SlideShare a Scribd company logo

Snyk: So Now You Know

Ed Sim
Ed Sim

Snyk short investor deck, late 2015

Technology
1 of 8
Download to read offline
Snyk Web Security for Developers
Snyk: So Now You Know • Developer Oriented Web Security Tools • Application Security Monitoring & Prevention • Based on code instrumentation & machine learning • Product per threat: 3rd party, AppSec, privacy… • “New Relic for Security”
Developers Must & Will 
 Own Security • Coders outnumber security people by est. 50-100x • In many cases (esp. small companies) security teams do not exist at all • Security tools/vendors extremely not dev friendly • Compare any Dev/Ops Tools companies to Security Tools companies… • Security tools operate outside the app • Whitelist policies are so hard to maintain they’re oft unused or too open • Insight based on perimeter (eg HTTP, logs), app logic reverse-engineered
Why Now • Problem Is Getting Worse • Dev velocity is increasing, making security audit “gates” not viable • Infra/Host Security is now owned by dev/ops, and is poorly handled • Unchecked Third Party code & domains account for >90% of application • Developers are ready to take on Security • Increasingly writing Operable Software (via DevOps) • Security increasingly discussed in dev forums • Increasingly empowered to drive decisions (“The New Kingmakers”)
Snyk: Developer Oriented 
 Security Tools Company • Modeled after Dev-Friendly companies • New Relic, Github, Heroku, PagerDuty, Travis CI, Fastly… • Marketing Dev Relations & Community Participation • Sales Team “Pull” Model (self-serve try, use, buy) • Security Events Developer Events • High Entry Price Free & Scaling Prices
Third Party Code: 
 A Massive Security Problem • Most of the code in today’s web apps is 3rd party • Backend Modules, Front-end domains, Underlying host software… • Third Party Code is vulnerable too & often not tested • Only 41% of reported vulns in open source are fixed, MTTR is 390 days • Inventorying modules is hard; auditing is infeasible • 3P domains are loaded dynamically, never tracked • And may be vulnerable, or malicious (e.g. malvertisements)
Founders • Guy Podjarny Cyber work in Israel @ IDF (8200); Developed first WAF (AppShield) @Sanctum; created & led market leading DAST & SAST tools (AppScan) as Chief architect @Watchfire (sold to IBM), ; Founded Web Perf startup Blaze; sold to Akamai; CTO @Akamai for 3 years; ~18 patents in Security & Performance; Known speaker/blogger; Startup Investor/advisor • Danny Grander CTO & Security Research Manager at Gita (acquired by Verint), a government/military cyber vendor; Lead dev in Collactive (social ranking startup) & Skybox (Security tools startup); Cyber work @ IDF (8200). • Assaf Hefetz Led innovation group at Supercom, a digital identity company, including tech side of M&A activity; Researcher & developer in Skycure, a mobile security company; 6 years of Cyber work at Israeli Prime Minister Office (PMO); Completed his Computer Science degree at the age of 18.
Market Size • Markets • Web Security: $2.5B, 5.7% CAGR • SaaS portion: $600M, 10.8% CAGR • App Vuln Assessment: $838M, 16.6% CAGR • Automated SW Quality: $1B, 14.9% CAGR • Comparable Companies Valuations • APM: New Relic: $1.6B, AppDynamics >$1B • WAF: Imperva: $2.1B Source: IDC, 2018 Predictions

Recommended

Sendgrid pitch deck
Sendgrid pitch deckSendgrid pitch deck
Sendgrid pitch deckDavid Cohen
 
AppNexus' First Pitch Deck
AppNexus' First Pitch DeckAppNexus' First Pitch Deck
AppNexus' First Pitch DeckCamille Ricketts
 
MySQL fundraising pitch deck ($16 million Series B round - 2003)
MySQL fundraising pitch deck ($16 million Series B round - 2003)MySQL fundraising pitch deck ($16 million Series B round - 2003)
MySQL fundraising pitch deck ($16 million Series B round - 2003)Robin Wauters
 
