SlideShare uma empresa Scribd logo

Secure from the start : The changing landscape

K
Kieran O'Shea

In the wake of the Heartbleed bug and a number of other high profile security related failures, we revisit the idea of making sure we’re ahead of the game, secure from the start

InternetTecnologia
1 de 28
Baixar para ler offline
Welcome "In the wake of the Heartbleed bug and a number of other high profile security related failures, we revisit the idea of making sure we’re ahead of the game, secure from the start" Kieran O'SheaSecure from the Start : The changing landscape Secure from the Start The changing landscape Kieran O'Shea kieran@kieranoshea.com • @kieranoshea • http://www.kieranoshea.com/
Overview Kieran O'Shea  Motivations for this session  Analysis on recent high profile issues  Types of attack vectors  Mitigation; config, tools, plugins & more  Questions Secure from the Start : The changing landscape
Recent issues - Heartbleed Kieran O'Shea  An OpenSSL exploit  Heartbeat reply leaks data in memory  Data acquired compromises security Secure from the Start : The changing landscape
Recent issues - Heartbleed Kieran O'SheaSecure from the Start : The changing landscape
Recent issues - Heartbleed Kieran O'SheaSecure from the Start : The changing landscape
Recent issues - Heartbleed Kieran O'Shea  Fallout  Recovery Secure from the Start : The changing landscape
Recent issues - Ransomware Kieran O'SheaSecure from the Start : The changing landscape Realintogive/Wikimedia Commons
Recent issues - Ransomware Kieran O'Shea  Essentially blackmail  Takes different forms  Difficult to recover from  Infection rates uncertain  Millions made by criminals Secure from the Start : The changing landscape
Recent issues – Back doors Kieran O'SheaSecure from the Start : The changing landscape
Recent issues - Back doors Kieran O'SheaSecure from the Start : The changing landscape
Recent issues - Social Engineering Kieran O'Shea  Should be considered a back door  Password resets  Security questions  "Single Sign On" Secure from the Start : The changing landscape
Recent issues - Obscurity Kieran O'Shea  When is security no security at all?  When my hotel reservation is www.somehotel.com/reservation/12345  So the previous customer's must be... www.somehotel.com/reservation/12344 Secure from the Start : The changing landscape
Attack Vectors - Passwords Kieran O'Shea  Exploitation of simple passwords  Re-use of stolen credentials  Brute force Is this your password? Secure from the Start : The changing landscape
Attack Vectors - Social Engineering Kieran O'Shea  Probably our weakest link  Guessable info overrides passwords  Privileged users exploited Secure from the Start : The changing landscape
Attack Vectors - External Applications Kieran O'Shea  Shared use servers amplify risk  Exploiting the file system  Taking advantage of firewall rules  Piggy backing off API connectivity Secure from the Start : The changing landscape
Attack Vectors - Rogue Code Kieran O'Shea  Does your theme footer look like this? Secure from the Start : The changing landscape
Attack Vectors - Rogue Code Kieran O'Shea  When hackers get control Secure from the Start : The changing landscape
Attack Vectors - Rogue Code Kieran O'Shea  When hackers really get control Secure from the Start : The changing landscape
Mitigation - Passwords Kieran O'Shea  Secure passwords, auto generated  Avoid re-use between systems Secure from the Start : The changing landscape
Mitigation - Passwords Kieran O'Shea  Employ secure password storage  Complex & differing passwords easier  A variety of services exist, paid & free Single, secure, master password Secure from the Start : The changing landscape
Mitigation - Two Factor Authentication Kieran O'Shea  Something you have, something you know  A variety of implementations  Finger prints  Smart cards  Text Messages  Paper based grids  Good degree of separation required  Extend to multi-factor authentication Secure from the Start : The changing landscape
Mitigation - One Time Passwords Kieran O'Shea  Reduces consequences of interception  Remote verification of token  Also provides two factor authentication  Support for independent infrastructure Secure from the Start : The changing landscape
Mitigation - SSL Kieran O'Shea  Protects data in transit  Consider what constitutes ”sensitive”  Key & Signed certificate  Available for free  Beware revocation costs  Enhance security with forward secrecy  Remember client security too  VPN  S/MIME  Don't settle for plain text Secure from the Start : The changing landscape
Mitigation - External Applications Kieran O'Shea  Minimise server sharing, VPS preferable  If sharing, protect users from users  Don't chmod 777  Sand box your code, e.g. suPHP  Keep an eye on key file changes  Consider onward security of allowed IPs Secure from the Start : The changing landscape
Mitigation - Plugins Kieran O'Shea  Two factor authentication (OTP) ✔ "YubiKey Plugin" (Henrik Schack)  Modifications to files ✔ "WordPress File Monitor Plus" (Scott Cariss)  Login attempts ✔ "Limit Login Attempts" (Johan Eenfeldt)  Action logging ✔ "Audit Trail" (John Godley)  More involved auditing ✔ "The Auditor" (interconnect/it) Secure from the Start : The changing landscape
Mitigation – Configuration Kieran O'Shea  Lock down powerful interfaces  Work with minimum usable privileges  Reduce brute force with fail2ban  Block access at an IP level  Maintain access by using a VPN # Define specific rules for the blog admin panel <Directory /home/kieran/public_html/wp-admin> Order Deny,Allow Deny from all Allow from 95.172.226.96/27 </Directory> Secure from the Start : The changing landscape
Mitigation – Social engineering Kieran O'Shea  Don't populate ”password hints”  Don't use real ”secret questions”  Become aware of back doors  Know the warning signs  Power of notifications  Avoid single points of failure  Multiple backups, multiple services  At least one backup offline Secure from the Start : The changing landscape
Questions? Kieran O'Shea Kieran O'Shea • kieran@kieranoshea.com @kieranoshea • http://www.kieranoshea.com/ Remember, WordCamp tweets archived here: https://wcuk.kieranoshea.com/tweets/ Secure from the Start : The changing landscape

