Overview
Syllabus
Intro
How is technology changing
Cost of the attack
Near instantaneous deployment
Waterfall model
Etsy
Waterfall
Feature Flags
Security vs Control
The system isnt dangerous
It doesnt matter
Deployment time
Old methodology
What makes it safe
Invisibility instrumentation
Security insight
The big lesson
The key
Binary events
The two worlds
The shift around
Function by removing blockers
We are the blocker
Mindset shift
Being a jerk
Making realistic tradeoffs
The security chart moment
How easy it is to exploit
Random culture
Reward behavior
Bad days
Dont be a jerk
Reward good behaviour
National responses
How to scale
Access control in startups
Pressure from different points
Whether its regulatory compliance
You can take away access but
This is a hard step
The key lesson learned
Destroy your credibility
Magic
Central Locking
End State
Budget Concerns
Above Bounty
Cost of Discovery
Metrics
Mark
Quality and Credit
Pen Testing
Vulnerability Enumeration
Pentest
Feedback Loop
GoalOriented
Scope
Realistic
Logistical
Data
Why
Behaviors Patterns
Attack Profile
Life Against Death
Taught by
OWASP Foundation