CypherCon 2024

Modern vs. 0ld 5k00l

Seth Law

Abstract:

The development landscape has seen an increased adoption of security practices during the last few years. It has finally become standard practice to perform penetration testing, run threat modeling, teach developers about security, push left, and have zero trust. This shows why the industry is better off today than previously. Or does it? Come explore the real history of security and why everything old is new again. See a number of security failures that existed in years past and how they still exist in modern examples. Also explore the strategies that effectively catch these problems early in the development lifecycle without spending a fortune on security snake oil.

Importance: During my career I have experienced security strategies and vulnerabilities that return in a new form over and over again. Whatever someone thinks of, the ability to secure or exploit the system follows the same patterns and we can learn from the past.

Seth Law

Trusting Zero Left Pushing

Seth Law is the Founder and Principal Consultant of Redpoint Security. During the last 15 years, Seth has worked within multiple security disciplines, including application development, cloud architecture, and network protection, both as a manager and individual contributor. Seth has honed his security skills using offensive and defensive techniques, including tool development and security research. His understanding of the software development lifecycle and ability to equate security issues to development tasks has allowed him to speak at conferences ranging from Blackhat and DEF CON to local security meetups. In his spare time, Seth revels in deep-level analysis of programming languages and inherent flaws, develops the iOS version of HackerTracker, and co-hosts the Absolute AppSec podcast with Ken Johnson.