Explore startup security strategies in this 47-minute LASCON conference talk. Learn how to integrate security measures without impeding progress or increasing developer workload. Discover open-source tools and automated processes for dependency, code, and infrastructure security. Gain insights into building security into the pipeline, approaching new technologies, and implementing proactive controls. Examine application and host security challenges, various technologies and languages, and security tools like CI pipeline, linting, fuzzing, and password hashing. Understand how to conduct security reviews, choose dependencies, and automate vulnerability checks. Dive into Amazon EC2 security best practices, including console access, policy conditions, and jumpboxes. Explore network structure, AWS alerts, logs, and infrastructure management using Packer, JSON, and Terraform. Learn about managing secrets and leveraging AWS Parameter Store for code deployment.
Overview
Syllabus
Intro
What is Startup Security
The Problem with Security
Meet the Team
What is Exfil
Challenges
Application Security
Host Security
Technologies
Languages
Security Challenges
Security Tools
CI Pipeline
linting downsides
fuzzing
password hashing
fuzz
Security reviews
Choosing dependencies
Automating dependencies
Express vulnerability
Amazon EC2
Things to do right away
Amazon Checklist
Console Axis
Policy Conditions
Jumpboxes
Duo PAM
Network Structure
AWS Alerts
Logs
Infrastructure
Packer
JSON
Security Groups
Terraform
Managing Secrets
Code Ship
Parameter Store
Next Steps
Taught by
LASCON
