Upload File

bug bounties and devops security

8
Bug Bounties & DevOps Security www.crowdcurity.com

Upload: crowdcurity

Post on 18-Nov-2014

304 views

Category:

Technology


0 download

Report

DESCRIPTION

A short slideshare on how bug bounty programs can bring continuous security testing to a DevOps environment.

TRANSCRIPT

Page 1: Bug Bounties and DevOps Security

Bug Bounties &

DevOps Security

www.crowdcurity.com

Page 2: Bug Bounties and DevOps Security

CrowdCurity

”If you are always pushing new code aren’t you

potentially introducing new vulnerabilities?”

Page 3: Bug Bounties and DevOps Security

CrowdCurity

YES

Page 4: Bug Bounties and DevOps Security

CrowdCurity

But security and DevOps can work together!

Nick  Galbreath  (former  Etsy)  Integra9ng  Informa9on  Security  Into  DevOps      James  D.  Brown  Mythbus9ng:  DevOps  and  Security    

Page 5: Bug Bounties and DevOps Security

CrowdCurity

Bug Bounty?

Bug Bounty Program

$  -­‐  Rewards  

Bug  Reports  

Security testers Online Business

Open invite to security testers from around the world

Page 6: Bug Bounties and DevOps Security

Benefits of a Bug Bounty Program

Mirrors the threat Cost-effective Scaleable

CrowdCurity

…and it can provide continuous security testing for DevOps

Page 7: Bug Bounties and DevOps Security

CrowdCurity

The big brands already do it

Page 8: Bug Bounties and DevOps Security

www.crowdcurity.com


Bug Bounties; Working Towards a Fairer and Safer …...2 3 Bug Bounties; Working Towards a Fairer and Safer Marketplace In contrast, one expert said that the majority of bug bounty

Lecture 1 - Course Overview, Design as Choicetlatoza/teaching/swe621f18/lecture1.pdfWork more distributed, through crowdsourcing, hackathaons, bug bounties ... Liveness of results

7.4. Show impact [bug bounties]

Bug Eat Bug World

Public Interest Disclosure and Bounties - Working Copy Presentation on 06092014

Devops Devops Devops

Associating Partners in Allah's Bounties

Minnesota Bounties On Dakota Men During The U.S.-Dakota War

God promiseth you forgiveness and bounties and God …jamiat.org.za/wp-content/uploads/2013/10/Some-Pearls-of-Wisdom.pdf · God promiseth you forgiveness and bounties and God careth

Bugs Entomology CDE. Order- Hemiptera Assassin bug Bed Bug Boxelder bug Brown stink bug Chinch bug Damsel bug Giant water bug Green stink bug Harlequin

Bug Bounties With Bash - TomNomNom.com · 2019-01-25 · Enumerate subdomains Check for dangling CNAMEs Request all the pages Look for things in the results Maybe then I’ll take

Squashing bugs: Introduction to Bug Bounties ISSA Dehradun Chapter

Design Bounties: Adventures in Recruiting New Free Software Ninjas

The Good Earth: And all the bounties of teaching it

Stink Bug. Minute Pirate Bug Big Eyed Bug Damsel Bug

0days, Exploits and Bug bounties - Pwn2Own · Aug 2014 –Sept 2015, chasing the bounties •Getting ready for big bounties •Dealing with last minute mitigations •Why you do absolutely

The Economics of Security Research, Bug Bounties, … › hitbsecconf2010ams › materials...The economics of security bug finding and fixing are broken Chasm between awareness and

Enter the Hydra: Toward Principled Bug Bounties and ... · Some (in)famous smart contracts •The DAO (June 2016) •Reentrancy bug ⇒$50+ million stolen •Parity multisig hack

Guild bounties

Bug Bounties With Bash - tomnomnom.com · uniq - remove duplicate lines from stdin xargs - run a command using each line from stdin as an argument tee - copy stdin to a file and to

Bug Bounties: Where are we? - usna. Web viewNot a big investment: Google ... word processing. Tasking ... tighten-up the seaworthiness of our proverbial security vessel so that larger

EXTERMINATION OE NOXIOUS ANIMALS BY BOUNTIES

New special bounties programs in amazon

Bitcoin Crypto{Bounties for Quantum Capable …Bitcoin Crypto{Bounties for Quantum Capable Adversaries Dragos I. Ilie 1, Kostis Karantias2, and William J. Knottenbelt 1 Centre for

Bounties as Inducements to Identify Cartels · Bounties as Inducements to Identify Cartels by William E. Kovacic1 I. Introduction 1 Commissioner, U.S. Federal Tr ade Commission. The

Automated Program Repairweb.eecs.umich.edu/~weimerw/481/lectures/se-24-repair.pdf8 Bug Bounties If you trust your triage and code review processes, anyone can submit a candidate bug

Insect-damaged wheat: suni bug, cereal bug, sunn pest, wheat bug, shield bug, shell bug

DRAWING ESSENCE FROM The Bounties of Nature

Cyber PREVENT; #CyberChoices...Bug Bounties Virtual Machines Build your own network and hack to your heart’s content –e.g. VirtualBox, ‘Hack me’ sites There are dozens –search

SLC Open Source Bounties!

Cyber Security 2017 - Swisscom...Cyber Security 2017: Data Breaches & Bug Bounties Auteur: Swisscom Security Ce rapport a été réalisé dans le cadre d’un partenariat étroit de

HOW HACKERS SPEND THEIR BOUNTIES · Google, and Facebook have “bounty match” promotions, matching any bounties earned that hackers in turn donate to a cause. ... @TRY_TO_HACK

EU-FOSSA 2 · 2019-10-28 · Fix already known bugs Hackathons Bug bounty programs Communication campaign. Bug bounties Critical bug hidden for 20 years in PuTTy found and fixed •

Cyber Security 2017 - Swisscom · Cyber Security 2017: Data breaches & bug bounties Author: Swisscom Security This report was compiled through close collaboration between Swisscom

Crypto Night at CSUS - Bug Bounties