DEV Community

Cover image for Resources for Talk: Prioritizing Trust while Creating Applications
Jennifer Davis
Jennifer Davis

Posted on • Edited on

Resources for Talk: Prioritizing Trust while Creating Applications

Time and money are generally the resources we focus on when building applications. Yet we can’t buy trust; it builds slowly and can be broken quickly when we don’t factor it in to our development process. In this talk, I examined how to leverage security practices to enable an all-team approach to security to help maintain and build that valuable but intangible resource of trust.

I've given this talk at a few conferences including Create Startup Tour, Toronto, devopsdays Portland, devopsdays London, SRECon EU, and Velocity. Over this time, I've updated the slides and the resources. Here are the up-to-date resources in an easily accessible list. This is by no means an exhaustive list of the quality resources in this space.

You can find the current slides on Speaker Deck. Earlier versions of this talk are here:

Websites

Designing with Security Focus

Testing

Incident Response

Leverage your platform's features and understand limitations

Level up Security Skills

Twitter

These are a few interesting accounts on Twitter of folks that care about security and privacy.

Slack

  • CTF Circle, a CTF distributed team Slack for Nonbinary Folks and Women

What's Next?

I've shared some different practices, technologies, and examples of specific tools that can help you adopt security within each phase of the development lifecycle in my presentation. What do you do next?

  • Identify your team's strengths and weaknesses. How much security is in each part of the development lifecycle.
  • Assess where the biggest value is for you now; for example red teaming your application might not be a great use of people's time if you don't have adequate response processes in play to handle incident.
  • Level up security knowledge across the team. The earlier that security flaws and bugs are discovered in implementation the easier that it will be to repair them. No matter how much prevention you invest in, there will be vulnerabilities discovered after deployment so make sure that your response process is carefully thought out.
  • Incorporate feedback from each phase.
  • Update the threat models you have to reflect the knowledge you gain from the systems in use.

Do you have resources that you'd recommend? Please share below and I'll update this page to include them.

Top comments (0)