Learn, hack!

URL

https://media.blackhat.com/us-12/video/us-12-Mortman-The-Defense-RESTs-Automation-and-APIs-for-Improving-Security.mp4

File name

us-12-Mortman-The-Defense-RESTs-Automation-and-APIs-for-Improving-Security.mp4

File size

100.6 MB

MD5

8f0d95c45c5862f13a9881a987eff2e1

SHA1

39618038998387b805d9446d506b8afcfb4e390d

Want to get better at security? Improve your ops and improve your dev. Most of the security tools you need aren't from security vendors, they don't even need to be commercial. You need tools like chef & puppet, jenkins, logstash + elasticsearch & splunk or even hadoop to name but a few. The key is to centralize management, automate and test. Testing is especially key, like Jeremiah says "Hack Yourself First". So many vulnerabilities can be detected automatically. Let the machines do that work and find the basic XSS, CSRF and SQLi flaws, not to mention buffer overflows, Save the manual effort for the more complex versions of the above attacks and for business logic flaws. This is one of those spaces that dedicated security tools are a must. Leverage APIs (and protect API endpoints), be evidence driven. Counter intuitively, deploy more often, with smaller change sets. Prepare for fail and fail fast but recover faster. Not just theory, will include real examples with real code including open protocols like netconf and open source software like dasein-cloud. There will be no discussion of APT, DevOps vs NoOps, BYOD or Cloud Security concerns, there will however be baked goods.