Yammer Pitch Deck
Yammer Pitch DeckYammer Pitch Deck
Yammer Pitch DeckVishal Kumar
 
Simple. Friendly. Smart.
Simple. Friendly. Smart. Simple. Friendly. Smart.
Simple. Friendly. Smart. Oscar Health Insurance
 
Transferwise: €56K VC investment turned into $3.5B. Transferwise's initial pi...
Transferwise: €56K VC investment turned into $3.5B. Transferwise's initial pi...Transferwise: €56K VC investment turned into $3.5B. Transferwise's initial pi...
Transferwise: €56K VC investment turned into $3.5B. Transferwise's initial pi...AA BB
 
Pendo Series B Investor Deck External
Pendo Series B Investor Deck ExternalPendo Series B Investor Deck External
Pendo Series B Investor Deck ExternalTodd Olson
 
Shopify Investor Deck January 2016
Shopify Investor Deck January 2016Shopify Investor Deck January 2016
Shopify Investor Deck January 2016shopifyInvestors
 

Recommended

Sendgrid pitch deck
Sendgrid pitch deckSendgrid pitch deck
Sendgrid pitch deckDavid Cohen
 
AppNexus' First Pitch Deck
AppNexus' First Pitch DeckAppNexus' First Pitch Deck
AppNexus' First Pitch DeckCamille Ricketts
 
MySQL fundraising pitch deck ($16 million Series B round - 2003)
MySQL fundraising pitch deck ($16 million Series B round - 2003)MySQL fundraising pitch deck ($16 million Series B round - 2003)
MySQL fundraising pitch deck ($16 million Series B round - 2003)Robin Wauters
 
Yammer Pitch Deck
Yammer Pitch DeckYammer Pitch Deck
Yammer Pitch DeckVishal Kumar
 
Simple. Friendly. Smart.
Simple. Friendly. Smart. Simple. Friendly. Smart.
Simple. Friendly. Smart. Oscar Health Insurance
 
Transferwise: €56K VC investment turned into $3.5B. Transferwise's initial pi...
Transferwise: €56K VC investment turned into $3.5B. Transferwise's initial pi...Transferwise: €56K VC investment turned into $3.5B. Transferwise's initial pi...
Transferwise: €56K VC investment turned into $3.5B. Transferwise's initial pi...AA BB
 
Pendo Series B Investor Deck External
Pendo Series B Investor Deck ExternalPendo Series B Investor Deck External
Pendo Series B Investor Deck ExternalTodd Olson
 
Shopify Investor Deck January 2016
Shopify Investor Deck January 2016Shopify Investor Deck January 2016
Shopify Investor Deck January 2016shopifyInvestors
 
Mixpanel - Our pitch deck that we used to raise $65M
Mixpanel - Our pitch deck that we used to raise $65MMixpanel - Our pitch deck that we used to raise $65M
Mixpanel - Our pitch deck that we used to raise $65MSuhail Doshi
 
Fivetran pitch deck
Fivetran pitch deckFivetran pitch deck
Fivetran pitch deckTech in Asia
 
Yalochat - 500 Miami Demo Day
Yalochat - 500 Miami Demo DayYalochat - 500 Miami Demo Day
Yalochat - 500 Miami Demo Day500 Startups
 
Tinder Pitch Deck
Tinder Pitch DeckTinder Pitch Deck
Tinder Pitch DeckRyan Gum
 
Monzo: £19.3M VC investment turned into $2B. Monzo's Series C pitch deck
Monzo: £19.3M VC investment turned into $2B. Monzo's Series C pitch deckMonzo: £19.3M VC investment turned into $2B. Monzo's Series C pitch deck
Monzo: £19.3M VC investment turned into $2B. Monzo's Series C pitch deckAA BB
 
