SlideShare a Scribd company logo

Security First - Adam Baldwin

Adam Baldwin
Adam Baldwin

The document discusses security and building a security-first culture. It notes that security is difficult because software has many opinions and constraints. While no software is completely secure, individuals are responsible for security and should educate themselves on vulnerabilities, validate and sanitize inputs, use cryptography, and audit code. The document encourages teaching others about security and having conversations to improve security awareness.

TechnologyNews & Politics
1 of 59
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
Security First
Security First - Adam Baldwin
Security First - Adam Baldwin
Thanks First
Hi, I’m Adam
Hi, I’m Adam @adam_baldwin @liftsecurity @nodesecurity
Hi, I’m Adam @evilpacket
Security First - Adam Baldwin
andbang.com
andbang.com
Security First - Adam Baldwin
Security First - Adam Baldwin
Node Security Project nodesecurity.io
Security First
We’re Fucked
Nothing is 100% Secure.
Security First - Adam Baldwin
Security First - Adam Baldwin
Defender Attacker
Defender Attacker
Security First - Adam Baldwin
AttackerDefender
Software is Hard
Software is full of opinions
Security First - Adam Baldwin
Mobile First
Mobile First Content First
Mobile First Content First Offline First
Mobile First Content First Offline First SECURITY
Software is full of constraints
Security is one of those
Who’s responsible for security?
Who’s responsible for security? You are.
Why?
Security First - Adam Baldwin
NSA Spent $25 million on ‘software vulnerabilities’ in 2013
Stay off the menu.
Litigation is coming.
Litigation is coming.
Enough Doom & Gloom already!
Enough Doom & Gloom already!
Something has to change
Let’s build a Security First culture
Security First - Adam Baldwin
Why do we avoid security?
- Ignorance - Procrastination - Not Exciting work - Not Rewarded
Education Understand Vulnerabilities
The simple stuff still works.
Security First - Adam Baldwin
Validation / Sanitization Cryptohttp://www.matasano.com/articles/crypto-challenges/ http://owasp.org
npm install all the things™
npm install coffeescript
so..ahhh. what else?
Process It’s not immutable
Community Bridge all the worlds http://blog.andyet.com/2013/09/11/shame-and-security
security.md
Homework. - Learn about 1 vuln - Audit some code - Teach a Friend
confwork? Talk to each other about security...
</PRESENTATION> @adam_baldwin | @LiftSecurity

More Related Content

Viewers also liked (6)

PDF
Continuous Security
Adam Baldwin
 
PDF
Nodevember 2015
Adam Baldwin
 
PDF
Secure Node Code (workshop, O'Reilly Security)
Guy Podjarny
 
PDF
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Adam Baldwin
 
PDF
Continuous Security - Thunderplains 2016
Adam Baldwin
 
PDF
Node Day - Node.js Security in the Enterprise
Adam Baldwin
 
Continuous Security
Adam Baldwin
 
Nodevember 2015
Adam Baldwin
 
Secure Node Code (workshop, O'Reilly Security)
Guy Podjarny
 
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Adam Baldwin
 
Continuous Security - Thunderplains 2016
Adam Baldwin
 
Node Day - Node.js Security in the Enterprise
Adam Baldwin
 

Similar to Security First - Adam Baldwin (20)

DOCX
portfolio.docx
DasolGaming
 
PPTX
The Difference Between Being Secure And Being Compliant
John Bedrick
 
PPTX
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Sounil Yu
 
PPTX
10 Components of Business Cyber Security
Comodo SSL Store
 
PPTX
How to Secure America
SecurityStudio
 
PPTX
Information Security Awareness Session -2020
Ismail Oduoye CISSP,CISA, CCNP-ROUTE,CCNA, MCITP,MCTS
 
PDF
Giant bags of mostly water
roensel
 
PDF
Evolving threat landscape
Motiv
 
PDF
Cyber Security
Ncell
 
PPTX
Lkw Security Part 1_MVPs Azra & Sanjay
Quek Lilian
 
PPTX
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Lode Emmanuel Palle
 
PDF
Why isn't infosec working? Did you turn it off and back on again?
Rob Fuller
 
PPTX
eSafety and online security within schools
Webanywhere Ltd
 
PPTX
CYBER AWARENESS.pptx cyber security ppt harika
palaharika13
 
PPTX
Cyber Security: A Common Problem 2018
joshquarrie
 
PPTX
WANTED – People Committed to Solving our Information Security Language Problem
SecurityStudio
 
