SlideShare une entreprise Scribd logo

Security for Human Beings

Z
zekivazquez

Slides from my presentation on Drupal Developer Days 2017 Seville, about best practices and advices regarding IT systems security.

Technologie
1  sur  38
Télécharger pour lire hors ligne
THANKS! Zequi V´azquez @RabbitLair Security for Human Beigns
Ezequiel ”Zequi”V´azquez Backend Developer Sysadmin & DevOps Hacking & Security Speaker since 2013 Zequi V´azquez @RabbitLair Security for Human Beigns
Zequi V´azquez @RabbitLair Security for Human Beigns
Zequi V´azquez @RabbitLair Security for Human Beigns
Zequi V´azquez @RabbitLair Security for Human Beigns
Zequi V´azquez @RabbitLair Security for Human Beigns
Stuxnet June 2010, worm against SCADA systems Four (4) critical vulns on Windows XP Zequi V´azquez @RabbitLair Security for Human Beigns
Sony Pictures Entertainment November 2014, worm against SMB More than 100 TB of condifential info Zequi V´azquez @RabbitLair Security for Human Beigns
El Corte Ingl´es February 2016, SQL Injection on login Extracted financial info 2011 to 2016 Zequi V´azquez @RabbitLair Security for Human Beigns
Philippines March 2016, unknown vulnerabilities 55 million voters data, fingerprints! Zequi V´azquez @RabbitLair Security for Human Beigns
Panama Papers April 2016, Drupal 7 and Wordpress 2.6 TB confidential information, +40 years Zequi V´azquez @RabbitLair Security for Human Beigns
Turkey April 2016, hardcoded password on code Personal data of 49,611,709 voters (6.9 GB) Zequi V´azquez @RabbitLair Security for Human Beigns
IPS Community Suite April 2016, Thanatos, trojan to zombify Infrastructure attack - Warner, LiveNation Zequi V´azquez @RabbitLair Security for Human Beigns
LastPass March 2017, vulns on browser extensions Passwords leakage Zequi V´azquez @RabbitLair Security for Human Beigns
In summary Zequi V´azquez @RabbitLair Security for Human Beigns
But not everything is lost Zequi V´azquez @RabbitLair Security for Human Beigns
What is a project? More than put some code on a server Security must be present on all phases Zequi V´azquez @RabbitLair Security for Human Beigns
From minute zero Security should be reflected on requirements Balance between security and budget Zequi V´azquez @RabbitLair Security for Human Beigns
Setting the plans Design application with security on mind Paranoid is a virtue Zequi V´azquez @RabbitLair Security for Human Beigns
While developing. . . We are responsible of our product Bad guys do not create holes - we do Zequi V´azquez @RabbitLair Security for Human Beigns
While developing. . . Do you know security best practices? Programmers are human, humans are lazy Zequi V´azquez @RabbitLair Security for Human Beigns
What can we do? Defensive programming, error handling! Try to think as an attacker when coding Zequi V´azquez @RabbitLair Security for Human Beigns
Take care of not only code Are development envs & repo closed? Be careful with questions on StackOverflow Zequi V´azquez @RabbitLair Security for Human Beigns
Security person/team At least, one person should review code Zequi V´azquez @RabbitLair Security for Human Beigns
Infrastructure Project is much more than code Fail tolerance, high availability, settings Zequi V´azquez @RabbitLair Security for Human Beigns
Testing Full security audit before deploying Ideally, automate security testing Zequi V´azquez @RabbitLair Security for Human Beigns
Information is Power Monitorize all the things! Keep up to date about updates Zequi V´azquez @RabbitLair Security for Human Beigns
Sh*t happens Emergency recovery plan, forensics Untested backups are NO backups Zequi V´azquez @RabbitLair Security for Human Beigns
Some other stuff Technical debt & McFly theorem Maintenance, patches and other drugs Post-mortem report Zequi V´azquez @RabbitLair Security for Human Beigns
In Summary Investment, not waste Try to involve everyone Security is a process Education! Zequi V´azquez @RabbitLair Security for Human Beigns
Zequi V´azquez @RabbitLair Security for Human Beigns
Zequi V´azquez @RabbitLair Security for Human Beigns
Thank you! @RabbitLair zequi[at]lullabot[dot]com Zequi V´azquez @RabbitLair Security for Human Beigns

Recommandé

Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 
CyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitCyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitChema Alonso
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
 
Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Phillip Maddux
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
 
IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015Daniel Miessler
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
 

Recommandé

Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 
CyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitCyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitChema Alonso
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
 
Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Phillip Maddux
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
 
IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015Daniel Miessler
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
 
Dorking & Pentesting with Tacyt
Dorking & Pentesting with TacytDorking & Pentesting with Tacyt
Dorking & Pentesting with TacytChema Alonso
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsNowSecure
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
 
Security and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSecurity and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSithira Pathirana
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?Ammar WK
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookNowSecure
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chaincentralohioissa
 
RSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of ThingsRSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of ThingsDaniel Miessler
 
Berkarir di Cyber Security
Berkarir di Cyber SecurityBerkarir di Cyber Security
Berkarir di Cyber SecuritySatria Ady Pradana
 
Porque Investir em um time de segurança ofensiva?
Porque Investir em um time de segurança ofensiva?Porque Investir em um time de segurança ofensiva?
Porque Investir em um time de segurança ofensiva?Arthur Paixão
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeNowSecure
 
Hacking Cracking 2008
Hacking Cracking 2008Hacking Cracking 2008
Hacking Cracking 2008Jim Geovedi
 
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric VanderburgInformation Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric VanderburgEric Vanderburg
 
Beyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. PayneBeyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. PayneNebula
 
Ha(Attackers) Exposed
Ha(Attackers) ExposedHa(Attackers) Exposed
Ha(Attackers) ExposedEugene Tawiah
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016NowSecure
 
The IoT Attack Surface
The IoT Attack SurfaceThe IoT Attack Surface
The IoT Attack SurfaceDaniel Miessler
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsAmmar WK
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
Information is Power
Information is PowerInformation is Power
Information is Powerzekivazquez
 
Introducing the UI Patterns module: use atomic UI components everywhere in Dr...
Introducing the UI Patterns module: use atomic UI components everywhere in Dr...Introducing the UI Patterns module: use atomic UI components everywhere in Dr...
Introducing the UI Patterns module: use atomic UI components everywhere in Dr...Nuvole
 

Contenu connexe

Tendances

Dorking & Pentesting with Tacyt
Dorking & Pentesting with TacytDorking & Pentesting with Tacyt
Dorking & Pentesting with TacytChema Alonso
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsNowSecure
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
 
Security and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSecurity and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSithira Pathirana
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?Ammar WK
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookNowSecure
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chaincentralohioissa
 
RSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of ThingsRSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of ThingsDaniel Miessler
 
Porque Investir em um time de segurança ofensiva?
Porque Investir em um time de segurança ofensiva?Porque Investir em um time de segurança ofensiva?
Porque Investir em um time de segurança ofensiva?Arthur Paixão
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeNowSecure
 
Hacking Cracking 2008
Hacking Cracking 2008Hacking Cracking 2008
Hacking Cracking 2008Jim Geovedi
 
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric VanderburgInformation Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric VanderburgEric Vanderburg
 
Beyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. PayneBeyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. PayneNebula
 
Ha(Attackers) Exposed
Ha(Attackers) ExposedHa(Attackers) Exposed
Ha(Attackers) ExposedEugene Tawiah
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016NowSecure
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsAmmar WK
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 

Tendances (20)

Dorking & Pentesting with Tacyt
Dorking & Pentesting with TacytDorking & Pentesting with Tacyt
Dorking & Pentesting with Tacyt
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’ts
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
 
Security and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSecurity and ethical hacking initiative first session
Security and ethical hacking initiative first session
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbook
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chain
 
RSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of ThingsRSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of Things
 
Berkarir di Cyber Security
Berkarir di Cyber SecurityBerkarir di Cyber Security
Berkarir di Cyber Security
 
Porque Investir em um time de segurança ofensiva?
Porque Investir em um time de segurança ofensiva?Porque Investir em um time de segurança ofensiva?
Porque Investir em um time de segurança ofensiva?
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
 
Hacking Cracking 2008
Hacking Cracking 2008Hacking Cracking 2008
Hacking Cracking 2008
 
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric VanderburgInformation Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
 
Beyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. PayneBeyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. Payne
 
Ha(Attackers) Exposed
Ha(Attackers) ExposedHa(Attackers) Exposed
Ha(Attackers) Exposed
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016
 
The IoT Attack Surface
The IoT Attack SurfaceThe IoT Attack Surface
The IoT Attack Surface
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web Applications
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat Detection
 

En vedette

Information is Power
Information is PowerInformation is Power
Information is Powerzekivazquez
 
Introducing the UI Patterns module: use atomic UI components everywhere in Dr...
Introducing the UI Patterns module: use atomic UI components everywhere in Dr...Introducing the UI Patterns module: use atomic UI components everywhere in Dr...
Introducing the UI Patterns module: use atomic UI components everywhere in Dr...Nuvole
 
Advanced Configuration Management with Config Split et al.
Advanced Configuration Management with Config Split et al.Advanced Configuration Management with Config Split et al.
Advanced Configuration Management with Config Split et al.Nuvole
 
Drupal 8.3.0: the features are ready, are you?
Drupal 8.3.0: the features are ready, are you?Drupal 8.3.0: the features are ready, are you?
Drupal 8.3.0: the features are ready, are you?Gábor Hojtsy
 
Docker, your best ally to migrate & upgrading your Drupal - Drupal Dev Days S...
Docker, your best ally to migrate & upgrading your Drupal - Drupal Dev Days S...Docker, your best ally to migrate & upgrading your Drupal - Drupal Dev Days S...
Docker, your best ally to migrate & upgrading your Drupal - Drupal Dev Days S...La Drupalera
 
LienApp™ Introduction
LienApp™ IntroductionLienApp™ Introduction
LienApp™ IntroductionVADAR Systems
 
The truth information, power, upgrades.
The truth information, power, upgrades.The truth information, power, upgrades.
The truth information, power, upgrades.Marie Alcock
 

En vedette (7)

Information is Power
Information is PowerInformation is Power
Information is Power
 
Introducing the UI Patterns module: use atomic UI components everywhere in Dr...
Introducing the UI Patterns module: use atomic UI components everywhere in Dr...Introducing the UI Patterns module: use atomic UI components everywhere in Dr...
Introducing the UI Patterns module: use atomic UI components everywhere in Dr...
 
Advanced Configuration Management with Config Split et al.
Advanced Configuration Management with Config Split et al.Advanced Configuration Management with Config Split et al.
Advanced Configuration Management with Config Split et al.
 
Drupal 8.3.0: the features are ready, are you?
Drupal 8.3.0: the features are ready, are you?Drupal 8.3.0: the features are ready, are you?
Drupal 8.3.0: the features are ready, are you?
 
Docker, your best ally to migrate & upgrading your Drupal - Drupal Dev Days S...
Docker, your best ally to migrate & upgrading your Drupal - Drupal Dev Days S...Docker, your best ally to migrate & upgrading your Drupal - Drupal Dev Days S...
Docker, your best ally to migrate & upgrading your Drupal - Drupal Dev Days S...
 
LienApp™ Introduction
LienApp™ IntroductionLienApp™ Introduction
LienApp™ Introduction
 
The truth information, power, upgrades.
The truth information, power, upgrades.The truth information, power, upgrades.
The truth information, power, upgrades.
 

Similaire à Security for Human Beings

Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...AI Frontiers
 
Evolving threat landscape
Evolving threat landscapeEvolving threat landscape
Evolving threat landscapeMotiv
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Hacker Proof: Building Secure Software
Hacker Proof: Building Secure SoftwareHacker Proof: Building Secure Software
Hacker Proof: Building Secure SoftwareCesar Cerrudo
 
Cyber security innovation imho
Cyber security innovation imhoCyber security innovation imho
Cyber security innovation imhoW Fred Seigneur
 
So... you want to be a security consultant
So... you want to be a security consultant So... you want to be a security consultant
So... you want to be a security consultant abnmi
 
Developing Software with Security in Mind
Developing Software with Security in MindDeveloping Software with Security in Mind
Developing Software with Security in Mindsblom
 
Introduction to the ZeroTrust Initiative
Introduction to the ZeroTrust InitiativeIntroduction to the ZeroTrust Initiative
Introduction to the ZeroTrust Initiativepjdzt
 
Protecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsProtecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsBunmi Sowande
 
Peerlyst Delhi NCR Chapter Meet
Peerlyst Delhi NCR Chapter MeetPeerlyst Delhi NCR Chapter Meet
Peerlyst Delhi NCR Chapter MeetAbhinav Mishra
 
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Nick Galbreath
 
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...OWASP Kyiv
 
Mobile Day - App (In)security
Mobile Day - App (In)securityMobile Day - App (In)security
Mobile Day - App (In)securitySoftware Guru
 
Thane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationThane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationJeff Zahn
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017TecsyntSolutions
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactSBWebinars
 
Secure Your Mobile Apps
Secure Your Mobile AppsSecure Your Mobile Apps
Secure Your Mobile Appsprimomh
 
5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile SecurityLookout
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for ActivistsGreg Stromire
 

Similaire à Security for Human Beings (20)

Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
 
Evolving threat landscape
Evolving threat landscapeEvolving threat landscape
Evolving threat landscape
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Hacker Proof: Building Secure Software
Hacker Proof: Building Secure SoftwareHacker Proof: Building Secure Software
Hacker Proof: Building Secure Software
 
Cyber security innovation imho
Cyber security innovation imhoCyber security innovation imho
Cyber security innovation imho
 
So... you want to be a security consultant
So... you want to be a security consultant So... you want to be a security consultant
So... you want to be a security consultant
 
Developing Software with Security in Mind
Developing Software with Security in MindDeveloping Software with Security in Mind
Developing Software with Security in Mind
 
Introduction to the ZeroTrust Initiative
Introduction to the ZeroTrust InitiativeIntroduction to the ZeroTrust Initiative
Introduction to the ZeroTrust Initiative
 
Protecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsProtecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwords
 
Peerlyst Delhi NCR Chapter Meet
Peerlyst Delhi NCR Chapter MeetPeerlyst Delhi NCR Chapter Meet
Peerlyst Delhi NCR Chapter Meet
 
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013
 
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
 
Mobile Day - App (In)security
Mobile Day - App (In)securityMobile Day - App (In)security
Mobile Day - App (In)security
 
Thane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationThane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentation
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
 
Secure Your Mobile Apps
Secure Your Mobile AppsSecure Your Mobile Apps
Secure Your Mobile Apps
 
5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for Activists
 

Plus de zekivazquez

Drupal Dev Days 2018 - Autopsy of Vulnerabilities
Drupal Dev Days 2018 - Autopsy of VulnerabilitiesDrupal Dev Days 2018 - Autopsy of Vulnerabilities
Drupal Dev Days 2018 - Autopsy of Vulnerabilitieszekivazquez
 
DrupalCamp Spain 2018: CSI, autopsia de vulnerabilidades
DrupalCamp Spain 2018: CSI, autopsia de vulnerabilidadesDrupalCamp Spain 2018: CSI, autopsia de vulnerabilidades
DrupalCamp Spain 2018: CSI, autopsia de vulnerabilidadeszekivazquez
 
Hacking a sistemas CMS
Hacking a sistemas CMSHacking a sistemas CMS
Hacking a sistemas CMSzekivazquez
 
Hackea tu propia Harley
Hackea tu propia HarleyHackea tu propia Harley
Hackea tu propia Harleyzekivazquez
 
Seguridad para todos
Seguridad para todosSeguridad para todos
Seguridad para todoszekivazquez
 
DrupalCon Barcelona 2015 - Drupal Extreme Scaling
DrupalCon Barcelona 2015 - Drupal Extreme ScalingDrupalCon Barcelona 2015 - Drupal Extreme Scaling
DrupalCon Barcelona 2015 - Drupal Extreme Scalingzekivazquez
 
Hack & Beers - Seguridad en Drupal
Hack & Beers - Seguridad en DrupalHack & Beers - Seguridad en Drupal
Hack & Beers - Seguridad en Drupalzekivazquez
 
Hacking & Hardening Drupal
Hacking & Hardening DrupalHacking & Hardening Drupal
Hacking & Hardening Drupalzekivazquez
 
Drupal Extreme Scaling
Drupal Extreme ScalingDrupal Extreme Scaling
Drupal Extreme Scalingzekivazquez
 
Hacking Drupal - Anatomía de una auditoría de seguridad
Hacking Drupal - Anatomía de una auditoría de seguridadHacking Drupal - Anatomía de una auditoría de seguridad
Hacking Drupal - Anatomía de una auditoría de seguridadzekivazquez
 
Taller Drupal - Jornadas Software Libre UCA
Taller Drupal - Jornadas Software Libre UCATaller Drupal - Jornadas Software Libre UCA
Taller Drupal - Jornadas Software Libre UCAzekivazquez
 
Desarrollo Seguro en Drupal - DrupalCamp Spain 2013
Desarrollo Seguro en Drupal - DrupalCamp Spain 2013Desarrollo Seguro en Drupal - DrupalCamp Spain 2013
Desarrollo Seguro en Drupal - DrupalCamp Spain 2013zekivazquez
 
Betabeers Sevilla - Hacking web con OWASP
Betabeers Sevilla - Hacking web con OWASPBetabeers Sevilla - Hacking web con OWASP
Betabeers Sevilla - Hacking web con OWASPzekivazquez
 
Hacking web con OWASP
Hacking web con OWASPHacking web con OWASP
Hacking web con OWASPzekivazquez
 

Plus de zekivazquez (14)

Drupal Dev Days 2018 - Autopsy of Vulnerabilities
Drupal Dev Days 2018 - Autopsy of VulnerabilitiesDrupal Dev Days 2018 - Autopsy of Vulnerabilities
Drupal Dev Days 2018 - Autopsy of Vulnerabilities
 
DrupalCamp Spain 2018: CSI, autopsia de vulnerabilidades
DrupalCamp Spain 2018: CSI, autopsia de vulnerabilidadesDrupalCamp Spain 2018: CSI, autopsia de vulnerabilidades
DrupalCamp Spain 2018: CSI, autopsia de vulnerabilidades
 
Hacking a sistemas CMS
Hacking a sistemas CMSHacking a sistemas CMS
Hacking a sistemas CMS
 
Hackea tu propia Harley
Hackea tu propia HarleyHackea tu propia Harley
Hackea tu propia Harley
 
Seguridad para todos
Seguridad para todosSeguridad para todos
Seguridad para todos
 
DrupalCon Barcelona 2015 - Drupal Extreme Scaling
DrupalCon Barcelona 2015 - Drupal Extreme ScalingDrupalCon Barcelona 2015 - Drupal Extreme Scaling
DrupalCon Barcelona 2015 - Drupal Extreme Scaling
 
Hack & Beers - Seguridad en Drupal
Hack & Beers - Seguridad en DrupalHack & Beers - Seguridad en Drupal
Hack & Beers - Seguridad en Drupal
 
Hacking & Hardening Drupal
Hacking & Hardening DrupalHacking & Hardening Drupal
Hacking & Hardening Drupal
 
Drupal Extreme Scaling
Drupal Extreme ScalingDrupal Extreme Scaling
Drupal Extreme Scaling
 
Hacking Drupal - Anatomía de una auditoría de seguridad
Hacking Drupal - Anatomía de una auditoría de seguridadHacking Drupal - Anatomía de una auditoría de seguridad
Hacking Drupal - Anatomía de una auditoría de seguridad
 
Taller Drupal - Jornadas Software Libre UCA
Taller Drupal - Jornadas Software Libre UCATaller Drupal - Jornadas Software Libre UCA
Taller Drupal - Jornadas Software Libre UCA
 
Desarrollo Seguro en Drupal - DrupalCamp Spain 2013
Desarrollo Seguro en Drupal - DrupalCamp Spain 2013Desarrollo Seguro en Drupal - DrupalCamp Spain 2013
Desarrollo Seguro en Drupal - DrupalCamp Spain 2013
 
Betabeers Sevilla - Hacking web con OWASP
Betabeers Sevilla - Hacking web con OWASPBetabeers Sevilla - Hacking web con OWASP
Betabeers Sevilla - Hacking web con OWASP
 
Hacking web con OWASP
Hacking web con OWASPHacking web con OWASP
Hacking web con OWASP
 

Dernier

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 

Dernier (20)

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

Security for Human Beings