Recomendados

Secure From The Start
Secure From The StartSecure From The Start
Secure From The StartKieran O'Shea
 
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh clevernetsystemsgeneva
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightningwremes
 
Security Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsSecurity Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsIgor Beliaiev
 
Aws security with HIDS, OSSEC
Aws security with HIDS, OSSECAws security with HIDS, OSSEC
Aws security with HIDS, OSSECMayank Gaikwad
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework
 
Solving the Open Source Security Puzzle
Solving the Open Source Security PuzzleSolving the Open Source Security Puzzle
Solving the Open Source Security PuzzleVic Hargrave
 
Network visibility for efficient Openstack operations
Network visibility for efficient Openstack operationsNetwork visibility for efficient Openstack operations
Network visibility for efficient Openstack operationsYathiraj Udupi, Ph.D.
 

Recomendados

Secure From The Start
Secure From The StartSecure From The Start
Secure From The StartKieran O'Shea
 
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh clevernetsystemsgeneva
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightningwremes
 
Security Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsSecurity Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsIgor Beliaiev
 
Aws security with HIDS, OSSEC
Aws security with HIDS, OSSECAws security with HIDS, OSSEC
Aws security with HIDS, OSSECMayank Gaikwad
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework
 
Solving the Open Source Security Puzzle
Solving the Open Source Security PuzzleSolving the Open Source Security Puzzle
Solving the Open Source Security PuzzleVic Hargrave
 
Network visibility for efficient Openstack operations
Network visibility for efficient Openstack operationsNetwork visibility for efficient Openstack operations
Network visibility for efficient Openstack operationsYathiraj Udupi, Ph.D.
 
Fusker - A NodeJS Security Framework
Fusker - A NodeJS Security FrameworkFusker - A NodeJS Security Framework
Fusker - A NodeJS Security Frameworkwearefractal
 
Holistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsHolistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsMajor Hayden
 
Implementing ossec
Implementing ossecImplementing ossec
Implementing ossecJeronimo Zucco
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Rahul
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAlienVault
 
All Your Containers Are Belong To Us
All Your Containers Are Belong To UsAll Your Containers Are Belong To Us
All Your Containers Are Belong To UsLacework
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Stanfy
 
Node JS reverse shell
Node JS reverse shellNode JS reverse shell
Node JS reverse shellMadhu Akula
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...Lacework
 
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connectNur Shiqim Chok
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhAurélie Henriot
 
Custom Rules & Broken Tools
Custom Rules & Broken ToolsCustom Rules & Broken Tools
Custom Rules & Broken ToolsNotSoSecure Global Services
 
Hacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkHacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkPriyanka Aash
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod securityRomansh Yadav
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSAnant Shrivastava
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real worldMadhu Akula
 
Streamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessStreamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessAkeyless
 
