#atlassian
Scaling Security at Atlassian - Ashley Blackmore
Nov 30, 2014
With any QA or security team, it's important to utilize your resources as much as you can since testing every piece of a large codebase is a huge task. Join Ashley's session to discover how Atlassian uses automation to focus on our team's specific threat models, and do more with less.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
#atlassian
NOTES:
• Your main title goes in the large blue
font.
• If you have a title that naturally splits
into a subtitle, use the smaller green
font for the subtitle. If not, delete the
subtitle
PHOTO
1. Place your photo at around the
same size as the example photo
2. (Keynote users:) Move your photo
onto the blue shape below Select both
photo and shape and then choose
“Mask with selected shape” from the
menu. Double click the photo to edit
the scale and crop position.
ASHLEY BLACKMORE • SECURITY ENGINEER • ATLASSIAN • @BlackmoreAshley
Application Security at Atlassian
Secure Code Across Massive Teams
About Me
• Studied Electrical Engineering • Interests: database algorithms, data analysis • Engineer, on Atlassian AppSec Team for ~18 months
About This Talk
• Being a Friendly Neighbourhood Security Engineer
• Many Robots: Herding Automatons and Mechanical Turks
NOTES:
• If it’s important for the
audience to remember where
they are in the chapter
sequence and see forward /
backward, use this slide for
chapter titles. Move the white
lozenge style to whichever
section you’re introducing
Being a Friendly Neighbourhood
Security Engineer
NOTES:
• If you use the Chaper Title with
sections system, you can place
a lozenge at the top of the page
to indicate the section, like this
example
• Use this only if it’s important to
remind people of where they’re
at in the Chapter sequence.
BEING A FRIENDLY NEIGHBOURHOOD SECURITY ENGINEER
Wargames, Pwnys and Pavlovian Conditioning
...great code is also secure code
NOTES:
• If you use the Chaper Title with
sections system, you can place
a lozenge at the top of the page
to indicate the section, like this
example
• Use this only if it’s important to
remind people of where they’re
at in the Chapter sequence.
BEING A FRIENDLY NEIGHBOURHOOD SECURITY ENGINEER
Wargames, Pwnys and Pavlovian Conditioning
NOTES:
• If you use the Chaper Title with
sections system, you can place
a lozenge at the top of the page
to indicate the section, like this
example
• Use this only if it’s important to
remind people of where they’re
at in the Chapter sequence.
BEING A FRIENDLY NEIGHBOURHOOD SECURITY ENGINEER
Wargames, Pwnys and Pavlovian Conditioning
NOTES:
• If you use the Chaper Title with
sections system, you can place
a lozenge at the top of the page
to indicate the section, like this
example
• Use this only if it’s important to
remind people of where they’re
at in the Chapter sequence.
BEING A FRIENDLY NEIGHBOURHOOD SECURITY ENGINEER
Security in The Atlassian Dev Pipeline
NOTES:
• If you use the Chaper Title with
sections system, you can place
a lozenge at the top of the page
to indicate the section, like this
example
• Use this only if it’s important to
remind people of where they’re
at in the Chapter sequence.
BEING A FRIENDLY NEIGHBOURHOOD SECURITY ENGINEER
Security in The Atlassian Dev Pipeline
NOTES:
• If it’s important for the
audience to remember where
they are in the chapter
sequence and see forward /
backward, use this slide for
chapter titles. Move the white
lozenge style to whichever
section you’re introducing
Many Robots: Herding Automatons
and Mechanical Turks
NOTES:
• If you use the Chaper Title with
sections system, you can place
a lozenge at the top of the page
to indicate the section, like this
example
• Use this only if it’s important to
remind people of where they’re
at in the Chapter sequence.
HERDING MANY ROBOTS
Bespoke Automation: The Balance of Commercial and Custom Tooling
NOTES:
• If you use the Chaper Title with
sections system, you can place
a lozenge at the top of the page
to indicate the section, like this
example
• Use this only if it’s important to
remind people of where they’re
at in the Chapter sequence.
HERDING MANY ROBOTS
Drinketh not of the firehose
...don't just build ways to keep yourself busy
"No security alerts shown to
developers should ever be false positives."
Inline Education
HERDING MANY ROBOTS
Developer-Security Feedback Loop
HERDING MANY ROBOTS
NOTES:
• If it’s important for the
audience to remember where
they are in the chapter
sequence and see forward /
backward, use this slide for
chapter titles. Move the white
lozenge style to whichever
section you’re introducing
The Future of Atlassian Security Automation:
Lighthouse
Lighthouse: Plan Creation
BUILD YOUR OWN AUTOMATION!
Lighthouse: Results
BUILD YOUR OWN AUTOMATION!
NOTES:
• If you have short reminders or
highlights that you want people
to tweet, use this. • Make sure your Engineers know that great code is also secure code • Reward your Engineers for being great • Use automation, but always keep the SNR high
Key takeaways: #atlassian
Thank you!
ASHLEY BLACKMORE • SECURITY ENGINEER • ATLASSIAN • @BlackmoreAshley
Related Documents
