SlideShare une entreprise Scribd logo

Twubhubbook - it's like appsec, but for startups

Neil Matatall
Neil Matatall

Version with notes: https://speakerdeck.com/oreoshake/twubhubbook-its-like-appsec-but-for-startups-with-notes

Logiciels
1  sur  30
Télécharger pour lire hors ligne
I T ’ S L I K E A P P S E C , B U T F O R S T A R T U P S TWUBHUBOOK
Originally from the bay, Brent spends his time doing all the fun things LA has to offer while he longs for the days when he can move back home. Finally has a twitter account. a.k.a. @brentjo on GitHub @gsmbj on twitter Brent Johnson TROJAN. BOUNTY TRIAGE EXPERT. BUSINESS LOGIC FLAWS ARE HIS FRIEND.
I like dog. Twitter: @ndm Neil “oreoshake” Matatall ASPIRING PARK RANGER. DOES NOT LIKE COMPUTERS.
W H A T ’ S A T W U B H U B B O O K Greenfield In many disciplines a greenfield project is one that lacks constraints imposed by prior work. The analogy is to that of construction on greenfield land where there is no need to work within the constraints of existing buildings or infrastructure - Wikipedia
W H A T ’ S A T W U B H U B B O O K C O N T ’ D Young application Think pre-pre-pre-pre-pre-IPO.
W H A T ’ S A T W U B H U B B O O K C O N T ’ D Mature application
The Future: 2025 D A Y O N E O N T H E J O B Oddly, the mannequin challenge is still even in 2025.
2 4 | Agree on acceptable technology | Always stay current | Review architecture | Code review culture
4 | Agree on acceptable technology | Always stay current | Review architecture | Code review culture
4 | Agree on acceptable technology | Always stay current | Review architecture | Code review culture
| Agree on acceptable technology | Always stay current | Review architecture | Code review culture
B E I N T H E B U S I N E S S O F P R E V E N T I O N SECURITY DOES NOT HAVE TIME TO FIX OR FIND BUGS
What have we accomplished?
Building a healthy culture W E E K 2 O N T H E J O B
W E ’ R E H E R E T O S A Y “ B E C A R E F U L ” SECURITY IS NOT HERE TO SAY “NO”
Twubhubbook hits its first milestone 1,000,000 MAUS
What have we accomplished?
The game has changed, strategies must be updated. PROCESSES MUST SCALE CULTURE MUST STAY STRONG FLEXIBILITY IS IMPORTANT
FOCUS ON LEARNING “I TOLD YOU SO” IS FORBIDDEN “The incident”
What have we accomplished?
The security team grows D A Y ? ? ? O F ? ? ? Mommy, wow! I’m a big kid now.
| FRAMEWORK HARDENING 2 4 3 1 | COLLAB WITH STANDARDS BODIES | SHARED RESPONSIBILITY
The bug bounty turns 3! MORE BUGS, BIGGER BOUNTIES
HOLD ON FOR YOUR ASSES PERHAPS TAKE UP MEDITATION Pre-IPO
I HEARD YOU HAD TO WRITE A FIFO CACHE IN COLLEGE — CAN YOU REVIEW THIS MIPS CODE OUR CORE BUSINESS OPS NOW DEPEND ON? Stack Diversifies
Development stack consolidates DON’T BUDGE ON SECURE BY DEFAULT, HARDEN THE FRAMEWORK, DESIGN SERVICES SECURELY.
TESTS FOR EVERYTHING. ROLES FOR EVERYONE. Beyond basic appsec
The IPO engineer = Twubhubbook.appsec_team.first; engineer.company = BayArea.startups.next;
“STARTING UP SECURITY” - RYAN MCGEEHAN HTTPS://MEDIUM.COM/STARTING-UP-SECURITY “THE SAAS CTO SECURITY CHECKLIST” - SQREEN HTTP://CTO-SECURITY-CHECKLIST.SQREEN.IO/ Further Reading
KAILUA KONA, HAWAI’I APRIL 2018 LOCOMOCOSEC.COM @LOCOMOCOSEC Loco Moco Security Conference

Recommandé

XII Waves Hitlist
XII Waves HitlistXII Waves Hitlist
XII Waves HitlistMichel Vos
 
The IoT For Real
The IoT For Real The IoT For Real
The IoT For Real University of Hertfordshire
 
