Solving for Somebody Else's Problem: Hacking Devs for Better Security

BSidesLV 2018

Presented by: Sarah Gibson
Date: Wednesday August 08, 2018
Time: 17:00 - 17:55
Location: Common Ground

Getting developers to take security findings seriously can feel like an uphill battle. Security can be seen as an outside function that is separate from engineering, and somebody else’s problem. Reported findings are frequently dismissed or ignored.Using the framework of social engineering, we’ll discuss techniques and strategies for bringing developers to the conclusion that they should fix their security bugs. From pretexts to recon, to recognizing people as emotional state machines, the tools of social engineering are usually used as part of the testing phase in security. In this talk we’ll cover how to bring developers over to your side and understand why security findings matter to them.

Sarah Gibson


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats