Hi [[ session.user.profile.firstName ]]

Signal Sciences

  • Date
  • Rating
  • Views
  • Practical Tips For Defending Web Applications In The Age Of DevOps
    Practical Tips For Defending Web Applications In The Age Of DevOps Zane Lackey, Founder and Chief Security Officer, Signal Sciences Recorded: Aug 10 2017 56 mins
    This encore of Zane Lackey's Black Hat presentation covers the most effective application security techniques, helping you avoid development bottlenecks while staying secure.

    The standard approach for web application security over the last decade and beyond has focused heavily on slow gatekeeping controls like static analysis and dynamic scanning. However, these controls was originally designed in a world of Waterfall development and their heavy weight nature often cause more problems than they solve in today's world of agile, DevOps, and CI/CD.

    This talk will share practical lessons learned at Etsy on the most effective application security techniques in todays increasingly rapid world of application creation and delivery. Specifically, it will cover how to:

    * Adapt traditionally heavyweight controls like static analysis and dynamic scanning to lightweight efforts that work in modern development and deployment practices
    * Obtain visibility to enable, rather than hinder, development and DevOps teams ability to iterate quickly
    * Measure maturity of your organizations security efforts in a non-theoretical way
  • Twubhubbook - It’s Like An AppSec Program, But For Startups
    Twubhubbook - It’s Like An AppSec Program, But For Startups Neil Matatall, Senior Security Engineer, GitHub Recorded: Mar 1 2017 57 mins
    It’s 2025. Many of the problems in appsec in have mitigations, maybe even solutions. The value of an appsec program is widely accepted as a requirement for any successful company. Yet XSS and other common vulnerabilities are still occupying the time of many engineering teams. Twubhubbook, a fictitious startup from the future, has the benefit of being a new startup: it’s mostly a blank slate situation. This is the story of how Twubhubbook rolled out their program without skipping a beat or breaking the bank. The purpose of this imaginary story is to provide practical advice that you can take to a current or future startup (sorry enterprise people) based on the successes and failures of today’s startups.
  • Dangers of DevOps Monotheism
    Dangers of DevOps Monotheism Jim Manico, Founder, Manicode Security Recorded: Oct 27 2016 33 mins
    The DevOps gods rule the AppSec universe. However, like any form of human worship to divine entities, that worship is often flawed due to the limits of man compared to the perfection of divinity. This was first noted by Plato during his discussion of Platonic Forms, one of the fundamental concepts that drove the philosophy behind western religion and divinity. While acknowledging many of the great things that DevOps has brought to software development and application security, there are giant pitfalls to those who put all of their faith in this man-made construct. This talk will focus on the many challenges DevOps worshipers and implementors will face and what you can do to prepare for and convert those gaps into opportunity for excellent and a piece of divinity in this human existence. You may even learn a tiny bit about Philosophy along the way.

Embed in website or blog