Modern Application Security

  • Has bugs
  • Is never “finished”
  • Is not understood by anyone end to end
  • People are looking for security flaws in your product, right now.

Finding bugs

Bug finding is what makes a security team special.

Fixing bugs

As a security engineer you should be capable of fixing all security bugs yourself. You wont always do this but be sure to lay out what a clear fix looks life.

Prevent bugs

Software is written by people and people screw up sometimes. Lots of preventing bugs is around shepherding folks towards better code. There are a few ways to do this.

Tooling

Automate everything you can.

Non-technical

The goal is to fix as much insecurity as possible and the methods are not purely technical.

Conclusion

We can’t catch em all but hopefully some of these tactics, tools and ideas will prove useful.

  1. Facebook had 17,000 submissions in 2014. Each one was reviewed by a security engineer. https://www.facebook.com/notes/facebook-bug-bounty/2014-highlights-bounties-get-better-than-ever/1026610350686524

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store