#88 Aaron Bedra, Threat Modelling
Aaron Bedra talks to me about threat modelling, why you should do and what to cover.
Who he is, what he does. What is threat modeling and how he approaches it. Types of security, loss of money, loss of life. Should you secure something if it is not valuable. Are we in a post security world? How often your site is attacked. How to decide what to protect. Regulations and breaches. How to protect your system, watch for outgoing data. How to build secure software from the start (it starts with a hug from Aaron!). Hashed passwords are not as secure as you think. Encryption and input validation. How to check third party libraries. Better software practices lead to better security. How much security is enough, “if you are investing more than you could lose, you’re doing it wrong”.
- #107 Niall Merrigan, Hacking, Bug Bounties and Responsible Disclosure
- #126 Elissa Shevinsky, Faster Than Light Static Code Analysis
- #115 Scott Helme, Fighting Cross-Site Scripting with Content Security Policy and Subresource Integrity
- #114 Kee Jeffreys, Loki Privacy Network
- #48 Peter Waegemann, Security in the Medical Industry