2854 - 作为开发人员安全与否我为什么要关心？.pdf

1、SECURITY AS A DEVELOPER,WHY SHOULD I CARE?MARINA SCHWENKSESSION 2854ABOUT ME Senior Programmer Analyst/IBM i admin at Innovative Software Solutions Consulting Member of the CAAC.(COMMON Americas Advisory Counsel)2019 IBM fresh face President of WMCPA COMMON Board Member IBM Champion for Power COMMON

2、s New to IBM I(N2i)committee member and board liaison.SECURITY TODAYEvery single day you hear about this company or that company got hit with ransomware world wide.Ransomware is not the only threat to developers today.Security is front focus on every IT Executives mind You!As a developer should have

3、 security on the forefront of your mind.WHY?Potential bugs that are integrated in your code could be the reason why your applications can and will break.You want to integrate open source code,are you sure that its safe?What about your credentials?What about the access to your programs?WHY?Software t

4、eams need to follow security best practices to eliminate the leak of secrets,as threat actors increase their scanning for configuration and repository files!Cybercriminals and sophisticated threat actors have stepped up their search for development files inadvertently pushed to application servers,h

5、oping to gain access to the passwords and source code of deployed applications.WHY?A leaked development secret can have widespread and potentially dire impact,says Jennifer Schelkopf,director of product management at GitHub.When secrets like API keys,tokens,or credentials are exposed in code,attacke

6、rs dont just gain access to the specific resources those secrets unlock they often use that initial access as a foothold to move laterally through connected systems,potentially compromising entire organizations,she says.GIVE ME REASONS WHY!Protects Sensitive DataYou as a developer have access to the