WeWork Pitch Deck 2014
WeWork Pitch Deck 2014WeWork Pitch Deck 2014
WeWork Pitch Deck 2014startuphome
 
How Wealthsimple raised $2M in 2 weeks
How Wealthsimple raised $2M in 2 weeksHow Wealthsimple raised $2M in 2 weeks
How Wealthsimple raised $2M in 2 weeksWealthsimple
 
Foursquare's 1st Pitch Deck
Foursquare's 1st Pitch DeckFoursquare's 1st Pitch Deck
Foursquare's 1st Pitch DeckRami Al-Karmi
 
LaunchRock
LaunchRockLaunchRock
LaunchRock500 Startups
 
Dropbox: $15K VC investment turned into $16.8B. Dropbox's initial pitch deck
Dropbox: $15K VC investment turned into $16.8B. Dropbox's initial pitch deckDropbox: $15K VC investment turned into $16.8B. Dropbox's initial pitch deck
Dropbox: $15K VC investment turned into $16.8B. Dropbox's initial pitch deckAA BB
 
WeWork Series D Pitch Deck ($355M Raised)
WeWork Series D Pitch Deck ($355M Raised)WeWork Series D Pitch Deck ($355M Raised)
WeWork Series D Pitch Deck ($355M Raised)startuphome
 
The Deck We Used to Raise $1M Seed Round
The Deck We Used to Raise $1M Seed RoundThe Deck We Used to Raise $1M Seed Round
The Deck We Used to Raise $1M Seed RoundBen Lang
 
Pitch Deck Teardown: Wilco's $7 million Seed deck
Pitch Deck Teardown: Wilco's $7 million Seed deckPitch Deck Teardown: Wilco's $7 million Seed deck
Pitch Deck Teardown: Wilco's $7 million Seed deckHajeJanKamps
 
Brex Pitch Deck
Brex Pitch DeckBrex Pitch Deck
Brex Pitch DeckPitch Decks
 
Intercom's first pitch deck!
Intercom's first pitch deck!Intercom's first pitch deck!
Intercom's first pitch deck!Eoghan McCabe
 
Mattermark 2nd (Final) Series A Deck
Mattermark 2nd (Final) Series A DeckMattermark 2nd (Final) Series A Deck
Mattermark 2nd (Final) Series A DeckDanielle Morrill
 
Manpacks
ManpacksManpacks
Manpacks500 Startups
 
Coinbase Pitch Deck designed by Zlides
Coinbase Pitch Deck designed by ZlidesCoinbase Pitch Deck designed by Zlides
Coinbase Pitch Deck designed by ZlidesZlides
 
BuzzFeed Pitch Deck
BuzzFeed Pitch DeckBuzzFeed Pitch Deck
BuzzFeed Pitch DeckTech in Asia ID
 
Contently Pitch Deck
Contently Pitch DeckContently Pitch Deck
Contently Pitch DeckRyan Gum
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 

More Related Content

What's hot

Mixpanel - Our pitch deck that we used to raise $65M
Mixpanel - Our pitch deck that we used to raise $65MMixpanel - Our pitch deck that we used to raise $65M
Mixpanel - Our pitch deck that we used to raise $65MSuhail Doshi
 
Fivetran pitch deck
Fivetran pitch deckFivetran pitch deck
Fivetran pitch deckTech in Asia
 
Yalochat - 500 Miami Demo Day
Yalochat - 500 Miami Demo DayYalochat - 500 Miami Demo Day
Yalochat - 500 Miami Demo Day500 Startups
 
Tinder Pitch Deck
Tinder Pitch DeckTinder Pitch Deck
Tinder Pitch DeckRyan Gum
 
Monzo: £19.3M VC investment turned into $2B. Monzo's Series C pitch deck
Monzo: £19.3M VC investment turned into $2B. Monzo's Series C pitch deckMonzo: £19.3M VC investment turned into $2B. Monzo's Series C pitch deck
Monzo: £19.3M VC investment turned into $2B. Monzo's Series C pitch deckAA BB
 
