Lessons in Securing Internal Apps - AppSecCali 2019

Explore strategies for securing internal applications in this 44-minute conference talk from AppSecCali 2019. Learn how to tackle the unique challenges of locking down sensitive internal tools, dashboards, and control panels across diverse technical stacks. Discover a scalable approach to internal application security, including establishing a useful mental model, implementing authentication and authorization basics, deploying Content Security Policy, leveraging SameSite cookies for entry point regulation, utilizing Web Application Firewalls for detection and response, and using internal apps to train new security engineers. Gain insights from both successful and unsuccessful approaches as Hongyi Hu, Security Engineer at Dropbox, shares valuable lessons and humorous anecdotes from his experience leading the Application Security team.