'I'm a software developer. What do you mean I'm on the blue team?': What we can learn in a red/blue world

Presented at BSides Austin 2016, March 31, 2016, 1:30 p.m. (60 minutes)

It's tempting to think as software developers we've done everything possible to secure our product once we've eliminated (or tried to eliminate) buffer overflows, implemented encryption and a dozen other secure-development practices. But is that all there is to developing secure software? In this talk Aaron discusses software development in context of red-team/blue-team exercises. He contends that developers are with few exceptions always members of the blue team and that that role brings with it obligations and opportunities to improve software security.

Presenters:

• Aaron Poffenberger
  Aaron Poffenberger, CISSP, has more than 17 years experience developing commercial software. Aaron has developed security and auditing software for PentaSafe Security Technologies, NetIQ and now BRS Labs, Inc. Aaron has also worked in the field of web services and streaming media, most recently for The Anime Network where he designed and implemented public-facing APIs for mobile-app access, payment processing and delegated authentication. At BRS Labs Aaron leads development of the API and SDK, server and web UI. Recent presentations and interviews Texas Linux Fest (slides at GitHub) - FreeNAS - ZFS for Home and Office - BSD for Linux Users BSD Now -

Links:

• https://bsidesaustin2016.sched.com/event/6Dt6/im-a-software-developer-what-do-you-mean-im-on-the-blue-team-what-we-can-learn-in-a-redblue-world

Similar Presentations:

• May Contain Hackers (MCH2022) / How to sneak past the Blue Team of your nightmares
• Diana Initiative 2020 Virtual / No Mom, I’m not a Hacker
• BruCON 0x0A (2018) / Mirror on the wall: using blue team techniques in red team ops