WeWork Pitch Deck 2014
WeWork Pitch Deck 2014WeWork Pitch Deck 2014
WeWork Pitch Deck 2014startuphome
 
How Wealthsimple raised $2M in 2 weeks
How Wealthsimple raised $2M in 2 weeksHow Wealthsimple raised $2M in 2 weeks
How Wealthsimple raised $2M in 2 weeksWealthsimple
 
Foursquare's 1st Pitch Deck
Foursquare's 1st Pitch DeckFoursquare's 1st Pitch Deck
Foursquare's 1st Pitch DeckRami Al-Karmi
 
Dropbox: $15K VC investment turned into $16.8B. Dropbox's initial pitch deck
Dropbox: $15K VC investment turned into $16.8B. Dropbox's initial pitch deckDropbox: $15K VC investment turned into $16.8B. Dropbox's initial pitch deck
Dropbox: $15K VC investment turned into $16.8B. Dropbox's initial pitch deckAA BB
 
WeWork Series D Pitch Deck ($355M Raised)
WeWork Series D Pitch Deck ($355M Raised)WeWork Series D Pitch Deck ($355M Raised)
WeWork Series D Pitch Deck ($355M Raised)startuphome
 
The Deck We Used to Raise $1M Seed Round
The Deck We Used to Raise $1M Seed RoundThe Deck We Used to Raise $1M Seed Round
The Deck We Used to Raise $1M Seed RoundBen Lang
 
Pitch Deck Teardown: Wilco's $7 million Seed deck
Pitch Deck Teardown: Wilco's $7 million Seed deckPitch Deck Teardown: Wilco's $7 million Seed deck
Pitch Deck Teardown: Wilco's $7 million Seed deckHajeJanKamps
 
Intercom's first pitch deck!
Intercom's first pitch deck!Intercom's first pitch deck!
Intercom's first pitch deck!Eoghan McCabe
 
Mattermark 2nd (Final) Series A Deck
Mattermark 2nd (Final) Series A DeckMattermark 2nd (Final) Series A Deck
Mattermark 2nd (Final) Series A DeckDanielle Morrill
 
Coinbase Pitch Deck designed by Zlides
Coinbase Pitch Deck designed by ZlidesCoinbase Pitch Deck designed by Zlides
Coinbase Pitch Deck designed by ZlidesZlides
 
Contently Pitch Deck
Contently Pitch DeckContently Pitch Deck
Contently Pitch DeckRyan Gum
 

What's hot (20)

Mixpanel - Our pitch deck that we used to raise $65M
Mixpanel - Our pitch deck that we used to raise $65MMixpanel - Our pitch deck that we used to raise $65M
Mixpanel - Our pitch deck that we used to raise $65M
 
Fivetran pitch deck
Fivetran pitch deckFivetran pitch deck
Fivetran pitch deck
 
Yalochat - 500 Miami Demo Day
Yalochat - 500 Miami Demo DayYalochat - 500 Miami Demo Day
Yalochat - 500 Miami Demo Day
 
Tinder Pitch Deck
Tinder Pitch DeckTinder Pitch Deck
Tinder Pitch Deck
 
Monzo: £19.3M VC investment turned into $2B. Monzo's Series C pitch deck
Monzo: £19.3M VC investment turned into $2B. Monzo's Series C pitch deckMonzo: £19.3M VC investment turned into $2B. Monzo's Series C pitch deck
Monzo: £19.3M VC investment turned into $2B. Monzo's Series C pitch deck
 
WeWork Pitch Deck 2014
WeWork Pitch Deck 2014WeWork Pitch Deck 2014
WeWork Pitch Deck 2014
 
How Wealthsimple raised $2M in 2 weeks
How Wealthsimple raised $2M in 2 weeksHow Wealthsimple raised $2M in 2 weeks
How Wealthsimple raised $2M in 2 weeks
 
