+ - 0:00:00
Notes for current slide
Notes for next slide

Security

Cyber Security, IT Security, Software Security

1 / 9

Humans Can't Be Trusted

2 / 9

Humans Can't Be Trusted

  • Super intelligent robots haven't taken over yet
2 / 9

Humans Can't Be Trusted

  • Super intelligent robots haven't taken over yet
  • Humans are the weakest link in any system
2 / 9

Humans Can't Be Trusted

  • Super intelligent robots haven't taken over yet
  • Humans are the weakest link in any system
  • We need to protect our sytems from ourselves
2 / 9

Effective Security Culture

3 / 9

Effective Security Culture

  • Security belongs to EVERYONE
3 / 9

Effective Security Culture

  • Security belongs to EVERYONE
  • Security is not just a department, team, or a buzzword
3 / 9

Effective Security Culture

  • Security belongs to EVERYONE
  • Security is not just a department, team, or a buzzword
  • Security is part of: design, programming, testing, operations, management, users
3 / 9

Effective Security Culture P2

4 / 9

Effective Security Culture P2

  • Security is active and continous, not a one time event
4 / 9

Effective Security Culture P2

  • Security is active and continous, not a one time event
  • Security is a documented part of your organization, team, process
4 / 9

Effective Security Culture P2

  • Security is active and continous, not a one time event
  • Security is a documented part of your organization, team, process
  • Your security processes are routinely updated by frequent audits
4 / 9

Awareness is Key

5 / 9

Awareness is Key

  • You must be ever vigilent!
5 / 9

Awareness is Key

  • You must be ever vigilent!
  • You have to keep up to date with:
5 / 9

Awareness is Key

  • You must be ever vigilent!
  • You have to keep up to date with:
    • Documented vulnerabilities in your dependencies (maven, npm)
5 / 9

Awareness is Key

  • You must be ever vigilent!

  • You have to keep up to date with:

    • Documented vulnerabilities in your dependencies (maven, npm)

    • Software and OS updates

5 / 9

Awareness is Key

  • You must be ever vigilent!

  • You have to keep up to date with:

    • Documented vulnerabilities in your dependencies (maven, npm)

    • Software and OS updates

    • Your system status by monitoring logs

5 / 9

Vulnerabilities

6 / 9

Vulnerabilities

6 / 9

Vulnerabilities

6 / 9

Vulnerabilities

  • OWASP Top 10
  • Injection
  • Impersonating a different user/role
6 / 9

Vulnerabilities

  • OWASP Top 10
  • Injection
  • Impersonating a different user/role
  • Accessing data without being authorized (avoiding login)
6 / 9

Vulnerabilities

  • OWASP Top 10
  • Injection
  • Impersonating a different user/role
  • Accessing data without being authorized (avoiding login)
  • Causing Errors to expose data/server info
6 / 9

Vulnerabilities P2

7 / 9

Vulnerabilities P2

  • Old versions of software/dependencies that have known exploits
7 / 9

Vulnerabilities P2

  • Old versions of software/dependencies that have known exploits
  • Infiltrating the network/server
7 / 9

Vulnerabilities P2

  • Old versions of software/dependencies that have known exploits
  • Infiltrating the network/server
    • Open ports
7 / 9

Vulnerabilities P2

  • Old versions of software/dependencies that have known exploits

  • Infiltrating the network/server

    • Open ports

    • Not behind firewall

7 / 9

Vulnerabilities P2

  • Old versions of software/dependencies that have known exploits

  • Infiltrating the network/server

    • Open ports

    • Not behind firewall

    • Exploiting default security settings

7 / 9

Vulnerabilities P2

  • Old versions of software/dependencies that have known exploits

  • Infiltrating the network/server

    • Open ports

    • Not behind firewall

    • Exploiting default security settings

    • Compromised software on the server

7 / 9

Secure Traits

8 / 9

Secure Traits

  • Culture that emphasizes, implements, and updates it's security processes
8 / 9

Secure Traits

  • Culture that emphasizes, implements, and updates it's security processes
  • Code scanning tools (Active and Static tools)
8 / 9

Secure Traits

  • Culture that emphasizes, implements, and updates it's security processes
  • Code scanning tools (Active and Static tools)
  • Software update plans/schedules (avoid unsupported versions)
8 / 9

Secure Traits

  • Culture that emphasizes, implements, and updates it's security processes
  • Code scanning tools (Active and Static tools)
  • Software update plans/schedules (avoid unsupported versions)
  • Safer programming practices
8 / 9

Secure Traits

  • Culture that emphasizes, implements, and updates it's security processes
  • Code scanning tools (Active and Static tools)
  • Software update plans/schedules (avoid unsupported versions)
  • Safer programming practices
  • Safer server and network configurations
8 / 9

Secure Traits

  • Culture that emphasizes, implements, and updates it's security processes
  • Code scanning tools (Active and Static tools)
  • Software update plans/schedules (avoid unsupported versions)
  • Safer programming practices
  • Safer server and network configurations
  • Organization/users informed of and following security measures
8 / 9

Secure Traits

  • Culture that emphasizes, implements, and updates it's security processes
  • Code scanning tools (Active and Static tools)
  • Software update plans/schedules (avoid unsupported versions)
  • Safer programming practices
  • Safer server and network configurations
  • Organization/users informed of and following security measures
  • Verfication by an outside organization
8 / 9

Security is a Struggle

9 / 9

Security is a Struggle

  • It only takes one weakness, one miss step to have an incident
9 / 9

Security is a Struggle

  • It only takes one weakness, one miss step to have an incident
  • For example your application is only as secure as the weakest password in your organization... P@ssw0rd1234567890
9 / 9

Security is a Struggle

  • It only takes one weakness, one miss step to have an incident
  • For example your application is only as secure as the weakest password in your organization... P@ssw0rd1234567890
  • Stay up to date, follow industry guidelines, and implement them as team
9 / 9

Security is a Struggle

  • It only takes one weakness, one miss step to have an incident
  • For example your application is only as secure as the weakest password in your organization... P@ssw0rd1234567890
  • Stay up to date, follow industry guidelines, and implement them as team
  • HOORAY Security!
9 / 9

Humans Can't Be Trusted

2 / 9
Paused

Help

Keyboard shortcuts

, , Pg Up, k Go to previous slide
, , Pg Dn, Space, j Go to next slide
Home Go to first slide
End Go to last slide
b / m / f Toggle blackout / mirrored / fullscreen mode
c Clone slideshow
p Toggle presenter mode
t Restart the presentation timer
?, h Toggle this help
Esc Back to slideshow