BBC Studios - Instagram’s Underdog - Rethinking IGTV and Finding Success With...
BBC Studios - Instagram’s Underdog - Rethinking IGTV and Finding Success With...BBC Studios - Instagram’s Underdog - Rethinking IGTV and Finding Success With...
BBC Studios - Instagram’s Underdog - Rethinking IGTV and Finding Success With...Falcon.io
 
Thinking like a Network
Thinking like a NetworkThinking like a Network
Thinking like a NetworkJonas Altman
 
Digital transformation in the Public Sector. By Tommaso Di Bartolo. Silicon V...
Digital transformation in the Public Sector. By Tommaso Di Bartolo. Silicon V...Digital transformation in the Public Sector. By Tommaso Di Bartolo. Silicon V...
Digital transformation in the Public Sector. By Tommaso Di Bartolo. Silicon V...Tommaso Di Bartolo
 
How NOT to fuck up remote development
How NOT to fuck up remote developmentHow NOT to fuck up remote development
How NOT to fuck up remote developmentChris Philipps
 
The Biggest Problem In TV: Split... Attention
The Biggest Problem In TV: Split... AttentionThe Biggest Problem In TV: Split... Attention
The Biggest Problem In TV: Split... AttentionTodd Green
 
Assignment 2 with script
Assignment 2 with scriptAssignment 2 with script
Assignment 2 with scriptMaxineOwens
 

Recommandé

XII Waves Hitlist
XII Waves HitlistXII Waves Hitlist
XII Waves HitlistMichel Vos
 
The IoT For Real
The IoT For Real The IoT For Real
The IoT For Real University of Hertfordshire
 
BBC Studios - Instagram’s Underdog - Rethinking IGTV and Finding Success With...
BBC Studios - Instagram’s Underdog - Rethinking IGTV and Finding Success With...BBC Studios - Instagram’s Underdog - Rethinking IGTV and Finding Success With...
BBC Studios - Instagram’s Underdog - Rethinking IGTV and Finding Success With...Falcon.io
 
Thinking like a Network
Thinking like a NetworkThinking like a Network
Thinking like a NetworkJonas Altman
 
Digital transformation in the Public Sector. By Tommaso Di Bartolo. Silicon V...
Digital transformation in the Public Sector. By Tommaso Di Bartolo. Silicon V...Digital transformation in the Public Sector. By Tommaso Di Bartolo. Silicon V...
Digital transformation in the Public Sector. By Tommaso Di Bartolo. Silicon V...Tommaso Di Bartolo
 
How NOT to fuck up remote development
How NOT to fuck up remote developmentHow NOT to fuck up remote development
How NOT to fuck up remote developmentChris Philipps
 
The Biggest Problem In TV: Split... Attention
The Biggest Problem In TV: Split... AttentionThe Biggest Problem In TV: Split... Attention
The Biggest Problem In TV: Split... AttentionTodd Green
 
Assignment 2 with script
Assignment 2 with scriptAssignment 2 with script
Assignment 2 with scriptMaxineOwens
 
Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...
Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...
Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...Riccardo Spinelli
 
The digital revolution and the future 2012
The digital revolution and the future 2012The digital revolution and the future 2012
The digital revolution and the future 2012Bex Lewis
 
Disruptive Innovations and Local Government Strategies for Embracing these In...
Disruptive Innovations and Local Government Strategies for Embracing these In...Disruptive Innovations and Local Government Strategies for Embracing these In...
Disruptive Innovations and Local Government Strategies for Embracing these In...Dustin Haisler
 
Digital Trends in CCSS & PBL
Digital Trends in CCSS & PBLDigital Trends in CCSS & PBL
Digital Trends in CCSS & PBLMartin Cisneros
 
Telescope Pitch Deck
Telescope Pitch DeckTelescope Pitch Deck
Telescope Pitch DeckNino Panes
 
Science and Engineering Out of The Box
Science and Engineering Out of The BoxScience and Engineering Out of The Box
Science and Engineering Out of The BoxUniversity of Hertfordshire
 
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...Brandon Zoras
 
Good presentation
Good presentationGood presentation
Good presentationBrandon Jackson
 
Good presentation
Good presentationGood presentation
Good presentationBrandon Jackson
 
Wireless Past Present Future
Wireless Past Present FutureWireless Past Present Future
Wireless Past Present FutureUniversity of Hertfordshire
 
