logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Marek Siarkowicz
2023-04-19

tldr - powered by Generative AI

The presentation discusses model-based testing for verifying the correctness of distributed systems, using HCD as an example. The model is simplified but can get complicated, and the testing is fragile if there are bugs or optimizations. The presentation also mentions the possibility of generalizing the model-based testing beyond HCD.
  • Model-based testing is great for testing generic approaches to correctness and separates validation from execution
  • The model can be simplified but can get complicated, and the testing is fragile if there are bugs or optimizations
  • The state increases exponentially, making the test fragile
  • The model can be generalized beyond HCD
  • The testing can validate the operations or the model and generate a report
  • The presentation includes an anecdote about using fail points to test HCD and finding a durability issue
Authors: Jakub Kaluzny
2023-02-16

tldr - powered by Generative AI

The presentation discusses a scalable and autonomous AppSec program that allows engineers to own security in a high-growth environment. The program includes establishing principles and metrics, managing and motivating security champions, and using structured Threat Modeling as Code for AppSec innovations.
  • Engineers should own security in a high-growth environment
  • Each pull request should have an associated security review
  • Threat modeling should be done by engineers using a custom tool with automation
  • All deliverables or output should be stored in a database
  • Risk assessment should be used to determine which features need a security review
  • Security champions should be introduced to help with reviews
  • Autonomy levels should be introduced for teams and partners
  • Structured Threat Modeling as Code should be used for AppSec innovations
Authors: Grant Ongers
2021-09-24

tldr - powered by Generative AI

The presentation discusses the importance of scaling application security through education and defines application security as product security. It also highlights the ISO IEC 25010 system and software quality model and the impact of technical debt on quality.
  • Application security is a crucial aspect of cybersecurity that involves building secure software systems.
  • ISO IEC 25010 system and software quality model prioritizes security as an intrinsic quality system.
  • Technical debt can lead to a drop in non-functional qualities, including security.
  • Scaling application security through education is essential to ensure developers are equipped with the necessary skills to identify and address security issues during code review.
Authors: Vickie Li
2021-09-24

tldr - powered by Generative AI

The presentation discusses the basics of conducting a security code review to find vulnerabilities in an application's source code.
  • Manual code reviews are valuable for finding security issues caused by insecure coding practices
  • Prioritizing analysis and using automated tools can speed up the process
  • Combining automated tools with manual code analysis can ensure fewer bugs make it to production