PDF
Human is an amateur; the monkey is an expert. How to stop trying to secure yo...
Vlad Styran
 
PDF
Opsec for security researchers
vicenteDiaz_KL
 
PDF
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
Dana Gardner
 
PPT
Module1_Intro to Security_Final.ppt
zenotechae
 
portfolio.docx
DasolGaming
 
The Difference Between Being Secure And Being Compliant
John Bedrick
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Sounil Yu
 
10 Components of Business Cyber Security
Comodo SSL Store
 
How to Secure America
SecurityStudio
 
Information Security Awareness Session -2020
Ismail Oduoye CISSP,CISA, CCNP-ROUTE,CCNA, MCITP,MCTS
 
Giant bags of mostly water
roensel
 
Evolving threat landscape
Motiv
 
Cyber Security
Ncell
 
Lkw Security Part 1_MVPs Azra & Sanjay
Quek Lilian
 
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Lode Emmanuel Palle
 
Why isn't infosec working? Did you turn it off and back on again?
Rob Fuller
 
eSafety and online security within schools
Webanywhere Ltd
 
CYBER AWARENESS.pptx cyber security ppt harika
palaharika13
 
Cyber Security: A Common Problem 2018
joshquarrie
 
WANTED – People Committed to Solving our Information Security Language Problem
SecurityStudio
 
Human is an amateur; the monkey is an expert. How to stop trying to secure yo...
Vlad Styran
 
Opsec for security researchers
vicenteDiaz_KL
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
Dana Gardner
 
Module1_Intro to Security_Final.ppt
zenotechae
 
Ad

More from Adam Baldwin (9)

PDF
Attacking open source using abandoned resources
Adam Baldwin
 
PDF
JavaScript Supply Chain Security
Adam Baldwin
 
PDF
Building a Threat Model & How npm Fits Into It
Adam Baldwin
 
PDF
Hunting for malicious modules in npm - NodeSummit
Adam Baldwin
 
PDF
Node Security Project - LXJS 2013
Adam Baldwin
 
PDF
JSConf 2013 Builders vs Breakers
Adam Baldwin
 
KEY
EV1LSHA - Misadventures in the land of Lua
Adam Baldwin
 
KEY
Writing an (in)secure webapp in 3 easy steps
Adam Baldwin
 
PDF
Pony Pwning Djangocon 2010
Adam Baldwin
 
Attacking open source using abandoned resources
Adam Baldwin
 
JavaScript Supply Chain Security
Adam Baldwin
 
Building a Threat Model & How npm Fits Into It
Adam Baldwin
 
Hunting for malicious modules in npm - NodeSummit
Adam Baldwin
 
Node Security Project - LXJS 2013
Adam Baldwin
 
JSConf 2013 Builders vs Breakers
Adam Baldwin
 
EV1LSHA - Misadventures in the land of Lua
Adam Baldwin
 
Writing an (in)secure webapp in 3 easy steps
Adam Baldwin
 
Pony Pwning Djangocon 2010
Adam Baldwin
 
Ad

Recently uploaded (20)

PDF
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
PDF
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PDF
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PDF
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PPTX
MSP360 Backup Scheduling and Retention Best Practices.pptx
MSP360
 
PDF
Windsurf Meetup Ottawa 2025-07-12 - Planning Mode at Reliza.pdf
Pavel Shukhman
 
PDF
July Patch Tuesday
Ivanti
 
PPTX
✨Unleashing Collaboration: Salesforce Channels & Community Power in Patna!✨
SanjeetMishra29
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
PDF
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
PDF
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
PDF
SFWelly Summer 25 Release Highlights July 2025
Anna Loughnan Colquhoun
 
PPTX
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PDF
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
MSP360 Backup Scheduling and Retention Best Practices.pptx
MSP360
 
Windsurf Meetup Ottawa 2025-07-12 - Planning Mode at Reliza.pdf
Pavel Shukhman
 
July Patch Tuesday
Ivanti
 
✨Unleashing Collaboration: Salesforce Channels & Community Power in Patna!✨
SanjeetMishra29
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
SFWelly Summer 25 Release Highlights July 2025
Anna Loughnan Colquhoun
 
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 

Security First - Adam Baldwin