Play all

Intro

Black hat: hacker doing evil White hat: hacker doing good Grey hat: hacker hacking

Why do they do it?

Financial gain Reputation Corporate reasons

What makes you a target?

Popularity Politics & perspective People Pot-luck

What can you do to start reducing risk?

No magic solution

Embed security considerations into the whole project workflow

It is every developers responsibility

The people problem

Limit who has access to what

Where is your data stored?

Who are the third parties you trust with

You can't lose what you don't have

HTTPS all the things

Check your repos for secrets

Check your public sites for secrets

Curiosity "what if..."

Don't trust user input

I'd like to be removed from the mailing list please

Use prepared statements

Don't trust data

Broken access control

Don't trust users input

Broken authentication

Don't re-use passwords

Don't allow your users to re-use passwords

pwned passwords API

Use Multi Factor Authentication

What packages do you trust in your application?

Keep them up-to-date

You have more surface area than you might think

Mistakes will happen

Evaluate who you trust with data Security at all stages of the project Principle of least privilege Encrypt data in transit and at rest Check for public secrets Don't trust users & input Hash passwor…

Always be curious

Description:

Explore the mindset of a hacker in this insightful conference talk from GOTO Berlin 2019. Delve into the world of cybersecurity as Matt Brunt, a Dungeon Master, Code Tinkerer, and Cybersecurity Pro, shares valuable insights on protecting your systems by understanding attack strategies. Learn about different types of hackers, their motivations, and what makes organizations attractive targets. Discover practical steps to reduce security risks, including embedding security considerations throughout project workflows, limiting access, proper data storage practices, and implementing HTTPS. Gain knowledge on avoiding common pitfalls like trusting user input, reusing passwords, and neglecting package updates. Understand the importance of curiosity in identifying vulnerabilities and the principle of least privilege. Cover essential topics such as encryption, password hashing, and the OWASP Top Ten. Leave with a comprehensive understanding of how to think like a hacker to better secure your systems and data. Read more

Think Like a Hacker

GOTO Conferences

Add to list

#Conference Talks #GOTO Conferences #Information Security (InfoSec) #Cybersecurity #Ethical Hacking #Business #Corporate Governance #Risk Management #Computer Science #Cryptography #Encryption #Application Security #Programming #Software Development #Secure Software Development #Data Security #Multi-Factor Authentication

0:00 / 0:00