How to reduce attack surface when using third-party libraries

Katy Anton (30.Sep.2017 at 14:00, 50 min)
Talk at PHP North West 2017 (English - UK)

Rating: 4 of 5

Half of all exploitations take place between 10 and 100 days after a vulnerability is published in a library. Attacks come fast, exploits are automated. In this world, timely updating third-party software components is of vital importance. Incorrect implementation of these libraries makes it difficult to update and maintain them, increasing the risk of being breached via vulnerable components. This is the current state of the software where large number of software applications have vulnerable components. Starting from real-world examples, Katy Anton with explore the software design patterns to use when including third party components and will discuss how these patterns can reduce the attack surface and improve the overall security of the software. Developers and architects alike will benefit from case studies outlining how this approach improves security in the world.

Who are you?

Claim talk

Talk claims have been moved to the new Joind.in site.

Please login to the new site to claim your talk

Want to comment on this talk? Log in or create a new account or comment anonymously

Write a comment

 
Please note: you are not logged in and will be posting anonymously!
= nine minus five

Comments

Rating: 2 of 5

30.Sep.2017 at 14:46 by Jeffrey (29 comments) via Web2 LIVE

The presentation was on the short side (20-25 min). Tips for improvement, show some tooling and/or examples of the design principles how we (as developers) can improve our applications. After all, there was enough time. In addition, I was very curious about numbers, how often do these specific attacks occur?

Rating: 5 of 5

30.Sep.2017 at 16:16 by Daniel McCarrick (1 comments) via Web2 LIVE

Very informative and will help a lot.

Rating: 5 of 5

30.Sep.2017 at 16:20 by Parviz Ahmadi (1 comments) via Web2 LIVE

Very informative and surely helps our project .

Rating: 3 of 5

30.Sep.2017 at 16:31 by Rowan Merewood (130 comments) via Web2 LIVE

Presented a useful framework, but could have used the full time to go into more detail and practical examples.

Rating: 5 of 5

30.Sep.2017 at 16:49 by Anonymous

Great talk that started from the software design pattern and introduced the security design principles .

Rating: 5 of 5

30.Sep.2017 at 16:53 by Matthew (1 comments) via Web2 LIVE

Great talk highlighting three key security approaches often missed when using third party libraries and APIs. Something every developer should consider!

Well delivered and followed with inspiring answers to questions raised hopefully making all attendees think about this when they go back on Monday. I know I will be.

Looking forward to future follow up talks on the subject!

Rating: 3 of 5

30.Sep.2017 at 17:52 by Ben Longden (44 comments) via Web2 LIVE

Useful, agree with most comments so far. More info on tooling and examples of why make use of the patterns (Instead of that we should). Definitely worth hearing. ?

Rating: 5 of 5

30.Sep.2017 at 21:44 by Tom Williamson (3 comments) via Web2 LIVE

Good overview of security issues, but now I want to find some exploits...

Rating: 4 of 5

30.Sep.2017 at 22:49 by Adam Campbell-Smith (7 comments) via Web2 LIVE

Great content but agree with other comments that the pace could have been better.

Rating: 4 of 5

01.Oct.2017 at 16:25 by Chris Emerson (40 comments) via Web2 LIVE

Some great tips and techniques for managing security of 3rd party code in your projects - took away some useful tips to apply.

Rating: 2 of 5

01.Oct.2017 at 21:16 by Mark Railton (56 comments) via Web2 LIVE

The talk felt like something was missing, I don't feel that we were actually effectively equipped to mitigate possible security issues effectively.

© Joind.in 2017