Foursquare's 1st Pitch Deck
Foursquare's 1st Pitch DeckFoursquare's 1st Pitch Deck
Foursquare's 1st Pitch Deck
 
LaunchRock
LaunchRockLaunchRock
LaunchRock
 
Dropbox: $15K VC investment turned into $16.8B. Dropbox's initial pitch deck
Dropbox: $15K VC investment turned into $16.8B. Dropbox's initial pitch deckDropbox: $15K VC investment turned into $16.8B. Dropbox's initial pitch deck
Dropbox: $15K VC investment turned into $16.8B. Dropbox's initial pitch deck
 
WeWork Series D Pitch Deck ($355M Raised)
WeWork Series D Pitch Deck ($355M Raised)WeWork Series D Pitch Deck ($355M Raised)
WeWork Series D Pitch Deck ($355M Raised)
 
The Deck We Used to Raise $1M Seed Round
The Deck We Used to Raise $1M Seed RoundThe Deck We Used to Raise $1M Seed Round
The Deck We Used to Raise $1M Seed Round
 
Pitch Deck Teardown: Wilco's $7 million Seed deck
Pitch Deck Teardown: Wilco's $7 million Seed deckPitch Deck Teardown: Wilco's $7 million Seed deck
Pitch Deck Teardown: Wilco's $7 million Seed deck
 
Brex Pitch Deck
Brex Pitch DeckBrex Pitch Deck
Brex Pitch Deck
 
Intercom's first pitch deck!
Intercom's first pitch deck!Intercom's first pitch deck!
Intercom's first pitch deck!
 
Mattermark 2nd (Final) Series A Deck
Mattermark 2nd (Final) Series A DeckMattermark 2nd (Final) Series A Deck
Mattermark 2nd (Final) Series A Deck
 
Manpacks
ManpacksManpacks
Manpacks
 
Coinbase Pitch Deck designed by Zlides
Coinbase Pitch Deck designed by ZlidesCoinbase Pitch Deck designed by Zlides
Coinbase Pitch Deck designed by Zlides
 
BuzzFeed Pitch Deck
BuzzFeed Pitch DeckBuzzFeed Pitch Deck
BuzzFeed Pitch Deck
 
Contently Pitch Deck
Contently Pitch DeckContently Pitch Deck
Contently Pitch Deck
 

Similar to Snyk: So Now You Know

For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Collaborative security : Securing open source software
Collaborative security : Securing open source softwareCollaborative security : Securing open source software
Collaborative security : Securing open source softwarePriyanka Aash
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Security and Software Engineering BSides St. John's 2017
Security and Software Engineering BSides St. John's 2017Security and Software Engineering BSides St. John's 2017
Security and Software Engineering BSides St. John's 2017Peter Rawsthorne
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
 
Hacker vs Tools: Which to Choose?
Hacker vs Tools: Which to Choose?Hacker vs Tools: Which to Choose?
Hacker vs Tools: Which to Choose?Security Innovation
 
Perforce on Tour 2015 - How are You Protecting Your Source Code?
Perforce on Tour 2015 - How are You Protecting Your Source Code?Perforce on Tour 2015 - How are You Protecting Your Source Code?
Perforce on Tour 2015 - How are You Protecting Your Source Code?Perforce
 
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Teemu Tiainen
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacksAppSense
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam
 
Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Alexey Dremin
 
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeOpen DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeEmerasoft, solutions to collaborate
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applicationsmgianarakis
 

Similar to Snyk: So Now You Know (20)

For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Tools
 
Collaborative security : Securing open source software
Collaborative security : Securing open source softwareCollaborative security : Securing open source software
Collaborative security : Securing open source software
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Security and Software Engineering BSides St. John's 2017
Security and Software Engineering BSides St. John's 2017Security and Software Engineering BSides St. John's 2017
Security and Software Engineering BSides St. John's 2017
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
 
Hacker vs tools
Hacker vs toolsHacker vs tools
Hacker vs tools
 
Hacker vs Tools: Which to Choose?
Hacker vs Tools: Which to Choose?Hacker vs Tools: Which to Choose?
Hacker vs Tools: Which to Choose?
 
