O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Próximos SlideShares
What to Upload to SlideShare
Avançar

0

Compartilhar

The sooner the better but never too late

Vlad Styran, QA Fest 2019

  • Seja a primeira pessoa a gostar disto

The sooner the better but never too late

  1. 1. Тема доклада Тема доклада Тема доклада KYIV 2019 The sooner the better but never too late Vlad Styran, Berezha Security QA CONFERENCE #1 IN UKRAINE
  2. 2. The sooner the better but never too late or Why software security starts with testing Who is this guy? Why security? What exactly is security? Why software security sucks? Who cares about security and when? How to do as little as possible and stay safe?
  3. 3. Who is this guy? Vlad Styran, OSCP CISSP CISA Co-founder & VP, Berezha Security 15+ years of security experience 10+ years in offensive security (AKA hacking) #OWASPKyiv, #NoNameCon, #NoNamePodcast Long distance runs, marathon finisher Formally trained as a “Programmer”, 0 days of related experience ¯_(ツ)_/¯
  4. 4. Why security?
  5. 5. Constant challenge Well paid 1,800,000 unfilled jobs Kind of fun
  6. 6. - Why security? - Seriously? No idea!
  7. 7. What exactly is security?
  8. 8. Why software security sucks?
  9. 9. It’s all in our head
  10. 10. Han Solo & Sheev Palpatine, circa 1969
  11. 11. Daniel Kahneman & Amos Tversky, late 1970’
  12. 12. Usual Development Lifecycle
  13. 13. Agile Security
  14. 14. Who cares about security and when?
  15. 15. Outsourcing companies
  16. 16. Product companies
  17. 17. Startups
  18. 18. How to do as little as possible and stay safe?
  19. 19. Core Security Practices Threat Modeling Secure Architecture Supply Chain Security Secure Coding Security Code Review Security Testing Incident Response Annual Third Party Penetration Test
  20. 20. “Give a man a fish, and you'll feed him for a day. Give a fish a man, and you’ve fed it for the lifetime.” – Sun Tzu
  21. 21. "Give a man a fish, and you'll feed him for a day. Teach a man to fish, and you've fed him for a lifetime.” – Confucius
  22. 22. Zero to Hero Web Application Hacker’s Handbook PortSwigger Web Security Academy
  23. 23. Meetups and Conferences OWASP Ukraine 🇺🇦 application security conference (Oct 4-5, 2019) OWASP chapters: Kyiv, Lviv, Dnipro, Kharkiv, Zhytomyr… (JGI) DefCon groups, local security communities (ask around) Security BSides conferences and meetups (call you dealer) NoNameCon ♥️ practical cybersecurity conference (3rd week of May)
  24. 24. Bug Bounties
  25. 25. How you find me @arunninghacker fb.me/vstyran berezhasecurity.com
  26. 26. “Thank You” Slide

Vlad Styran, QA Fest 2019

Vistos

Vistos totais

316

No Slideshare

0

De incorporações

0

Número de incorporações

8

Ações

Baixados

0

Compartilhados

0

Comentários

0

Curtir

0

×