developers are from mars, security guys are from venus
TRANSCRIPT
Developers are from Mars,
Security guys arefrom Venus
FeWeb - February 20171
2
$ cat ~/whoami.xml<profile> <real_name>Xavier Mertens</real_name> <day_job>Freelance Security Guy</day_job> <night_job>Hacker, Blogger</night_job> <![CDATA[ www.truesec.be blog.rootshell.be isc.sans.edu www.brucon.org ]]></profile>
3
$ cat ~/.profile
• I like (your) data
• Playing “Active Defense”
• I prefer t-shirts than ties
• Geek and gadgets over!
4
Agenda
5
… Just one tip!
6
Two Opposite Worlds
“Developers think of ways to make great things”
“Security people think of ways to break things”
7
Two Opposite Worlds• Implement boring
controls• Make our daily job
difficult• Are paranoiac• Don’t know the
business
• Just write lines of code• Don’t have a clue
about security• Have short deadlines• Blindly re-use code
8
Funny Examples
9
Funny Examples
10
Funny Examples
11
Funny Examples
12
Funny Examples
13
Threat Landscape
Fasten your seatbelts…
14
Threat #1
“Why attacking me? My $DATA aren’t relevant”
15
Threat #2
“We are always a weakest point forsomeone else!”
16
Threat #3
“Did you see that our competitors just launched anew web site with plenty of nice features?”
17
Threat #4
“Do not reinvent the wheel!”
18
Threat #5
“There is a app/module for that!”
19
Threat #6
New gadgets…
• IoT (“Internet of Terror”)• Sport wristband• Cars• Homes• TV, Fridges,• Wireless stuff (RF, BT, BTLE, LORA, …)
20
Threat #7More and more $DATA…
• Do you need them?• Safely processed?
21
Threat #8
“P I B K A C”
22
Threat #9Security Vendors…
23
Threat #10
24
So…
… how to improve security?
25
The famous SDLC
Requirements
CodingTesting
DesignDeployment
26
Requirements
Requirements
27
Design
Design
28
Testing
Testing
29
Easy as 1, 2, 3
Many tools can be used by script kiddies…
30
Scan All The Things!
31
Win-Win
• No dumb job• Challenging!
• Reduced costs!• Time optimisation• Self-learning
Developers:Security Guys:
32
Conclusion
“Thinking as a security guy can help you to makethings that are (more) difficult to break!”