Perforce on Tour 2015 - How are You Protecting Your Source Code?
Perforce on Tour 2015 - How are You Protecting Your Source Code?Perforce on Tour 2015 - How are You Protecting Your Source Code?
Perforce on Tour 2015 - How are You Protecting Your Source Code?
 
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9
 
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeOpen DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
 

Recently uploaded

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 

Recently uploaded (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 

Snyk: So Now You Know

  • 2. Snyk: So Now You Know • Developer Oriented Web Security Tools • Application Security Monitoring & Prevention • Based on code instrumentation & machine learning • Product per threat: 3rd party, AppSec, privacy… • “New Relic for Security”
  • 3. Developers Must & Will 
 Own Security • Coders outnumber security people by est. 50-100x • In many cases (esp. small companies) security teams do not exist at all • Security tools/vendors extremely not dev friendly • Compare any Dev/Ops Tools companies to Security Tools companies… • Security tools operate outside the app • Whitelist policies are so hard to maintain they’re oft unused or too open • Insight based on perimeter (eg HTTP, logs), app logic reverse-engineered
  • 4. Why Now • Problem Is Getting Worse • Dev velocity is increasing, making security audit “gates” not viable • Infra/Host Security is now owned by dev/ops, and is poorly handled • Unchecked Third Party code & domains account for >90% of application • Developers are ready to take on Security • Increasingly writing Operable Software (via DevOps) • Security increasingly discussed in dev forums • Increasingly empowered to drive decisions (“The New Kingmakers”)
  • 5. Snyk: Developer Oriented 
 Security Tools Company • Modeled after Dev-Friendly companies • New Relic, Github, Heroku, PagerDuty, Travis CI, Fastly… • Marketing Dev Relations & Community Participation • Sales Team “Pull” Model (self-serve try, use, buy) • Security Events Developer Events • High Entry Price Free & Scaling Prices
  • 6. Third Party Code: 
 A Massive Security Problem • Most of the code in today’s web apps is 3rd party • Backend Modules, Front-end domains, Underlying host software… • Third Party Code is vulnerable too & often not tested • Only 41% of reported vulns in open source are fixed, MTTR is 390 days • Inventorying modules is hard; auditing is infeasible • 3P domains are loaded dynamically, never tracked • And may be vulnerable, or malicious (e.g. malvertisements)
  • 7. Founders • Guy Podjarny Cyber work in Israel @ IDF (8200); Developed first WAF (AppShield) @Sanctum; created & led market leading DAST & SAST tools (AppScan) as Chief architect @Watchfire (sold to IBM), ; Founded Web Perf startup Blaze; sold to Akamai; CTO @Akamai for 3 years; ~18 patents in Security & Performance; Known speaker/blogger; Startup Investor/advisor • Danny Grander CTO & Security Research Manager at Gita (acquired by Verint), a government/military cyber vendor; Lead dev in Collactive (social ranking startup) & Skybox (Security tools startup); Cyber work @ IDF (8200). • Assaf Hefetz Led innovation group at Supercom, a digital identity company, including tech side of M&A activity; Researcher & developer in Skycure, a mobile security company; 6 years of Cyber work at Israeli Prime Minister Office (PMO); Completed his Computer Science degree at the age of 18.
  • 8. Market Size • Markets • Web Security: $2.5B, 5.7% CAGR • SaaS portion: $600M, 10.8% CAGR • App Vuln Assessment: $838M, 16.6% CAGR • Automated SW Quality: $1B, 14.9% CAGR • Comparable Companies Valuations • APM: New Relic: $1.6B, AppDynamics >$1B • WAF: Imperva: $2.1B Source: IDC, 2018 Predictions