Return to the Circus: A Retrospective on Software Security
Security issues seem to be all over the news—if it’s not another leak of millions of people’s personal data, it’s how hackers are subverting elections, company intel, and just maybe critical infrastructure. We’re encouraged to look back and perform retrospectives after delivering products, so how about we look back at the early days of security? Mike Andrews will review his past STAREAST presentations on security to see how they—and the testing techniques prescribed—held up. Through examples of server misconfigurations, SQL injection, and simple logic attacks, we’ll time-travel through application security to find some answers to our modern questions. How and where has the landscape changed? Are the “builders” or the “breakers” winning? What has evolved in the last decade? We’ll look into the current state of security and what we can potentially look forward to in the future. Mike will cover topics from the cloud to containers, mobile apps to machine learning, bounties, and ransoms, and we will discover if we are we living in a brave new world or returning to the circus.
Mike Andrews is the founding head of engineering at Open Raven, a brand-new VC-backed startup helping companies manage data security across their infrastructure. He has spent over 20 years working in academia, large corporations, and startups, blending knowledge as a software engineer and manager (building) and as a security practitioner (breaking). Mike led teams researching one of the first behavior-based antivirus systems, was responsible for ensuring Bing.com protected itself from abuse, designed the core messaging platform for Cortana, and directed multiple site reliability teams across Azure. A frequent author and speaker, Mike’s co-authored book How to Break Web Software: Functional and Security Testing of Web Applications and Web Services was released at the 2006 RSA conference, where it was the conference’s best seller, and a Jolt awards finalist.