Talks
Speakers
Events
Topics
Sign in
Home
Talks
Speakers
Events
Topics
Leaderboard
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
RubyConf AU 2015: http://www.rubyconf.org.au It's a battle in the trenches everyday working in financial services keeping our users protected, making sure that hackers aren't breaking in and diverting funds or using our system as a laundering machine. We'll journey through some lesser known attack vectors hackers can use to break into systems and best practices to both detect and prevent attacks. What are some easy ways to fight these in your app? How do you know if you're safe?
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
In the video titled *Securing your App and the History of Guerilla Warfare*, presented by Scott Feinberg at RubyConf AU 2015, the discussion revolves around the challenges of security in financial services and how hackers employ guerrilla tactics to exploit vulnerabilities. Feinberg emphasizes the ongoing battle to protect users from potential threats. Key points covered in the presentation include: - **Introduction to Guerrilla Warfare**: Feinberg begins by discussing the origins of guerrilla warfare and parallels it to modern hacking tactics. He highlights that hackers, like guerrilla fighters, operate in a decentralized manner and often change tactics to evade detection. - **Historical Context**: Using examples like the Xiong Nu and their tactics against the Chinese Empire, Feinberg illustrates how these strategies are reminiscent of hacker techniques today, as they focus on quick raids rather than holding territory. - **Patterns of Attack**: He outlines the necessity for developers to understand potential vulnerabilities and encourages thinking like a hacker to identify these weak points. - **Types of Patterns**: Feinberg categorizes patterns as essential (criteria that must be met for transactions) and non-essential (indicators that require further investigation but are not definitive). - **Example of a Password Attack**: He discusses the implications of horizontal password attacks, highlighting the importance of strong password policies and adequate monitoring for unusual login attempts. - **Data Collection**: The importance of collecting data to track typical user behavior and identify anomalies is stressed multiple times. - **Involving the Community**: Feinberg mentions platforms like HackerOne and Bugcrowd, which allow companies to pay ethical hackers for identifying vulnerabilities, thus promoting proactive security measures. - **Engaging with Security**: Security should not be viewed as a burden but rather an engaging challenge similar to the detective work of Sherlock Holmes. In conclusion, the talk advises developers to be proactive in understanding their applications' vulnerabilities and to thematically approach security not just as a legal obligation but as a critical engagement with their user base. The essential lessons emphasize understanding patterns of behavior, proactive vulnerability testing, and maintaining a continuous dialogue about security within development teams.
Suggest modifications
Cancel