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Akeyless
 
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...Lacework
 
Custom to public
Custom to publicCustom to public
Custom to publicMetronet
 
Develop With Pleasure Deploy With Fun Glass Fish And Net Beans For A Better...
Develop With Pleasure Deploy With Fun Glass Fish And Net Beans For A Better...Develop With Pleasure Deploy With Fun Glass Fish And Net Beans For A Better...
Develop With Pleasure Deploy With Fun Glass Fish And Net Beans For A Better...railsconf
 

Mais conteúdo relacionado

Mais procurados

Fusker - A NodeJS Security Framework
Fusker - A NodeJS Security FrameworkFusker - A NodeJS Security Framework
Fusker - A NodeJS Security Frameworkwearefractal
 
Holistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsHolistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsMajor Hayden
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Rahul
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAlienVault
 
All Your Containers Are Belong To Us
All Your Containers Are Belong To UsAll Your Containers Are Belong To Us
All Your Containers Are Belong To UsLacework
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Stanfy
 
Node JS reverse shell
Node JS reverse shellNode JS reverse shell
Node JS reverse shellMadhu Akula
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...Lacework
 
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connectNur Shiqim Chok
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhAurélie Henriot
 
Hacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkHacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkPriyanka Aash
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod securityRomansh Yadav
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSAnant Shrivastava
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real worldMadhu Akula
 
Streamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessStreamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessAkeyless
 
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Akeyless
 
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...Lacework
 

Mais procurados (20)

Fusker - A NodeJS Security Framework
Fusker - A NodeJS Security FrameworkFusker - A NodeJS Security Framework
Fusker - A NodeJS Security Framework
 
Holistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsHolistic Security for OpenStack Clouds
Holistic Security for OpenStack Clouds
 
Implementing ossec
Implementing ossecImplementing ossec
Implementing ossec
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source Security
 
All Your Containers Are Belong To Us
All Your Containers Are Belong To UsAll Your Containers Are Belong To Us
All Your Containers Are Belong To Us
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...
 
Node JS reverse shell
Node JS reverse shellNode JS reverse shell
Node JS reverse shell
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
 
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo Wazuh
 
Custom Rules & Broken Tools
Custom Rules & Broken ToolsCustom Rules & Broken Tools
Custom Rules & Broken Tools
 
Hacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkHacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT Framework
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOS
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
 
Streamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessStreamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time Access
 
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
 
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
 

Destaque

Custom to public
Custom to publicCustom to public
Custom to publicMetronet
 
Develop With Pleasure Deploy With Fun Glass Fish And Net Beans For A Better...
Develop With Pleasure Deploy With Fun Glass Fish And Net Beans For A Better...Develop With Pleasure Deploy With Fun Glass Fish And Net Beans For A Better...
Develop With Pleasure Deploy With Fun Glass Fish And Net Beans For A Better...railsconf
 
Interconnect IT's greatest mistakes (2011) WordCamp UK version
Interconnect IT's greatest mistakes (2011) WordCamp UK versionInterconnect IT's greatest mistakes (2011) WordCamp UK version
Interconnect IT's greatest mistakes (2011) WordCamp UK versionInterconnect IT
 
Semi-organised Barcamps and WordPress
Semi-organised Barcamps and WordPressSemi-organised Barcamps and WordPress
Semi-organised Barcamps and WordPresstonyscott
 
Turbo charged WordPress theme development - WordCamp Edinburgh 2012
Turbo charged WordPress theme development - WordCamp Edinburgh 2012Turbo charged WordPress theme development - WordCamp Edinburgh 2012
Turbo charged WordPress theme development - WordCamp Edinburgh 2012Jonny Allbut
 

Destaque (6)

Custom to public
Custom to publicCustom to public
Custom to public
 
Develop With Pleasure Deploy With Fun Glass Fish And Net Beans For A Better...
Develop With Pleasure Deploy With Fun Glass Fish And Net Beans For A Better...Develop With Pleasure Deploy With Fun Glass Fish And Net Beans For A Better...
Develop With Pleasure Deploy With Fun Glass Fish And Net Beans For A Better...
 
