Hairy Security: this was the talk Romain and I gave at Code Motion Berlin 2015.

For an hour we discussed many of the challenges developers face securing web apps (a simple Java SpringBoot app in our use case)

The key "Take away":

  • Security is your responsibility

  • Think about it, Threat model

  • You’ll never be safe

  • nor your data

  • Encrypt !

  • Manage your secrets

  • Switch 2FA/strong authentication on

  • UX is not an excuse for a lack of security

  • Security is not an excuse for a bad UX

  • Don’t forget continuous integration

  • Treat your servers like cattle

  • Be ready to firefight

You’ll find