Ugkgvcznwxwcbbm7aoin
SkillsCast

"Defense in Depth": Trench Warfare Principles for Building Secure Distributed Applications

29th May 2019 in London at Business Design Centre

There are 52 other SkillsCasts available from µCon London 2019 - The Conference on Microservices, DDD & Software Architecture

Please log in to watch this conference skillscast.

Https s3.amazonaws.com prod.tracker2 resource 41088130 skillsmatter conference skillscast o9nohu

It comes to no surprise, that any microservices, any security controls you use to build applications – will eventually be broken (or fail). Under certain pressure, some components will fail together.

The question is – how do you build your systems in a way that security incidents won't happen even if some components fail. And the data leaks won't occur even if penetration tests are successful.

"Defense in depth" is a security engineering pattern, that suggests building an independent set of security controls aimed at mitigating more risks even if the attacker crosses the outer perimeter. During the talk, Anastasiia will model threats and risks for the modern web application, and improve it by building multiple lines of defence. She will overview high-level patterns and exact tools from the security engineering world and explain them to the modern web devs ;)

She won't: crack real applications, discuss how insecure JWT tokens are, steal WiFi passwords

She will: discuss practical security engineering approaches, cover security controls from complex encryption schemes to modern DevOps tools

YOU MAY ALSO LIKE:

Thanks to our sponsors

"Defense in Depth": Trench Warfare Principles for Building Secure Distributed Applications

Anastasiia Voitova

Anastasiia is a Product Engineer at Cossack Labs.

SkillsCast

Please log in to watch this conference skillscast.

Https s3.amazonaws.com prod.tracker2 resource 41088130 skillsmatter conference skillscast o9nohu

It comes to no surprise, that any microservices, any security controls you use to build applications – will eventually be broken (or fail). Under certain pressure, some components will fail together.

The question is – how do you build your systems in a way that security incidents won't happen even if some components fail. And the data leaks won't occur even if penetration tests are successful.

"Defense in depth" is a security engineering pattern, that suggests building an independent set of security controls aimed at mitigating more risks even if the attacker crosses the outer perimeter. During the talk, Anastasiia will model threats and risks for the modern web application, and improve it by building multiple lines of defence. She will overview high-level patterns and exact tools from the security engineering world and explain them to the modern web devs ;)

She won't: crack real applications, discuss how insecure JWT tokens are, steal WiFi passwords

She will: discuss practical security engineering approaches, cover security controls from complex encryption schemes to modern DevOps tools

YOU MAY ALSO LIKE:

Thanks to our sponsors

About the Speaker

"Defense in Depth": Trench Warfare Principles for Building Secure Distributed Applications

Anastasiia Voitova

Anastasiia is a Product Engineer at Cossack Labs.

Photos