tapping hackers for continuous security: that's hacker-powered security

Tapping Hackers for Continuous Security Michiel Prins FinDEVr NYC | March 21st, 2017

Upload: hackerone

Post on 13-Apr-2017

67 views

Category:

Internet

8 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: Tapping Hackers for Continuous Security: That's Hacker-Powered Security

Tapping Hackers for Continuous SecurityMichiel PrinsFinDEVr NYC | March 21st, 2017

Page 2: Tapping Hackers for Continuous Security: That's Hacker-Powered Security

m@mbp ~ $ whoami

Michiel Prins

Co-founder @ HackerOne

Engineer

Hacker

Hackeroni

Hack·er /ˈhakər/

one who enjoys the intellectual challenge of creatively overcoming limitations

Page 4: Tapping Hackers for Continuous Security: That's Hacker-Powered Security

THE WORLD IS CHANGING

Images from Checkmarx

Page 5: Tapping Hackers for Continuous Security: That's Hacker-Powered Security

THE WORLD IS CHANGING

Images from Checkmarx

Page 6: Tapping Hackers for Continuous Security: That's Hacker-Powered Security

HOW WOULD A HACKER CONTACT YOU?

Page 7: Tapping Hackers for Continuous Security: That's Hacker-Powered Security

HOW WOULD A HACKER CONTACT YOU?

Page 8: Tapping Hackers for Continuous Security: That's Hacker-Powered Security

WHAT IS HACKER POWERED SECURITY?

Vulnerability Coordination Bug Bounty Programs

Reactive Approach Incentivize research with $$$

See Something? Say Something! Engineers Learn through Practical Examples

“Welcome Mat” Save $$$ on Pentests

Compliance (e.g. ISO 29147) Cherry on top of the SDLC

Page 9: Tapping Hackers for Continuous Security: That's Hacker-Powered Security

We’re Getting Married: Bug Bounty and SDLC

Page 10: Tapping Hackers for Continuous Security: That's Hacker-Powered Security

Continuous Delivery + Agile Securityrequire 'continuous_delivery'require 'continuous_security'

Page 11: Tapping Hackers for Continuous Security: That's Hacker-Powered Security

Analyzing Bug Bounty output

Page 12: Tapping Hackers for Continuous Security: That's Hacker-Powered Security

ENGINEERS LEARN WITH HACKTIVITY

Page 13: Tapping Hackers for Continuous Security: That's Hacker-Powered Security

A practical example

From HackerOne customer itBit Exchange, as featured on Hacktivity

Page 14: Tapping Hackers for Continuous Security: That's Hacker-Powered Security

Page 15: Tapping Hackers for Continuous Security: That's Hacker-Powered Security

Learn @ Hacktivity

https://hackerone.com/hacktivity

Page 16: Tapping Hackers for Continuous Security: That's Hacker-Powered Security

Page 17: Tapping Hackers for Continuous Security: That's Hacker-Powered Security

Q&[email protected]

twitter: @michielprins

Hackers = Security Experts

HAM FOR HACKERS - DEF CON · PDF fileHandheld radio Cell phone FM ... Ham for hackers ... Keywords: Defcon, DEF CON, Hacker,Security Conference,Presentations,Technology,Phreaking

#1 Leader in Information Security Trainings and Certifications · Trainings and Certifications Franchise Proposal HACKERS ARE NOT BORN, THEY BECOME HACKER Bytecode Cyber Security

IPv6 Security - Hacker Halted 2013

Stop Hackers with Integrated CASB & IDaaS Security

Certified Information Security and Ethical Hacker - … Course Content.pdf · Information Security and Ethical Hacker ... The Certified Information Security and Ethical Hacker exam

Hackers are here. Where are you? · An ethical hacker is a security professional who will use hacking skills and the tools used by the real hackers to try to break into a company's

4G LTE Security - What hackers know?

