Відео

Does anyone implemented this with new ssh key ed25519

Hey! I saw a conference talk once about Netflix's original rollout of semgrep for AppSec, but I can't seem to find it now. :( Does anyone at Netflix have a copy or link?

Would be great if there's a quick link in the description or video chapters to get to content of interest. For i.e, I wanted to specifically get to Dan and Dave's content from the start of the video.

I love this talk. One of the issues I have with validity windows in AWS is that web browser sessions will just force re-authentication after a short window like 10-30 mins, and then you have to just start over again. I'm yet to solve that neatly.

A WAF is not overrated, so he's wrong. A WAF with exploit-specific detection is 100% necessary to BLOCK what is KNOWN in the wild. Secondly, the # of secure coding bugs continues to increase over the past 20 years, therefore the NEED for WAF is increasing since secure code bugs increases. The gentleman has no idea what he's talking about -- I'm tired of quasi-experienced ITSec folks forming opinions publicly to the masses without being checked for integrity, common sense, logic, knowledge, experience, and reality. IF secure coding was getting better (and NOT EXPANDING exponentially) then you can make the claim that a WAF is overrated or unnecessary. Also, for production code, fixing secure coding bugs is exponentially more expensive $$$$ than deploying a signature-OWASP-based WAF. An open source WAF which costs almost nothing is exponentially more valuable than secure coding. Web App developers are lucky and used to having a WAF protecting them. Hiding a vulnerability being a negative WAF attribute is just a silly statement... barilla.ink or menschrisk.com

They did a good job presenting what most people don't readily grasp.

This sounds like some high school academic project with almost no value add to Netflix.

Awesome storytelling and info sharing. In future, I'd definitely request for Netflix slide deck to have more color contrast so the slides are easy to read for everyone (grey can be hard to see against dark grey background)

Thank you for sharing the information. This is extremely helpful.

please provide a link to the slides

02:00 - Building an Animation Studio 13:10 - Tackling Scale at Netflix with an Embedded Security Model 27:10 - Securing the Netflix Connected Studio 42:00 - Questions

how to securely collect the security config of a device? do you install an agent on their device? how do you prevent attacker from spoofing those traffic, can the user send green traffic even their device is not compliant?

nice work!

I called the first number that google gave for your help line.. turned out to be bogus number wanting me to pay 200 dollars to get rid of hackers.. leading me to believe my netflix had been hacked! I hung up feeling it was a scam, please look into this

Excellent Presentation, absolutely copy-book.