ken johnson matt ahrens - owasp...matt ahrens april 2012 introductions • ken johnson - @cktricky...
TRANSCRIPT
![Page 1: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/1.jpg)
baking in security sweet, secure, cupcakes
ken johnson matt ahrens
april 2012
![Page 2: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/2.jpg)
introductions
• ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding
• matt ahrens - @matt_ahrens • background in IR/DF • breaking or building a security program • loves craft beer and coffee that resembles tar
![Page 3: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/3.jpg)
expectations
• What this talk is about • Survival Guide? • Our experience thus far
• What it isn’t! • We figured it out!!! <~ FALSE
![Page 4: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/4.jpg)
![Page 5: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/5.jpg)
• Live in more than 647 markets around the world
• More than 60 million members worldwide, 25 countries on 6 continents
• 63 million vouchers sold to date
• Diverse offerings include daily deals, escapes, families, adventures, instant, gourmet
• Over 4,900 employees worldwide
Updated January 23, 2012
![Page 6: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/6.jpg)
![Page 7: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/7.jpg)
in the beginning!.
![Page 8: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/8.jpg)
where to start
![Page 9: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/9.jpg)
psychology
![Page 10: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/10.jpg)
who to hire
![Page 11: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/11.jpg)
who to hire
![Page 12: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/12.jpg)
apprenticeship
![Page 13: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/13.jpg)
engineer focused
![Page 14: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/14.jpg)
find the fail
![Page 15: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/15.jpg)
appsec goals
![Page 16: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/16.jpg)
alignment
![Page 17: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/17.jpg)
changes
![Page 18: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/18.jpg)
changes
![Page 19: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/19.jpg)
manage communications
![Page 20: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/20.jpg)
time management
![Page 21: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/21.jpg)
professional firefighters
![Page 22: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/22.jpg)
work/life balance
![Page 23: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/23.jpg)
communication
![Page 24: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/24.jpg)
communication
24
!
Not. Role. Models.!!
!""#$#%&"'()*+$$,%%-$%.'#)/"$
012)*)*+$3%1$2$45%%16#'21)*+7$8%&9"::%*;$
![Page 25: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/25.jpg)
tools
![Page 26: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/26.jpg)
tools
![Page 27: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/27.jpg)
tools
![Page 28: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/28.jpg)
friendly advice
![Page 29: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/29.jpg)
friendly advice
" " " " """
!Do NOT call someone’s baby ugly!
![Page 30: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/30.jpg)
Have a SOLUTION!
…don’t just say no
![Page 31: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/31.jpg)
compliance is tangible
![Page 32: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/32.jpg)
fail fast
![Page 33: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/33.jpg)
" Failed tests are better than none at all"
" Realize a failed test quickly"
" Don’t push it to the brink"
know when to quit, don’t be afraid
![Page 34: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/34.jpg)
incidents
![Page 35: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/35.jpg)
incidents
![Page 36: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/36.jpg)
incidents
![Page 37: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/37.jpg)
incidents
"Define what constitutes “AppSec”"
![Page 38: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/38.jpg)
key wins
![Page 39: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/39.jpg)
" Developer security tools"" Strong “Political Security”"" Super smart engineering
team"
key wins
![Page 40: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/40.jpg)
key wins
" great security team"" Ninja “Ops” Team"" Everyone is HUNGRY to
win"
![Page 41: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/41.jpg)
prove it
![Page 42: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/42.jpg)
prove it
![Page 43: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/43.jpg)
wishlist
![Page 44: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/44.jpg)
wishlist
![Page 45: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/45.jpg)
Questions?
![Page 46: ken johnson matt ahrens - OWASP...matt ahrens april 2012 introductions • ken johnson - @cktricky • ginger ninja • not a hugger • shot a shark in the frickin’ face!.kidding](https://reader035.vdocument.in/reader035/viewer/2022071407/60fe9ccd59ce5b4b8528dbcd/html5/thumbnails/46.jpg)
Thank you, Stay Hungry!