Modern applications are huge and different, but they all operate sensitive data. We will go through a typical security decision map most developers handle in their apps/infrastructures. We will illustrate typical data protection patterns: from “everyone knows everything” to “end to end encryption”. We will look and learn how to select appropriate security controls based on the use-case and the threat model.
The goal of the talk is to give a general thinking framework and enough ideas about tools for senior engineers to plan their solutions securely, regarding sensitive data contained within.
Building in security testing into a continuous delivery pipeline is a mixed experience: on one hand there's plenty of open-source tools for dependency checking and source security scanning out there, but at the same time their quality varies and in many cases commercial tools are the only alternative.
Based on my first-hand experience I will untangle the complex world of DAST/SAST/IAST/RASP tools and explain how to choose them properly to match both your budget and your security objectives.
AWS has taken over the responsibilities of patching the OS and securing the underlying physical infrastructure that runs your serverless application, so what’s left for you to secure? Quite a bit it turns out.
The OWASP top 10 is as relevant to you as ever; DOS attacks are still a threat even if you can probably brute force your way through it as AWS auto-scales Lambda functions automatically; and did you know attackers can easily steal your AWS credentials via your application dependencies?
In addition to the traditional threats, serverless applications have more granular deployment units and therefore there are more things to configure and secure, and the tools and practices are still catching up with this fast changing world.
Join Yan in this talk to learn more about the security threats that will affect your serverless application and some leading practices that help you combat these threats.
A while ago, web browsers were considered the #1 security risk on the web. Today, they are the last line of defense.
Over the course of the previous decade, many security mechanisms and APIs were integrated into web browsers. These measures can protect a site from an attack, implement security protocols, or provide related functionality like encryption.
Join Christian while you will have a look at many different APIs, features, and of course the browser support.