Pair Programming
Pair ProgrammingPair Programming
Pair ProgrammingCarlos Corrêa da Silva
 
Creating an Agile Business
Creating an Agile BusinessCreating an Agile Business
Creating an Agile BusinessZach Nies
 
Talk to MOE educators@Singapore Science Centre for Animate@South Zone
Talk to MOE educators@Singapore Science Centre for Animate@South ZoneTalk to MOE educators@Singapore Science Centre for Animate@South Zone
Talk to MOE educators@Singapore Science Centre for Animate@South ZoneJames Chan
 
2015 Arts Midwest Workshop: Embracing the Digital Age
2015 Arts Midwest Workshop: Embracing the Digital Age2015 Arts Midwest Workshop: Embracing the Digital Age
2015 Arts Midwest Workshop: Embracing the Digital AgeThe Metropolitan Museum of Art
 
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USP
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USPTelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USP
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USPMarcio
 
The Tech Lab - Company Profile V1.4
The Tech Lab - Company Profile V1.4The Tech Lab - Company Profile V1.4
The Tech Lab - Company Profile V1.4ShayonKhaled
 
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015Toan Bach Quang Bao
 
Understanding innovation
Understanding innovationUnderstanding innovation
Understanding innovationjacquelineyeye
 
The trek towards sustainability - truth, tale, or transition?
The trek towards sustainability - truth, tale, or transition?The trek towards sustainability - truth, tale, or transition?
The trek towards sustainability - truth, tale, or transition?Birgit Penzenstadler
 
The mobile ecosystem & technological strategies
The mobile ecosystem & technological strategiesThe mobile ecosystem & technological strategies
The mobile ecosystem & technological strategiesIvano Malavolta
 
Owasp austin
Owasp austinOwasp austin
Owasp austinNeil Matatall
 
Putting to your Robots to Work V1.1
Putting to your Robots to Work V1.1Putting to your Robots to Work V1.1
Putting to your Robots to Work V1.1Neil Matatall
 

Contenu connexe

Similaire à Twubhubbook - it's like appsec, but for startups

Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...
Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...
Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...Riccardo Spinelli
 
The digital revolution and the future 2012
The digital revolution and the future 2012The digital revolution and the future 2012
The digital revolution and the future 2012Bex Lewis
 
Disruptive Innovations and Local Government Strategies for Embracing these In...
Disruptive Innovations and Local Government Strategies for Embracing these In...Disruptive Innovations and Local Government Strategies for Embracing these In...
Disruptive Innovations and Local Government Strategies for Embracing these In...Dustin Haisler
 
Digital Trends in CCSS & PBL
Digital Trends in CCSS & PBLDigital Trends in CCSS & PBL
Digital Trends in CCSS & PBLMartin Cisneros
 
Telescope Pitch Deck
Telescope Pitch DeckTelescope Pitch Deck
Telescope Pitch DeckNino Panes
 
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...Brandon Zoras
 
Creating an Agile Business
Creating an Agile BusinessCreating an Agile Business
Creating an Agile BusinessZach Nies
 
Talk to MOE educators@Singapore Science Centre for Animate@South Zone
Talk to MOE educators@Singapore Science Centre for Animate@South ZoneTalk to MOE educators@Singapore Science Centre for Animate@South Zone
Talk to MOE educators@Singapore Science Centre for Animate@South ZoneJames Chan
 
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USP
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USPTelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USP
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USPMarcio
 
The Tech Lab - Company Profile V1.4
The Tech Lab - Company Profile V1.4The Tech Lab - Company Profile V1.4
The Tech Lab - Company Profile V1.4ShayonKhaled
 
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015Toan Bach Quang Bao
 
Understanding innovation
Understanding innovationUnderstanding innovation
Understanding innovationjacquelineyeye
 
The trek towards sustainability - truth, tale, or transition?
The trek towards sustainability - truth, tale, or transition?The trek towards sustainability - truth, tale, or transition?
The trek towards sustainability - truth, tale, or transition?Birgit Penzenstadler
 
The mobile ecosystem & technological strategies
The mobile ecosystem & technological strategiesThe mobile ecosystem & technological strategies
The mobile ecosystem & technological strategiesIvano Malavolta
 

Similaire à Twubhubbook - it's like appsec, but for startups (20)

Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...
Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...
Blockchain: professionalità, cultura e change management - Riccardo Spinelli ...
 
The digital revolution and the future 2012
The digital revolution and the future 2012The digital revolution and the future 2012
The digital revolution and the future 2012
 
Disruptive Innovations and Local Government Strategies for Embracing these In...
Disruptive Innovations and Local Government Strategies for Embracing these In...Disruptive Innovations and Local Government Strategies for Embracing these In...
Disruptive Innovations and Local Government Strategies for Embracing these In...
 
Digital Trends in CCSS & PBL
Digital Trends in CCSS & PBLDigital Trends in CCSS & PBL
Digital Trends in CCSS & PBL
 
Telescope Pitch Deck
Telescope Pitch DeckTelescope Pitch Deck
Telescope Pitch Deck
 
Science and Engineering Out of The Box
Science and Engineering Out of The BoxScience and Engineering Out of The Box
Science and Engineering Out of The Box
 
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...
Sustaining, Connecting & Collaborating Across The TDSB: A Cross-Panel PBL Ini...
 
Good presentation
Good presentationGood presentation
Good presentation
 
Good presentation
Good presentationGood presentation
Good presentation
 
Wireless Past Present Future
Wireless Past Present FutureWireless Past Present Future
Wireless Past Present Future
 
Pair Programming
Pair ProgrammingPair Programming
Pair Programming
 
Creating an Agile Business
Creating an Agile BusinessCreating an Agile Business
Creating an Agile Business
 
Talk to MOE educators@Singapore Science Centre for Animate@South Zone
Talk to MOE educators@Singapore Science Centre for Animate@South ZoneTalk to MOE educators@Singapore Science Centre for Animate@South Zone
Talk to MOE educators@Singapore Science Centre for Animate@South Zone
 
2015 Arts Midwest Workshop: Embracing the Digital Age
2015 Arts Midwest Workshop: Embracing the Digital Age2015 Arts Midwest Workshop: Embracing the Digital Age
2015 Arts Midwest Workshop: Embracing the Digital Age
 
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USP
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USPTelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USP
TelaSocial Presentation and Lessons Learned with the Pilot Case at ICMC-USP
 
The Tech Lab - Company Profile V1.4
The Tech Lab - Company Profile V1.4The Tech Lab - Company Profile V1.4
The Tech Lab - Company Profile V1.4
 
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015
GENSummit - WEARABLE NEWS BEYOND THE GADGETS 2015
 
Understanding innovation
Understanding innovationUnderstanding innovation
Understanding innovation
 
The trek towards sustainability - truth, tale, or transition?
The trek towards sustainability - truth, tale, or transition?The trek towards sustainability - truth, tale, or transition?
The trek towards sustainability - truth, tale, or transition?
 
The mobile ecosystem & technological strategies
The mobile ecosystem & technological strategiesThe mobile ecosystem & technological strategies
The mobile ecosystem & technological strategies
 

Plus de Neil Matatall

Putting to your Robots to Work V1.1
Putting to your Robots to Work V1.1Putting to your Robots to Work V1.1
Putting to your Robots to Work V1.1Neil Matatall
 
2013: OC Rails Jan - SecureHeaders library and content security policy
2013: OC Rails Jan - SecureHeaders library and content security policy2013: OC Rails Jan - SecureHeaders library and content security policy
2013: OC Rails Jan - SecureHeaders library and content security policyNeil Matatall
 
2012: Putting your robots to work: security automation at Twitter
2012: Putting your robots to work: security automation at Twitter2012: Putting your robots to work: security automation at Twitter
2012: Putting your robots to work: security automation at TwitterNeil Matatall
 
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...Neil Matatall
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security TutorialNeil Matatall
 
Educause Annual 2007
Educause Annual 2007Educause Annual 2007
Educause Annual 2007Neil Matatall
 

Plus de Neil Matatall (8)

Owasp austin
Owasp austinOwasp austin
Owasp austin
 
Putting to your Robots to Work V1.1
Putting to your Robots to Work V1.1Putting to your Robots to Work V1.1
Putting to your Robots to Work V1.1
 
2013: OC Rails Jan - SecureHeaders library and content security policy
2013: OC Rails Jan - SecureHeaders library and content security policy2013: OC Rails Jan - SecureHeaders library and content security policy
2013: OC Rails Jan - SecureHeaders library and content security policy
 
2012: Putting your robots to work: security automation at Twitter
2012: Putting your robots to work: security automation at Twitter2012: Putting your robots to work: security automation at Twitter
2012: Putting your robots to work: security automation at Twitter
 
