He also mentioned that it makes no sense to periodically change your password, unless there is an indication that you password was compromised and stolen. A password manager is better, but Per believes the risk of notebook theft is low enough. To remember all of these, Per advised to either use a digital password manager, or to write down passwords in a notebook stored somewhere safe in the house – especially for the elderly. He did emphasize that you should have a different password sentence for each service. One of the most useful sessions I attended was Per Thorsheim‘s session on creating better passwords – both the passwords you create for yourself and how to make passwords creation easier in your applications.įor example, he argued you should make passwords in sentences, since they are both easier to remember and longer that single words or codes. According to Jim, this proves how being a jerk sometimes can help to make things better! When Manico called out a flaw in public, other industry experts responded in this thread, which ultimately led to Apple implementing CSP3 into WebKit for Safari 15.4. He walked through a couple of example Twitter threads, where he pointed out certain flaws, like the lack of CSP3 support in Apple’s native browser Safari.Ĭ ontent Security Policy (CSP) is a tool which developers can use to lock down their applications in various ways, mitigating the risk of content injection vulnerabilities such as cross-site scripting, and reducing the privilege with which their applications execute. Jim Manico likes to be a jerk on Twitter from time to time. Second takeaway: Being a jerk on Twitter can make the world a safer place. In my opinion these events were the beginning of cyber security warfare – a game of cat and mouse that reaches far back into the history of computing. Groundwork laid by Polish mathematicians paved the way for Alan Turing, who famously cracked Enigma. They were able to jam the Russians’ radio communications and by doing so bought enough time to secure and save the city. Prior to WWII, in the Russo-Polish war in 1920 the Polish cryptography skills were instrumental in the saving of Warsaw: They were able to decode a telegram from Red Army military commander Joseph Stalin, which indicated that an attack on Warsaw was imminent. For me there were two big takeaways:įirst takeaway: Polish researchers laid the groundwork for the British cracking of Enigma. He wove security testing, HTTP/S, passwords, OWASP and XSS through his intertwined and fascinating timeline. He took us through an rapid history of application security, from before the second world war, to the present day. Keynote: An Abridged History of Application Securityīefore I gave my talks, I sat in on the conference keynote from rockstar security educator and author Jim Manico. I also had a great time giving two talks myself. NDC Security was a great way to get myself back into the conference configuration. This is why I found myself making a frantic search through my online files while I was trying to check in at the hotel for the awesome NDC Security Conference in Oslo: I hadn’t been to a conference since Cisco Live in Barcelona in 2020. This is an enormous victory.When you find yourself on a business trip and forget the code to your corporate AmEx, you know you haven’t been on the road for a while. With Jim on board, BLST will provide AppSec teams and Tech Leads with a more comprehensive knowledge of their API security as well as greater insight into the overall big picture of their API mesh with multiple steps.īy adding BLST Security API and business logic security solutions to the SDLC CI/CD pipeline in a seamless way, it is now possible to understand the whole API endpoint mesh and make it safer. With the "Shift Left" approach in mind, BLST is already well-known for its ability to provide companies of any size with unparalleled visibility into the operation of their whole API service mesh. He is also a volunteer for the OWASP Foundation, where he helps to promote secure coding practices and educate developers about the latest security threats. Jim Manico is the founder of Manicode Security, a company that provides training and consulting services on secure coding and security engineering. Jim is a well-respected figure in the security industry, and he brings a wealth of experience to BLST Security. Chaim Peer, CEOTEL AVIV, ISRAEL, Aug/ / - We're excited to announce that Jim Manico has joined BLST Security as an API Security and Business Logic adviser, and we couldn't be happier to share this news with you.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |