Tired of “whack-a-mole”, “hope-and-pray” and playing the “is it a risk really?” game with your organization’s Application Security function? Come find out how an npm module called _spartan takes the guess-work out of app-sec through tailored policy generation that evolves at the pace of development.
Getting application security right often requires that developers have a deeper than average understanding of the security domain. In what other industry is this the case? We don’t have to be M.D.s to get a medical diagnosis; we don’t have to be auto mechanics to get our cars fixed, yet we in security wag our fingers at
“iD10t errors” and build grand mousetraps to catch
“so obvious”developer missteps, when they may not know what they need to add, change or remove from their applications to make it “secure” in the first place. Furthermore, patterns to address these issues don’t always fit the requirements of the application short or long term, resulting in solutions that only address part of the problem, or worse, are omitted altogether because they are too cumbersome to implement. My answer to this is _spartan–a public npm module created for developers of node.js applications, not security people. _spartan allows developers to create security policies which address their node app’s (whether it be Desktop, Web, Mobile, IoT or API) specific requirements; it installs & configures the modules to match the policy and; it generates the boilerplate middleware that developers can wire into their applications.
Technical Requirements
- Part of this talk will include a live demonstration in which I build a security policy and do a brief code walkthrough. Attendees that wish to follow along may want to bring a laptop with the latest version of node and npm installed.
- If internet will not be provided by the conference organizers, attendees may wish to bring a source of Internet access, such as a hotspot so they can install _spartan.
- Working knowledge of git && github is helpful, but not necessary to follow along during this talk.