Security on the Web is gaining more and more attention from both sides of the fence these days. Intruders become more skillful and well equipped and enterprises try their best to be at least one step ahead. Both sides craft more sophisticated and powerful tools in a an endless arms race. How to keep up and not overwhelm yourself?
Here in Kainos Smart we believe we've got an answer.
This talk is both a reminder of some of the basic principles of Web application security, best practices and a tale of our journey to becoming SOC2 certified. Main focus here is how to adapt to a massive changes from a WebOps perspective.
7. Habit
●
Three 'R's of habit formation
●
Support group
●
Start small
Security basics
●
CIA Triad
●
Best Practices
Compromise
●
Security vs Usability
5/24/165/24/16 77●
Conclusion●
Conclusion
Be
healthy
Be secure
Notas do Editor
Less technical
Inherently boring
How good
Parental precept
Overwhelming complexity
In many ways alike
Build to do more
The same as happiness
Race against time
Understate the risks
Science of habits
- property of a system which guarantees that data can not be disclosed to unauthorized users, processes or entities
- feature guaranteeing consistency, accuracy and trustworthiness.
- of data to authorized users when they need it speaks for itself. increases cost. We usually pay the most attention to this particular feature as it is the most visible for our users.
- keeping personally identifiable information confidential
security-first perspective
First impression, brag, no care, weakest
Onion-like
Inconvenient, Reduce damage, annoying
Think differently – unnecessary
well messages, shiny new, block by default
Missile launch, fraud and errors
Separating dev/ops/qa, no single person gets absolute powers
- positive perspecitve and best practices – good start
- not a process – habit, automatic behaviour, nurse
- awareness, vector, accountability, support, reward
- learning careers, scrap, start small
- communicate discuss, awaresness, support group. Educating – human factor, role model, encourage and condemn, not chastised
- probe, formula? Fire. Assessments, pinpoint, external to stay compiant. Accountability and more green marks
- celebration the most important, praise, proud, brag; but don't tell, paranoid freak. Team events , if no critical or major
- automate, delegate, security checks, keep code free, enable updates. Start small with reminders and booking calendar
We've covered all of them
Along with
Not to overwhelm
actually advantageous to form a positive perspective.
decide for themselves
Exactly like health
Technically possible totally
Deprive of pleasures
5 years running
Keeping data safe / actual functionality
Makes application useful