�ݺ�ߣshows by User: kylerandolph

�ݺ�ߣshows by User: kylerandolph / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: kylerandolph / Tue, 12 Jan 2021 19:17:37 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: kylerandolph Delivering Javascript to World+Dog /slideshow/delivering-javascript-to-worlddog/241247731 us-17-randolph-delivering-javascript-to-world-plus-dog-210112191737
Black Hat USA 2017 Video https://youtu.be/37FDdXCFGX0 You've joined a startup building the next big enterprise unicorn. The product is delivered as javascript on all of your customers' websites. What could go wrong? The threat model of serving third party javascript all over the web will be reviewed. There's plenty of room for small engineering mistakes that lead to pwn-once, exploit everywhere fail. Strategies for focusing your SDL on these flaws will be discussed. Next, defenses in key points of the delivery architecture will be explored, from the SaaS platform to CDNs to browsers. Now for the money - what does it take to convince customers to serve your code? It's a big leap of faith for customers to trust you and your arbitrary javascript on their site. The deeper their pockets are, the higher they set the bar for you throughout your architecture. What do they expect in your SDL? Finally, how do you sell this in your organization? Going beyond SDL best practices, strategies for building a product & engineering culture of protecting javascript delivery will be shared.]]>
Black Hat USA 2017 Video https://youtu.be/37FDdXCFGX0 You've joined a startup building the next big enterprise unicorn. The product is delivered as javascript on all of your customers' websites. What could go wrong? The threat model of serving third party javascript all over the web will be reviewed. There's plenty of room for small engineering mistakes that lead to pwn-once, exploit everywhere fail. Strategies for focusing your SDL on these flaws will be discussed. Next, defenses in key points of the delivery architecture will be explored, from the SaaS platform to CDNs to browsers. Now for the money - what does it take to convince customers to serve your code? It's a big leap of faith for customers to trust you and your arbitrary javascript on their site. The deeper their pockets are, the higher they set the bar for you throughout your architecture. What do they expect in your SDL? Finally, how do you sell this in your organization? Going beyond SDL best practices, strategies for building a product & engineering culture of protecting javascript delivery will be shared.]]> Tue, 12 Jan 2021 19:17:37 GMT /slideshow/delivering-javascript-to-worlddog/241247731 kylerandolph@slideshare.net(kylerandolph) Delivering Javascript to World+Dog kylerandolph Black Hat USA 2017 Video https://youtu.be/37FDdXCFGX0 You've joined a startup building the next big enterprise unicorn. The product is delivered as javascript on all of your customers' websites. What could go wrong? The threat model of serving third party javascript all over the web will be reviewed. There's plenty of room for small engineering mistakes that lead to pwn-once, exploit everywhere fail. Strategies for focusing your SDL on these flaws will be discussed. Next, defenses in key points of the delivery architecture will be explored, from the SaaS platform to CDNs to browsers. Now for the money - what does it take to convince customers to serve your code? It's a big leap of faith for customers to trust you and your arbitrary javascript on their site. The deeper their pockets are, the higher they set the bar for you throughout your architecture. What do they expect in your SDL? Finally, how do you sell this in your organization? Going beyond SDL best practices, strategies for building a product & engineering culture of protecting javascript delivery will be shared. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/us-17-randolph-delivering-javascript-to-world-plus-dog-210112191737-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> Black Hat USA 2017 Video https://youtu.be/37FDdXCFGX0 You've joined a startup building the next big enterprise unicorn. The product is delivered as javascript on all of your customers' websites. What could go wrong? The threat model of serving third party javascript all over the web will be reviewed. There's plenty of room for small engineering mistakes that lead to pwn-once, exploit everywhere fail. Strategies for focusing your SDL on these flaws will be discussed. Next, defenses in key points of the delivery architecture will be explored, from the SaaS platform to CDNs to browsers. Now for the money - what does it take to convince customers to serve your code? It's a big leap of faith for customers to trust you and your arbitrary javascript on their site. The deeper their pockets are, the higher they set the bar for you throughout your architecture. What do they expect in your SDL? Finally, how do you sell this in your organization? Going beyond SDL best practices, strategies for building a product & engineering culture of protecting javascript delivery will be shared.

Delivering Javascript to World+Dog from Kyle Randolph

]]> 33 0 https://cdn.slidesharecdn.com/ss_thumbnails/us-17-randolph-delivering-javascript-to-world-plus-dog-210112191737-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://cdn.slidesharecdn.com/profile-photo-kylerandolph-48x48.jpg?cb=1611105425 Security, Privacy, Compliance and Assurance Mostly Security Engineering