JSConf 2013 Builders vs Breakers

Builders vs Breakers

Saturday, June 1, 13

Hi, I’m Adam

Saturday, June 1, 13

Hi, I’m Adam@adam_baldwin@liftsecurity@nodesecurity

Saturday, June 1, 13

Hi, I’m Adam@evilpacket

Saturday, June 1, 13

Saturday, June 1, 13

Saturday, June 1, 13

Builders Breakers

Saturday, June 1, 13

Builders Breakers

Saturday, June 1, 13

“Fix your captcha so the value isn't actually hidden in the form. (put it in the session and check the post) Friend of the fritz..”

-Adam

Saturday, June 1, 13

Saturday, June 1, 13

“you guys”

Saturday, June 1, 13

Basecamp ClassicSaturday, June 1, 13

“xss is not a feature”Saturday, June 1, 13

Feelings?

Saturday, June 1, 13

Saturday, June 1, 13

Saturday, June 1, 13

Saturday, June 1, 13

Saturday, June 1, 13

Saturday, June 1, 13

Cooperation

Saturday, June 1, 13

Communication

Saturday, June 1, 13

When we listen, really listen, we reveal respect, support, understanding, empathy... We also possess the power to impart a renewed confidence, clarity, and a sense of everything-is-going-to-be-okay when we listen well.

- Stephanie Maier

http://thepot-luck.com/stephaniemaier/all-you-have-to-do-is-listen/

Saturday, June 1, 13

Basecamp ClassicSaturday, June 1, 13

http://37signals.com/security-responseSaturday, June 1, 13

http://37signals.com/security-responseSaturday, June 1, 13

http://37signals.com/security-responseSaturday, June 1, 13

So what can I doas a developer?

Saturday, June 1, 13

SECURITY.md#How to report issue#Expectations#List of humans

Saturday, June 1, 13

http://emberjs.com/security/

Saturday, June 1, 13

Self Disclosureof

VulnerabilitiesSaturday, June 1, 13

Handling a security failure well can build trust.

Saturday, June 1, 13

A new project based on what we’ve learned

aboutbuilders vs breakers

Saturday, June 1, 13

Node Security ProjectSaturday, June 1, 13

andbang.comSaturday, June 1, 13

Node Security Project?

Saturday, June 1, 13

Adam BraultNathan LaFreniereBearMikeal RogersDaniel Shaw

Major ContributorsNeal PooleLuca CarettoniSteven Rivas JrArlo BreaultJacopo Tarantino

Saturday, June 1, 13

Audit every module

Saturday, June 1, 13

31233modules

Saturday, June 1, 13

Fix the broken things

Saturday, June 1, 13

Report Issues we find

Saturday, June 1, 13

Send Pull Requests

Saturday, June 1, 13

Example: Hubot

Saturday, June 1, 13

Saturday, June 1, 13

Saturday, June 1, 13

Saturday, June 1, 13

Publish the results

Saturday, June 1, 13

Saturday, June 1, 13

How to Contribute

Saturday, June 1, 13

nodesecurity.io

Saturday, June 1, 13

- Respect & understand feelings- Proactively communicate & listen- It’s okay to mess up—it can even build trust

Quick Recap

Saturday, June 1, 13

</PRESENTATION>@adam_baldwin | @LiftSecurity

Saturday, June 1, 13