Security starts with

YOU

Phishing

Spear Phishing

BAITING

OSINT

Pretexting

Before you

SHIP

Assess the

• Periodically re-verify on stale codebase
• Bake it into the package manager

Leverage

• Catch 'em as you type 'em
  
• Bake it into the package manager
  

• Confidentiality
• Integrity
• Availability

• Unauthorized access to information
• e.g a database breach
• e.g emails getting sent to wrong people

Confidentiality

• Property of accuracy and completeness
• e.g tampering with data during transit by unauthorized people

Integrity

• Property of being accessible and usable on demand by an authorized entity.

• e.g denial of service attacks

Availability

Least Privilege Principle

Fun stuff

mitm

SQL Injection

XSS

When you

SHIP

Automate

All the things

Continuous Integration

Continuous Builds

Continuous

Tests

=

+

Secure Team Practices

Secure Team Practices

• Deliberately vulnerable apps
• CTF (Capture the flag) games
• Organize and participation in meetup sessions

Secure Team Practices

vs

Red Team

Blue Team

vs

Secure Team Practices

Establish a

RED TEAM

• Consists of members who act as actual attackers
• Attack blue teams without warning
• No rules applied

Secure Team Practices

Enforce the

BLUE TEAM

• Setup infra to detect red team activity
• Aim to make red team campaigns as ineffective as they possibly can

Secure Team Practices

• Document and replay all Red Team successful attacks on every build

Secure Team Practices

• Bifurcate production traffic and create a break-able replica

Proposals for

Trantor

Proposals for Trantor

Establish a

RED TEAM

Organize CTFs

Proposals for Trantor

Create a bug/vuln bounty program

Proposals for Trantor