developers are from mars, security guys are from venus
Post on 22-Jan-2018
922 Views
Preview:
TRANSCRIPT
2
$ cat ~/whoami.xml<profile> <real_name>Xavier Mertens</real_name> <day_job>Freelance Security Guy</day_job> <night_job>Hacker, Blogger</night_job> <![CDATA[ www.truesec.be blog.rootshell.be isc.sans.edu www.brucon.org ]]></profile>
3
$ cat ~/.profile
• I like (your) data
• Playing “Active Defense”
• I prefer t-shirts than ties
• Geek and gadgets over!
6
Two Opposite Worlds
“Developers think of ways to make great things”
“Security people think of ways to break things”
7
Two Opposite Worlds• Implement boring
controls• Make our daily job
difficult• Are paranoiac• Don’t know the
business
• Just write lines of code• Don’t have a clue
about security• Have short deadlines• Blindly re-use code
16
Threat #3
“Did you see that our competitors just launched anew web site with plenty of nice features?”
19
Threat #6
New gadgets…
• IoT (“Internet of Terror”)• Sport wristband• Cars• Homes• TV, Fridges,• Wireless stuff (RF, BT, BTLE, LORA, …)
31
Win-Win
• No dumb job• Challenging!
• Reduced costs!• Time optimisation• Self-learning
Developers:Security Guys:
32
Conclusion
“Thinking as a security guy can help you to makethings that are (more) difficult to break!”
top related