The Inaugural Blacks in Technology Conference, instantly tagged as BITCON2018, is a 3-day interactive platform for professionals, entrepreneurs, influencers, subject matter experts, students, and thought leaders who share a common goal... increasing the visibility and representation of black men and women in the tech industry.  As we seek to further our mission of establishing a practice of world class excellence, BIT has crafted a stimulating and engaging program that intertwines and encompasses the Twin Cities educational, business, political and tech communities. Utilizing forums such as tech exhibits, career fairs, pitch competitions, networking parties, city innovation tours, lightning talks, and panel discussions, BIT invites you to redefine your career in tech…
Back To Schedule
Friday, October 12 • 1:45pm - 2:45pm
One Size Fits *Me* => Building Secure-By-Default Nodejs Applications

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tired of “whack-a-mole”, “hope-and-pray” and playing the “is it a risk really?” game with your organization’s Application Security function? Come find out how an npm module called _spartan takes the guess-work out of app-sec through tailored policy generation that evolves at the pace of development.

Getting application security right often requires that developers have a deeper than average understanding of the security domain. In what other industry is this the case? We don’t have to be M.D.s to get a medical diagnosis; we don’t have to be auto mechanics to get our cars fixed, yet we in security wag our fingers at “iD10t errors” and build grand mousetraps to catch “so obvious”developer missteps, when they may not know what they need to add, change or remove from their applications to make it “secure” in the first place. Furthermore, patterns to address these issues don’t always fit the requirements of the application short or long term, resulting in solutions that only address part of the problem, or worse, are omitted altogether because they are too cumbersome to implement. My answer to this is _spartan–a public npm module created for developers of node.js applications, not security people. _spartan allows developers to create security policies which address their node app’s (whether it be Desktop, Web, Mobile, IoT or API) specific requirements; it installs & configures the modules to match the policy and; it generates the boilerplate middleware that developers can wire into their applications.

Technical Requirements
  • Part of this talk will include a live demonstration in which I build a security policy and do a brief code walkthrough. Attendees that wish to follow along may want to bring a laptop with the latest version of node and npm installed.
    • If internet will not be provided by the conference organizers, attendees may wish to bring a source of Internet access, such as a hotspot so they can install _spartan.
  • Working knowledge of git && github is helpful, but not necessary to follow along during this talk.

avatar for Yolonda Smith

Yolonda Smith

Lead Infosec Analyst, BISO-Digital/Marketing, Target Corporation
Yolonda Smith (aka ‘Dark Msph1t) is a Lead Infosec Analyst with Target Corporation’s Business Information Security Office (BISO) serving the Digital portfolio. In this role, she provides security consultancy to developers, product owners and key stakeholders to ensure that Target’s... Read More →

Friday October 12, 2018 1:45pm - 2:45pm CDT
Intercontinental Hotel - Governors Room 4 11 E Kellogg Blvd, St Paul, MN 55101