ProdSec - A Technical Approach

Explore product security strategies in this Hack In The Box Security Conference talk. Learn how to empower security teams, integrate security into product design, and implement effective tooling throughout the development process. Discover the importance of balancing security with product development, automating testing, and reducing attack surfaces. Gain insights into the various components of a security team, their interactions, and how relationships across organizations can provide an edge in product security. Understand the technical workings, tooling, and intricacies of finding and fixing bugs in a product-first world. Walk away with a comprehensive understanding of product security approaches, including risk management, security culture, automation, stack analysis, binary diffing, fuzzing, and attack surface reduction.

Intro
Managing Risk
Foundations
Roles
Product Security
Culture
Models
Security Bar
Security Inside
Security Outside
Perspective
Assumptions
Its your responsibility
Mindset
Developers
Integration
Devaluing
Insecurity
Being Effective
Less Bugs
Automation
Stack Analysis
Tools
Telemetry
Ban Dangerous Functions
Binary Diffing
Code Repos
Subscription for Code Changes
Glitching
Variant Finding
Product DNA
Open Source Tracker
Dynamic Analysis
Fuzzing Tests
Mutation Engine
Fuzzing Lab
Web UI
Auto Isolation
Attack Surface Reduction
Door Knocking
hardening API
mentoring
opal mine
externally reported bugs
Recap