Interconnect IT's greatest mistakes (2011) WordCamp UK version
Interconnect IT's greatest mistakes (2011) WordCamp UK versionInterconnect IT's greatest mistakes (2011) WordCamp UK version
Interconnect IT's greatest mistakes (2011) WordCamp UK version
 
Semi-organised Barcamps and WordPress
Semi-organised Barcamps and WordPressSemi-organised Barcamps and WordPress
Semi-organised Barcamps and WordPress
 
Legacy to Latest
Legacy to LatestLegacy to Latest
Legacy to Latest
 
Turbo charged WordPress theme development - WordCamp Edinburgh 2012
Turbo charged WordPress theme development - WordCamp Edinburgh 2012Turbo charged WordPress theme development - WordCamp Edinburgh 2012
Turbo charged WordPress theme development - WordCamp Edinburgh 2012
 

Semelhante a Secure from the start : The changing landscape

Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by DesignJon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Designjonmccoy
 
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 FinalProtecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 FinalVinod Kumar
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldShannon Lietz
 
Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Jim Manico
 
"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia Potapenko"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia PotapenkoFwdays
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat RansomwareIvanti
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudRightScale
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteImperva Incapsula
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...MongoDB
 
Securing Your Data In The Cloud
Securing Your Data In The CloudSecuring Your Data In The Cloud
Securing Your Data In The CloudOmer Trajman
 
It's a Dangerous World
It's a Dangerous World It's a Dangerous World
It's a Dangerous World MongoDB
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareQuick Heal Technologies Ltd.
 
Sql server security in an insecure world
Sql server security in an insecure worldSql server security in an insecure world
Sql server security in an insecure worldGianluca Sartori
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 
Software Technical Design for Information Security: A short intro for Tech Le...
Software Technical Design for Information Security: A short intro for Tech Le...Software Technical Design for Information Security: A short intro for Tech Le...
Software Technical Design for Information Security: A short intro for Tech Le...Chris F Carroll
 

Semelhante a Secure from the start : The changing landscape (20)

Web Security
Web SecurityWeb Security
Web Security
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
 
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by DesignJon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
 
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 FinalProtecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps World
 
"EL ATAQUE INTERNO"
"EL ATAQUE INTERNO""EL ATAQUE INTERNO"
"EL ATAQUE INTERNO"
 
Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5
 
"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia Potapenko"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia Potapenko
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat Ransomware
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
 
Windows network security
Windows network securityWindows network security
Windows network security
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
 
presentation
presentationpresentation
presentation
 
Securing Your Data In The Cloud
Securing Your Data In The CloudSecuring Your Data In The Cloud
Securing Your Data In The Cloud
 
It's a Dangerous World
It's a Dangerous World It's a Dangerous World
It's a Dangerous World
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
Sql server security in an insecure world
Sql server security in an insecure worldSql server security in an insecure world
Sql server security in an insecure world
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
 
Software Technical Design for Information Security: A short intro for Tech Le...
Software Technical Design for Information Security: A short intro for Tech Le...Software Technical Design for Information Security: A short intro for Tech Le...
Software Technical Design for Information Security: A short intro for Tech Le...
 

Último

定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationMarko4394
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 

Último (20)