Apostila Para Hackers Iniciantes > Índice Profº Paulo177.47.242.82/apostilando/download/3381-62133662-apostilapara... · Normalmente um Hacker não assume que é um hacker, mas

CERTIFIED ETHICAL HACKER - koenig-solutions.com · CERTIFIED ETHICAL HACER C E H TM Certified Ethical Hacker C E H TM Certified Ethical Hacker Target Audience Ethical hackers, System

Un Manifeste Hacker - Zenk - Security Manifeste Hacker.pdf · Pour la Liberté... Un Manifeste Hacker Nous sommes les Hackers, les tâcherons de l’abstraction, à la fois les bousilleurs

Mr. M Hacker HACKERS NET

Mexican Hackers Mafia - Revista Sobre Hacker No 1 Celulares Y Demas

IT Security Awareness & Hacker

History Hackers: Victorian Venture...History Hackers: Victorian Venture In the story ‘History Hackers: Victorian Venture’, Tilda and Charlie Hacker travel back in time to the Victorian

Aostila Hacker Para Iniciantes - Mundo Dos Hackers

IT Security Awareness Briefing - NUS Information Technology · 2019. 12. 23. · common targets of hacker attacks. Vulnerabilities, bugs and glitches of software grant hackers remote

Introduction to Ethical Hacking · ethical hackers, job trends in India, advantages and disadvantages of ethical hacking is covered in this paper. Keywords: - Hackers, Ethical Hacker,

Crackers Vs. Hackers. ¿Qué son los HACKERS? Hacker es el neologismo utilizado para referirse a un experto en alguna rama técnica relacionada con la informática:

Hackers, bâtisseurs depuis 1959 - Lautre Net · Les hackers penchent définitivement du premier côté. 3 Sur l’éthique hacker, lire Steven Levy, Hackers, Heroes of the computer

hackers 2 hackers conference III · hackers 2 hackers conference III voip (in)security integrity attacks *caller-id spoofing *problem: easily spoofable/ not always checked / systems

THE 2018 HACKER REPORT - Bug Bounty, Vulnerability …€¦ · · 2018-01-18Targets & Tools ... Hackers Love Researching Websites, ... THE 2018 HACKER REPORT 13 WHAT BEST DESCRIBES

Hackers in the national cyber security

Certified Information Security and Ethical Hacker · Information Security and Ethical Hacker ... The Certified Information Security and Ethical Hacker exam will be conducted ... dorks

Hacker Explains Privilege Escalation: How Hackers Get ... · Hacker Explains Liam Cleary Solution Architect Protiviti Jeff Melnick Systems Engineer Netwrix Corporation. Elevation

Joomla Security Expert Session - Hacker technieken

Bozkurt Hackers - ElevenPaths · Bozkurt Hacker Buba qnb.zip @bozkurthackers @ulkuocaklar1923 @bozkurt_turk_ @bozkurt_1923_

Práctica y motivación en el entorno hacker: un análisis .... anton baron.pdf · aty ko’ã mba’e rehe omba’apovakuéra apytépe. Umi hackers ... Los hackers y el software

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks

Crime Chapter 5. Hacking Hacker Trophy hacking Phone phreaking Cracker White-hat hackers & black-hat hackers Script kiddies Sniffers Social engineering

Postdigital Anthropology: Hacks, Hackers, and the Human ... · of computer hacking. She has written two books on computer hackers, Coding Freedom (2013) and Hacker, Hoaxer, Whistleblower,

Hackers & Painters: Filosofía de la Cultura Hacker

TIPOS DE HACKERS - revistasbolivianas.org.borevistasbolivianas.org.bo/pdf/rits/n8/n8a08.pdf · Este articulo trata sobre los tipos de hackers que pueden existir. Un hacker no es necesariamente

defcon.org · Title: Slide 1 Keywords: Defcon, DEF CON, Hacker,Security Conference,Presentations,Technology,Phreaking,lockpicking,Hackers,Hardware Hacking,Physcial …

Hackers. What Is A Hacker? - A hacker is someone who uses a computer to gain unauthorized access to data - Hackers are most commonly associated with malicious