Defenders always run into a wall when it comes to rolling out security features or fixes that have the potential to break everything--but feature flags can change that. Feature flags are a powerful ramp-up methodology to allow developers (or security folks) to enable or disable site functionality. We'll dive into ways to ramp up new security functionality and fix complex bugs using feature flags with specific examples from etsy's bug bounty. We'll also touch upon the topic of A/B testing, and explore a real world security feature development scenario involving A/B testing to add full-site ssl to a website.
Kenneth is a senior product security engineer at Etsy.com, working on everything from managing the bug bounty program to shattering the site with new vulnerabilities. Previously, Kenneth worked at FactSet Research Systems preventing The Hackers from stealing financial data. He went to Columbia and got an MS in computer science focusing on computer security. Between sweet hacks, Kenneth enjoys drinking tea and force feeding Etsy's operations team with Japanese chocolates.