A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


It's Coming From Inside the House: An Inside-Out Approach to NodeJS Application Security - Yolonda Smith (Circle City Con 2019 Videos) (Hacking Illustrated Series InfoSec Tutorial Videos)

It's Coming From Inside the House: An Inside-Out Approach to NodeJS Application Security
Yolonda Smith

@ysmithND
Circle City Con 2019

Getting application security right often requires that developers have a deeper than average understanding of the security domain. In what other industry is this the case? We don't have to be M.D.s to get a medical diagnosis; we don't have to be auto mechanics to get our cars fixed, yet we in security wag our fingers at "iD10t errors" and build grand mousetraps to catch "so obvious" developer missteps, when they may not know what they need to add, change or remove from their applications to make it "secure" in the first place. Furthermore, patterns to address these issues don't always fit the requirements of the application short or long term, resulting in solutions that only address part of the problem, or worse, are omitted altogether because they are too cumbersome to implement. My answer to this is _spartan-a node application created for developers of node.js applications, not security people. _spartan allows developers to create security policies which address their node app's (whether it be Desktop, Web, Mobile, IoT or API) specific requirements; it installs & configures the modules to match the policy and; it generates the boilerplate code that developers can import directly into their applications.

Yolonda Smith is a Lead Infosec Analyst with Target Corporation’s Business Information Security Office (BISO), aligned with the Digital portfolio. In this role, she provides expert security consultancy to developers, business leaders and key stakeholders to ensure that Target's web and mobile applications are designed, developed and deployed with minimal risk to Target or its guests. A security professional herself, she spent 8 years in the United States Air Force as a Cyberspace Operations Officer with duties and responsibilities varying from Mission Commander, (Advanced Network Operations) where her team planned and executed the first DoD Cyber Threat Hunting Missions to Flight Commander, (Cyber Defense Capabilities Development) where her team developed and fielded the first and only malware neutralization tool for the Predator Drone Weapon System. Additionally, she successfully completed multiple deployments in support of Operations Iraqi Freedom and Enduring Freedom where her teams delivered secure, reliable communications capabilities to forward-deployed units on-demand. Yolonda holds a litany of degrees and certifications including a Bachelor of Science, Computer Science (University of Notre Dame, 2005), Master of Science, Information Technology, with a concentration in Information Assurance (University of Maryland, 2010) as well as GSEC (2008), GCIH (2011), and CISSP (2008) certifications. In her downtime she enjoys traveling (up next: Bogota, Columbia) and home brewing (up next: a peach sour ale)

Back to Circle City Con 2019 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast