1. Join the conversation #devseccon
Guy Podjarny, Snyk
@guypod
Secure Node Code
a.k.a. Stranger Danger
2. snyk.io
About Me
• Guy Podjarny, @guypod on Twitter
• CEO & Co-founder at Snyk
• History:
• Cyber Security part of Israel Defense Forces
• First Web App Firewall (AppShield), Dynamic/Static Tester (AppScan)
• Security: Worked in Sanctum -> Watchfire -> IBM
• Performance: Founded Blaze -> CTO @Akamai
• O’Reilly author, speaker
3. snyk.io
Open Source Is Awesome
Share Your Work
Reuse What Others Built
Focus on Creating Your Own New Thing
13. snyk.io
Just as Hacker-Friendly…
1. Vulnerabilities already found, and found often
2. Used everywhere - Millions downloads/month, in many orgs
3. Hard to update, due to deps chains, breakage & scattered use
41. snyk.io
OSS packages takeaway
• Find vulnerabilities
• Be sure to test ALL your applications
• Fix vulnerabilities
• Upgrade when possible, patch when needed
• Prevent adding vulnerable module
• Break the build, test in pull requests
• Respond quickly to new vulns
• Track vuln DBs, or use Snyk! </shameless plug>