2012: Passw3rd
2012: Passw3rd2012: Passw3rd
2012: Passw3rd
 
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security Tutorial
 
Educause Annual 2007
Educause Annual 2007Educause Annual 2007
Educause Annual 2007
 

Dernier

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 

Dernier (20)

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 

Twubhubbook - it's like appsec, but for startups

  • 1. I T ’ S L I K E A P P S E C , B U T F O R S T A R T U P S TWUBHUBOOK
  • 2. Originally from the bay, Brent spends his time doing all the fun things LA has to offer while he longs for the days when he can move back home. Finally has a twitter account. a.k.a. @brentjo on GitHub @gsmbj on twitter Brent Johnson TROJAN. BOUNTY TRIAGE EXPERT. BUSINESS LOGIC FLAWS ARE HIS FRIEND.
  • 3. I like dog. Twitter: @ndm Neil “oreoshake” Matatall ASPIRING PARK RANGER. DOES NOT LIKE COMPUTERS.
  • 4. W H A T ’ S A T W U B H U B B O O K Greenfield In many disciplines a greenfield project is one that lacks constraints imposed by prior work. The analogy is to that of construction on greenfield land where there is no need to work within the constraints of existing buildings or infrastructure - Wikipedia
  • 5. W H A T ’ S A T W U B H U B B O O K C O N T ’ D Young application Think pre-pre-pre-pre-pre-IPO.
  • 6. W H A T ’ S A T W U B H U B B O O K C O N T ’ D Mature application
  • 7. The Future: 2025 D A Y O N E O N T H E J O B Oddly, the mannequin challenge is still even in 2025.
  • 8. 2 4 | Agree on acceptable technology | Always stay current | Review architecture | Code review culture
  • 9. 4 | Agree on acceptable technology | Always stay current | Review architecture | Code review culture
  • 10. 4 | Agree on acceptable technology | Always stay current | Review architecture | Code review culture
  • 11. | Agree on acceptable technology | Always stay current | Review architecture | Code review culture
  • 12. B E I N T H E B U S I N E S S O F P R E V E N T I O N SECURITY DOES NOT HAVE TIME TO FIX OR FIND BUGS
  • 14. Building a healthy culture W E E K 2 O N T H E J O B
  • 15. W E ’ R E H E R E T O S A Y “ B E C A R E F U L ” SECURITY IS NOT HERE TO SAY “NO”
  • 18. The game has changed, strategies must be updated. PROCESSES MUST SCALE CULTURE MUST STAY STRONG FLEXIBILITY IS IMPORTANT
  • 19. FOCUS ON LEARNING “I TOLD YOU SO” IS FORBIDDEN “The incident”
  • 21. The security team grows D A Y ? ? ? O F ? ? ? Mommy, wow! I’m a big kid now.
  • 22. | FRAMEWORK HARDENING 2 4 3 1 | COLLAB WITH STANDARDS BODIES | SHARED RESPONSIBILITY
  • 23. The bug bounty turns 3! MORE BUGS, BIGGER BOUNTIES
  • 24. HOLD ON FOR YOUR ASSES PERHAPS TAKE UP MEDITATION Pre-IPO
  • 25. I HEARD YOU HAD TO WRITE A FIFO CACHE IN COLLEGE — CAN YOU REVIEW THIS MIPS CODE OUR CORE BUSINESS OPS NOW DEPEND ON? Stack Diversifies
  • 26. Development stack consolidates DON’T BUDGE ON SECURE BY DEFAULT, HARDEN THE FRAMEWORK, DESIGN SERVICES SECURELY.
  • 27. TESTS FOR EVERYTHING. ROLES FOR EVERYONE. Beyond basic appsec
  • 28. The IPO engineer = Twubhubbook.appsec_team.first; engineer.company = BayArea.startups.next;
  • 29. “STARTING UP SECURITY” - RYAN MCGEEHAN HTTPS://MEDIUM.COM/STARTING-UP-SECURITY “THE SAAS CTO SECURITY CHECKLIST” - SQREEN HTTP://CTO-SECURITY-CHECKLIST.SQREEN.IO/ Further Reading
  • 30. KAILUA KONA, HAWAI’I APRIL 2018 LOCOMOCOSEC.COM @LOCOMOCOSEC Loco Moco Security Conference