Security Talk at PayPal: Least Privilege Made Easy
Hi, I’m Devon Rifkin, CTO at Intrinsic. Last month, Christian Almenar (our CEO) and I were very excited to give a security talk at PayPal’s Innovation Lab.
At Intrinsic, our central thesis is that security hasn’t kept up with the way we build modern applications. Our conclusion is that the only way to secure modern applications is to do something drastic: stop trusting code. This is easier said than done, but years later we’ve successfully built what we believe is the future of security. In order to build such an ambitious product, we’ve been greatly informed by academic research (in fact, our other two founders are security professors: David Mazières at Stanford and Deian Stefan at UCSD). What surprises some people is that so much of the research that inspired us is decades old. Sometimes old ideas are just waiting for the right time to be resurrected!
In this talk, I describe some of the problems posed by modern applications and development practices, give some historical context, and explain why everyone should care about something security people are always talking about — the principle of least privilege. I’ll also help you realize that you already have intuition for how to apply this principle in your daily life, and how to use this intuition to make your applications more secure (and how Intrinsic can help you easily apply this principle to your existing applications!).
Do you want to secure your Node.js applications against vulnerabilities and malicious code? Intrinsic splits up your application automatically and lets you apply the principle of least privilege using powerful policies written in a simple JavaScript DSL. Get in touch at hello@intrinsic.com.
