las Vegas 2009
The Principles of Secure Development - BSides Las Vegas 2009The Principles of Secure Development - BSides Las Vegas 2009
The Principles of Secure Development - BSides Las Vegas 2009
Security Ninja
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
baoyin
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Mark Simos
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
 
Threat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutThreat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert Hurlbut
DevSecCon
 
How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)
How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)
How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)
Vladimir Kochetkov
 
Securing the “Weakest Link”
Securing the “Weakest Link”Securing the “Weakest Link”
Securing the “Weakest Link”
Priyanka Aash
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
Chris Gates
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMarco Morana
 
STRIDE: Digging Vulnerability by Threat Modelling
STRIDE: Digging Vulnerability by Threat ModellingSTRIDE: Digging Vulnerability by Threat Modelling
STRIDE: Digging Vulnerability by Threat Modelling
Mohammad Febri
 
Identifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteIdentifying a Compromised WordPress Site
Identifying a Compromised WordPress Site
Chris Burgess
 

Similar to Continuous Security - NDC Sydney 2017 (20)

Laura Bell (SafeStack)
Laura Bell (SafeStack)Laura Bell (SafeStack)
Laura Bell (SafeStack)
 
The Principles of Secure Development - David Rook
The Principles of Secure Development - David RookThe Principles of Secure Development - David Rook
The Principles of Secure Development - David Rook
 
Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment Services
 
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work together
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
Cybersecurity career options & Getting started
Cybersecurity career options & Getting started Cybersecurity career options & Getting started
Cybersecurity career options & Getting started
 
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?
 
Break it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareBreak it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure software
 
The Principles of Secure Development - BSides Las Vegas 2009
The Principles of Secure Development - BSides Las Vegas 2009The Principles of Secure Development - BSides Las Vegas 2009
The Principles of Secure Development - BSides Las Vegas 2009
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
 
Threat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutThreat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert Hurlbut
 
How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)
How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)
How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)
 
Securing the “Weakest Link”
Securing the “Weakest Link”Securing the “Weakest Link”
Securing the “Weakest Link”
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
STRIDE: Digging Vulnerability by Threat Modelling
STRIDE: Digging Vulnerability by Threat ModellingSTRIDE: Digging Vulnerability by Threat Modelling
STRIDE: Digging Vulnerability by Threat Modelling
 
Identifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteIdentifying a Compromised WordPress Site
Identifying a Compromised WordPress Site
 

Recently uploaded

0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
OWASP Beja
 
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdfSupercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Access Innovations, Inc.
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Orkestra
 
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Sebastiano Panichella
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
Vladimir Samoylov
 
María Carolina Martínez - eCommerce Day Colombia 2024
María Carolina Martínez - eCommerce Day Colombia 2024María Carolina Martínez - eCommerce Day Colombia 2024
María Carolina Martínez - eCommerce Day Colombia 2024
eCommerce Institute
 
International Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software TestingInternational Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software Testing
Sebastiano Panichella
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
Access Innovations, Inc.
 
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdfBonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
khadija278284
 
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptxsomanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
Howard Spence
 
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
OECD Directorate for Financial and Enterprise Affairs
 
Obesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditionsObesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditions
Faculty of Medicine And Health Sciences
 
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Sebastiano Panichella
 
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXOBitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Matjaž Lipuš
 
Media as a Mind Controlling Strategy In Old and Modern Era
Media as a Mind Controlling Strategy In Old and Modern EraMedia as a Mind Controlling Strategy In Old and Modern Era
Media as a Mind Controlling Strategy In Old and Modern Era
faizulhassanfaiz1670
 
Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
IP ServerOne
 

Recently uploaded (16)

0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
 
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdfSupercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
 
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
 
María Carolina Martínez - eCommerce Day Colombia 2024
María Carolina Martínez - eCommerce Day Colombia 2024María Carolina Martínez - eCommerce Day Colombia 2024
María Carolina Martínez - eCommerce Day Colombia 2024
 
International Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software TestingInternational Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software Testing
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
 
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdfBonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
 
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptxsomanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
 
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
 
Obesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditionsObesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditions
 
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
 
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXOBitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXO
 
Media as a Mind Controlling Strategy In Old and Modern Era
Media as a Mind Controlling Strategy In Old and Modern EraMedia as a Mind Controlling Strategy In Old and Modern Era
Media as a Mind Controlling Strategy In Old and Modern Era
 
Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
 

Continuous Security - NDC Sydney 2017