Talks
Speakers
Events
Topics
Sign in
Home
Talks
Speakers
Events
Topics
Leaderboard
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
RailsConf 2017: Uncertain Times: Securing Rails Apps and User Data by Krista Nelson It’s what everyone is talking about: cyber security, hacking and the safety of our data. Many of us are anxiously asking what can do we do? We can implement security best practices to protect our user’s personal identifiable information from harm. We each have the power and duty to be a force for good. Security is a moving target and a full team effort, so whether you are a beginner or senior level Rails developer, this talk will cover important measures and resources to make sure your Rails app is best secured.
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
In her talk at RailsConf 2017, Krista Nelson addresses the pressing issue of cyber security in modern Rails applications and the imperative of protecting user data in uncertain times. She emphasizes that security is not a one-time effort but a continuous, collaborative process involving everyone in an organization, from developers to leadership. Key points include: - **Understanding Risks**: Nelson likens managing security threats to preparing for backcountry hiking, stressing the importance of assessing risks, acknowledging vulnerabilities, and understanding the potential consequences of breaches. - **Myths and Misconceptions**: Many believe cyber attacks only target large firms; however, 43% of cyber attacks are directed at small businesses, underscoring a widespread disconnect between awareness of threats and actionable measures. - **Critical Statistics**: Nelson cites alarming statistics, such as that 60% of small businesses that suffer a cyber attack go out of business within six months. These figures highlight the urgency of proactive security measures. - **Inclusive Security Practices**: Nelson advocates for a company-wide culture of involvement in security. Everyone, not just dedicated security teams, should be educated about data sensitivity and incident reporting. - **Best Practices**: She urges the adoption of strong password policies, the necessity of using password managers, and enabling two-factor authentication. - **Mapping Sensitive Data**: Identifying and securing sensitive information, such as personally identifiable information and health data, is crucial. Nelson advises keeping a strict inventory of where and how sensitive data is stored and shared, including third-party tools. - **Securing the Software Development Lifecycle (SDLC)**: The talk covers incorporating security measures throughout the SDLC, including project planning, design, coding, testing, and deployment processes. - **Peer Code Reviews**: Emphasizing the importance of peer reviews, she notes they can significantly catch potential vulnerabilities. Nelson also discusses the need for regular dynamic and static analysis of code to identify security flaws. Finally, she concludes that while uncertainty is a constant in cybersecurity, developing a routine and passionate approach to securing systems is essential for protecting users and companies alike. Krista's call to action is for attendees to become 'user protection advocates', highlighting the need for a community-wide effort in securing user data.
Suggest modifications
Cancel
