insecurity in information technology - usenix enigma edition
TRANSCRIPT
![Page 1: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/1.jpg)
Insecurity in Information Technology
Tanya [email protected]
OWASP Ottawa Chapter Leader
OWASP DevSlop Project Leader
@SheHacksPurple
![Page 2: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/2.jpg)
![Page 3: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/3.jpg)
![Page 4: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/4.jpg)
![Page 5: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/5.jpg)
All of this creates the feeling of insecurity about people’s jobs and how to do them well.
This leads to predictably negative behaviour.
![Page 6: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/6.jpg)
Deviant Behaviour
![Page 7: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/7.jpg)
Moral Disengagement
![Page 8: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/8.jpg)
Reduced Job Involvement
![Page 9: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/9.jpg)
Risk Taking Behaviour
![Page 10: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/10.jpg)
Reduction of Organizational Citizenship Behavior
(positive workplace activity and involvement)
![Page 11: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/11.jpg)
All of this negative behavior leads to insecure software.
![Page 12: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/12.jpg)
![Page 13: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/13.jpg)
The Plan:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
![Page 14: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/14.jpg)
The Plan:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
![Page 15: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/15.jpg)
The Plan:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
![Page 16: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/16.jpg)
The Plan:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
![Page 17: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/17.jpg)
The Plan:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
![Page 18: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/18.jpg)
![Page 19: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/19.jpg)
![Page 20: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/20.jpg)
![Page 21: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/21.jpg)
Start Security Earlier!
Requirements Design Code Testing Release
Push Left!
![Page 22: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/22.jpg)
Break security testing into smaller pieces
![Page 23: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/23.jpg)
![Page 24: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/24.jpg)
![Page 25: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/25.jpg)
1
![Page 26: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/26.jpg)
1
![Page 27: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/27.jpg)
Job Shadowing
![Page 28: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/28.jpg)
![Page 29: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/29.jpg)
![Page 30: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/30.jpg)
2Give Developers Security Tools!
![Page 31: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/31.jpg)
![Page 32: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/32.jpg)
OWASP: Your new BFF!!!
The Open Web Application Security Project
![Page 33: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/33.jpg)
![Page 34: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/34.jpg)
2
![Page 35: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/35.jpg)
2
![Page 36: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/36.jpg)
In Summary:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
![Page 37: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/37.jpg)
In Summary:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
![Page 38: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/38.jpg)
In Summary:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
![Page 39: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/39.jpg)
In Summary:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
![Page 40: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/40.jpg)
In Summary:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
![Page 41: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/41.jpg)
![Page 42: Insecurity in Information Technology - USENIX Enigma Edition](https://reader034.vdocument.in/reader034/viewer/2022051404/5a6488977f8b9a31568b4f01/html5/thumbnails/42.jpg)
ANY
QUESTIONS?OWASP Ottawa Chapter Leader
OWASP DevSlop Project Leader
@SheHacksPurple
Tanya [email protected]