continuous security
TRANSCRIPT
http://cdn1.theodysseyonline.com/files/2015/06/22/635705781371326638658929602_Jurassic%20World%201.png
http://vignette2.wikia.nocookie.net/jurassicpark/images/3/39/JPTRexPaddock.png/revision/latest?cb=20111103234347
Design / Threat ModelingTHREAT PROPERTY VIOLATED REMEDIATION?
Spoofing Authentication
Tampering Integrity
Repudiation Non-Repudiation
Info Disclosure Confidentiality
Denial of Service Availability
Elevation of Privilege Authorization
Threat Modeling -Designing for Security, 2014
Pull Request Reviews- What sources & sinks were added - What new dependencies - What new technologies were added - What new behaviors are introduced / change
npm i nsp -g cd your-fantastic-project nsp check(+) 1 vulnerability found ┌───────────────┬───────────────────────────────────────────────────────────────────────────┐ │ │ SQL Injection due to unescaped object keys │ ├───────────────┼───────────────────────────────────────────────────────────────────────────┤ │ Name │ mysql │ ├───────────────┼───────────────────────────────────────────────────────────────────────────┤ │ Installed │ 2.0.0-alpha3 │ ├───────────────┼───────────────────────────────────────────────────────────────────────────┤ │ Vulnerable │ <=v2.0.0-alpha7 │ ├───────────────┼───────────────────────────────────────────────────────────────────────────┤ │ Patched │ >=v2.0.0-alpha8 │ ├───────────────┼───────────────────────────────────────────────────────────────────────────┤ │ Path │ [email protected] > [email protected] > [email protected] │ ├───────────────┼───────────────────────────────────────────────────────────────────────────┤ │ More Info │ https://nodesecurity.io/advisories/66 │ └───────────────┴───────────────────────────────────────────────────────────────────────────┘
Tools.
http://pre14.deviantart.net/4b02/th/pre/i/2013/352/6/4/shaving_cream_from_jurassic_park_by_aleg8r-d6yfj5i.png