Slack App Security - Securing Your Workspaces From a Bot Uprising

Explore the security implications of Slack's developer platform and third-party apps in this BSidesSF 2019 conference talk. Delve into the history of the Slack app directory, unique security challenges, and Slack's efforts to enhance user safety. Learn about the current testing process, manual testing limitations, and potential solutions such as penetration testing, certifications, and compliance vendor reviews. Gain insights into risk ownership, combined risk scores, and strategies for securing workspaces from potential bot uprisings. Discover how to balance the powerful functionality of Slack's customizable workflow with responsible security practices.

Intro
Welcome
What is Slack
App Directory
App Quality
App Directory Comparison
What Makes Slack Different
Risk Ownership
Security Implications
Deep Breath
Current Test Process
Manual Testing
Why isnt this enough
What can we do
Pentesting
Certifications
Hosting Services
Compliance Vendor Review
Bug Money
Combined Risk Score
Aggregate Risk Score
Conclusion
Questions