Security

class: center, middle

# Security
#### Cyber Security, IT Security, Software Security

---

## Humans Can't Be Trusted
--

- Super intelligent robots haven't taken over yet
--

- Humans are the weakest link in any system
--

- We need to protect our sytems from ourselves

---
## Effective Security Culture
--

- Security belongs to **EVERYONE**
--

- Security is **not** just a department, team, or a buzzword
--

- Security is **part of**: design, programming, testing, operations, management, users

---
## Effective Security Culture P2
--

- Security is **active** and **continous**, not a one time event
--

- Security is a **documented** part of your organization, team, process
--

- Your security processes are **routinely updated** by frequent audits

---
## Awareness is Key
--

- You must be ever vigilent!
--

- You have to keep up to date with:
--

- Documented vulnerabilities in your dependencies (maven, npm)
--

- Software and OS updates
--

- Your system status by monitoring logs

---
## Vulnerabilities
--

- [OWASP Top 10](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)
--

- Injection
--

- Impersonating a different user/role
--

- Accessing data without being authorized (avoiding login)
--

- Causing Errors to expose data/server info

---
## Vulnerabilities P2
--

- Old versions of software/dependencies that have **known exploits**
--

- Infiltrating the network/server
--

- Open ports
--

- Not behind firewall
--

- Exploiting default security settings
--

- Compromised software on the server

---
## Secure Traits
--

- Culture that **emphasizes**, **implements**, and **updates** it's security processes
--

- Code **scanning tools** (Active and Static tools)
--

- Software **update** plans/schedules (avoid unsupported versions)
--

- Safer programming **practices**
--

- Safer server and network **configurations**
--

- Organization/users **informed** of and **following** security measures
--

- Verfication by an **outside** organization
---
## Security is a Struggle
--

- It only takes one weakness, one miss step to have an incident
--

- For example your application is only as secure as the weakest password in your organization... P@ssw0rd1234567890
--

- Stay up to date, follow industry guidelines, and implement them as team
--

- HOORAY Security!