swampUP 2019 has ended
Back To Schedule
Tuesday, June 18 • 3:35pm - 4:20pm
Defense in Depth: Trench Warfare Principles for Building Secure Applications

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

It comes as no surprise that any micro-services, any security controls you use to build applications will eventually be broken (or fail). Under certain pressures, some components will fail together.

The question is – how do we build our systems in a way that security incidents won't happen even if some components fail? And data leaks won't occur even if penetration tests are successful?

"Defense in depth" is a security engineering pattern that suggests building an independent set of security controls aimed at mitigating more risks even if the attacker crosses the outer perimeter. During this talk, we will model threats and risks for the modern distributed application, and improve it by building multiple lines of defense. We will overview high-level patterns and exact tools from the security engineering world and explain them to DevOps practitioners and architects. :)

We won't: crack real applications, discuss how insecure JWT tokens are, steal WiFi passwords.

We will: discuss practical security engineering approaches, covering security controls from complex encryption schemes to modern DevOps tools.

avatar for Anastasiia Voitova

Anastasiia Voitova

security engineer, cossack labs
A software engineer with a wide background, I started as a mobile developer. Then I focused on cryptography/applied security, and now I'm building security tools for protecting data during the whole life cycle, not depending on a platform.I maintain open source security libraries... Read More →

Tuesday June 18, 2019 3:35pm - 4:20pm PDT
Seacliff C Hyatt Regency San Francisco (5 Embarcadero Center, San Francisco, CA 94111)