Slack App Security: Securing Your Workspaces from a Bot Uprising

Presented at BSidesSF 2019, March 3, 2019, 2:10 p.m. (30 minutes)

Slack's developer platform has some powerful functionality that allows you to customize your org's workflow. But with great power comes great responsibility. While Slack has a robust security posture, do you suffer from insomnia pondering the security aspects of third-party apps? Are coworkers pleading with you to install Slack apps with scopes that frighten you? Join Kelly on a walk through the history of the Slack app directory, the unique security problems surrounding it, and what Slack's doing to make it easier for you and all our users to sleep at night.

Presenters:

• Kelly Ann - Slack
  Kelly Ann is a security engineer on the Product Security team at Slack, where she works on vulnerability assessments of Slack features, as well as educational materials for security best practices  for developers. Before joining Slack, Kelly was a penetration tester at NCC Group, and she was previously an eco-pirate protecting endangered species in Antarctica.

Links:

• https://bsidessf2019.sched.com/event/JddZ/slack-app-security-securing-your-workspaces-from-a-bot-uprising

Similar Presentations:

• LocoMocoSec 2019 / Job Fair
• Wild West Hackin' Fest 2018 / Extracting Data from Slack: Hackers Will, You Should!
• LocoMocoSec 2019 / Bulletproof Shoes