定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 

Secure from the start : The changing landscape

  • 1. Welcome "In the wake of the Heartbleed bug and a number of other high profile security related failures, we revisit the idea of making sure we’re ahead of the game, secure from the start" Kieran O'SheaSecure from the Start : The changing landscape Secure from the Start The changing landscape Kieran O'Shea kieran@kieranoshea.com • @kieranoshea • http://www.kieranoshea.com/
  • 2. Overview Kieran O'Shea  Motivations for this session  Analysis on recent high profile issues  Types of attack vectors  Mitigation; config, tools, plugins & more  Questions Secure from the Start : The changing landscape
  • 3. Recent issues - Heartbleed Kieran O'Shea  An OpenSSL exploit  Heartbeat reply leaks data in memory  Data acquired compromises security Secure from the Start : The changing landscape
  • 4. Recent issues - Heartbleed Kieran O'SheaSecure from the Start : The changing landscape
  • 5. Recent issues - Heartbleed Kieran O'SheaSecure from the Start : The changing landscape
  • 6. Recent issues - Heartbleed Kieran O'Shea  Fallout  Recovery Secure from the Start : The changing landscape
  • 7. Recent issues - Ransomware Kieran O'SheaSecure from the Start : The changing landscape Realintogive/Wikimedia Commons
  • 8. Recent issues - Ransomware Kieran O'Shea  Essentially blackmail  Takes different forms  Difficult to recover from  Infection rates uncertain  Millions made by criminals Secure from the Start : The changing landscape
  • 9. Recent issues – Back doors Kieran O'SheaSecure from the Start : The changing landscape
  • 10. Recent issues - Back doors Kieran O'SheaSecure from the Start : The changing landscape
  • 11. Recent issues - Social Engineering Kieran O'Shea  Should be considered a back door  Password resets  Security questions  "Single Sign On" Secure from the Start : The changing landscape
  • 12. Recent issues - Obscurity Kieran O'Shea  When is security no security at all?  When my hotel reservation is www.somehotel.com/reservation/12345  So the previous customer's must be... www.somehotel.com/reservation/12344 Secure from the Start : The changing landscape
  • 13. Attack Vectors - Passwords Kieran O'Shea  Exploitation of simple passwords  Re-use of stolen credentials  Brute force Is this your password? Secure from the Start : The changing landscape
  • 14. Attack Vectors - Social Engineering Kieran O'Shea  Probably our weakest link  Guessable info overrides passwords  Privileged users exploited Secure from the Start : The changing landscape
  • 15. Attack Vectors - External Applications Kieran O'Shea  Shared use servers amplify risk  Exploiting the file system  Taking advantage of firewall rules  Piggy backing off API connectivity Secure from the Start : The changing landscape
  • 16. Attack Vectors - Rogue Code Kieran O'Shea  Does your theme footer look like this? Secure from the Start : The changing landscape
  • 17. Attack Vectors - Rogue Code Kieran O'Shea  When hackers get control Secure from the Start : The changing landscape
  • 18. Attack Vectors - Rogue Code Kieran O'Shea  When hackers really get control Secure from the Start : The changing landscape
  • 19. Mitigation - Passwords Kieran O'Shea  Secure passwords, auto generated  Avoid re-use between systems Secure from the Start : The changing landscape
  • 20. Mitigation - Passwords Kieran O'Shea  Employ secure password storage  Complex & differing passwords easier  A variety of services exist, paid & free Single, secure, master password Secure from the Start : The changing landscape
  • 21. Mitigation - Two Factor Authentication Kieran O'Shea  Something you have, something you know  A variety of implementations  Finger prints  Smart cards  Text Messages  Paper based grids  Good degree of separation required  Extend to multi-factor authentication Secure from the Start : The changing landscape
  • 22. Mitigation - One Time Passwords Kieran O'Shea  Reduces consequences of interception  Remote verification of token  Also provides two factor authentication  Support for independent infrastructure Secure from the Start : The changing landscape
  • 23. Mitigation - SSL Kieran O'Shea  Protects data in transit  Consider what constitutes ”sensitive”  Key & Signed certificate  Available for free  Beware revocation costs  Enhance security with forward secrecy  Remember client security too  VPN  S/MIME  Don't settle for plain text Secure from the Start : The changing landscape
  • 24. Mitigation - External Applications Kieran O'Shea  Minimise server sharing, VPS preferable  If sharing, protect users from users  Don't chmod 777  Sand box your code, e.g. suPHP  Keep an eye on key file changes  Consider onward security of allowed IPs Secure from the Start : The changing landscape
  • 25. Mitigation - Plugins Kieran O'Shea  Two factor authentication (OTP) ✔ "YubiKey Plugin" (Henrik Schack)  Modifications to files ✔ "WordPress File Monitor Plus" (Scott Cariss)  Login attempts ✔ "Limit Login Attempts" (Johan Eenfeldt)  Action logging ✔ "Audit Trail" (John Godley)  More involved auditing ✔ "The Auditor" (interconnect/it) Secure from the Start : The changing landscape
  • 26. Mitigation – Configuration Kieran O'Shea  Lock down powerful interfaces  Work with minimum usable privileges  Reduce brute force with fail2ban  Block access at an IP level  Maintain access by using a VPN # Define specific rules for the blog admin panel <Directory /home/kieran/public_html/wp-admin> Order Deny,Allow Deny from all Allow from 95.172.226.96/27 </Directory> Secure from the Start : The changing landscape
  • 27. Mitigation – Social engineering Kieran O'Shea  Don't populate ”password hints”  Don't use real ”secret questions”  Become aware of back doors  Know the warning signs  Power of notifications  Avoid single points of failure  Multiple backups, multiple services  At least one backup offline Secure from the Start : The changing landscape
  • 28. Questions? Kieran O'Shea Kieran O'Shea • kieran@kieranoshea.com @kieranoshea • http://www.kieranoshea.com/ Remember, WordCamp tweets archived here: https://wcuk.kieranoshea.com/tweets/ Secure from the Start : The changing landscape