tapping hackers for continuous security: that's hacker-powered security
TRANSCRIPT
Tapping Hackers for Continuous SecurityMichiel PrinsFinDEVr NYC | March 21st, 2017
m@mbp ~ $ whoami
2
Michiel Prins
Co-founder @ HackerOne
Engineer
Hacker
Hackeroni
Hack·er /ˈhakər/
3
one who enjoys the intellectual challenge of creatively overcoming limitations
4
THE WORLD IS CHANGING
Images from Checkmarx
5
THE WORLD IS CHANGING
Images from Checkmarx
6
HOW WOULD A HACKER CONTACT YOU?
7
HOW WOULD A HACKER CONTACT YOU?
8
WHAT IS HACKER POWERED SECURITY?
Vulnerability Coordination Bug Bounty Programs
Reactive Approach Incentivize research with $$$
See Something? Say Something! Engineers Learn through Practical Examples
“Welcome Mat” Save $$$ on Pentests
Compliance (e.g. ISO 29147) Cherry on top of the SDLC
9
We’re Getting Married: Bug Bounty and SDLC
10
Continuous Delivery + Agile Securityrequire 'continuous_delivery'require 'continuous_security'
11
Analyzing Bug Bounty output
12
ENGINEERS LEARN WITH HACKTIVITY
A practical example
13
From HackerOne customer itBit Exchange, as featured on Hacktivity
14
16
twitter: @michielprins