Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Polish to make flow a bit better, in Appsec #20

Merged
merged 1 commit into from
Nov 12, 2023
Merged

Polish to make flow a bit better, in Appsec #20

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 17 additions & 19 deletions content/security/appsec/slides.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,24 +20,20 @@ Security is about your **residual risks**, not what you have prevented.

---

## Index
## Overview

<pba-flex center>

1. ### Securing SDLC
- The Big Picture of AppSec
- Components of AppSec
- Shifting Left
2. ### Known Attack Surfaces & Vectors
- Known Rust Vulnerabilities
- Known Substrate Vulnerabilities
- Known ink! Vulnerabilities
1. [Securing SDLC](#securing-sdlc)
1. [Appsec Design Principles](#appsec-design-principles)
1. [Components of AppSec](#components-of-appsec)
1. [Known Attack Surfaces and Vectors](#known-attack-surfaces-and-vectors)

</pba-flex>

---

# 1. Securing SDLC
# Securing SDLC

---

Expand All @@ -49,7 +45,7 @@ We will visit this picture multiple times.

---

## Security Enforced Through Controls.
## Security Enforced Through Controls

Controls must be:

Expand Down Expand Up @@ -98,11 +94,13 @@ The likelihood of a threat exploiting a vulnerability and thereby causing damage

---

# A brief look at design principles
# Appsec Design Principles

_In Brief_

---

## Good enough security
## Good Enough Security

Don’t spend $10.000 on a safe to protect a $20 bill

Expand Down Expand Up @@ -206,7 +204,7 @@ If SPoF fails, means the entire system fails

---

# Securing a software is very simple(!)
## Securing Software is Very Simple(!?)

---

Expand All @@ -223,7 +221,7 @@ If SPoF fails, means the entire system fails

---

# Security Controls are easy(!)
## Security Controls are Easy(!?)

---

Expand All @@ -242,7 +240,7 @@ If SPoF fails, means the entire system fails

---

Deterrent
### Deterrent

<img rounded style="height: 600px" src="./img/deterrent.png" />

Expand Down Expand Up @@ -296,7 +294,7 @@ Deterrent

---

## Components of AppSec
# Components of AppSec

---

Expand Down Expand Up @@ -346,7 +344,7 @@ There will be blood (**risk**), you need to manage the blood. But how?

---

# Vulnerability Disclosure Program vs Bug Bounty
## Vulnerability Disclosure Program vs Bug Bounty

---

Expand All @@ -356,7 +354,7 @@ There will be blood (**risk**), you need to manage the blood. But how?

---

## Known Attack Surfaces & Vectors
# Known Attack Surfaces and Vectors

---

Expand Down
Loading