Product Security Trends 2020 Online Conference Video Recordings

Hello, Habr! We at Wrike TechClub decided to host several online information security meetings. The first of them was held last Tuesday and aroused great interest in the community. We received many applications for reports and almost 500 registered. I had to expand the usual mitap format to a mini-conference of 6 reports. All materials are happy to share with you.

Moreover, the interest in the meeting turned out to be so great that we decided not to stop and quickly organize another meeting - this time for the security of cloud solutions. It will be held May 26, also online. Free registration.

In the meantime, you can see what happened on April 21st and discuss the reports in the comments.

We talked about new trends, approaches, tools and challenges that arise in front of information security departments today. Storing data in the clouds, working with third-party vendors and solutions, automating security review in the context of continuous development and release process, and much more ...



Dmitry Desyatkov, Wrike - Do not trust anyone!

It is very difficult to imagine a product that would do without third-party libraries, vendors or integrations. They save development time, give more opportunities and make the product more competitive. But you have to pay for everything. The safety of the weakest part of the product determines the safety of the entire product. Let's discuss the types of third party components and what can be done to minimize the risks of working with them.


Grigory Streltsov, Wrike - Automation of safe development

Large enterprise products are faced with the need to automate the daily routine, including in matters of information security. Together with other departments of the company, we came up with an automation process based on a number of open source solutions and Burp Suite. Burp Suite is a popular vulnerability assessment tool. I will tell you how to integrate it into the existing development cycle, show what difficulties you may encounter, and also discuss all the advantages and disadvantages of a configured system.


Sergey Belov, Mail.ru - We release safe features v2

This report will continue a series of questions and answers in modern AppSec. We will try to disassemble the complex cases of modern design and come up with optimal and safe solutions for them.


Oleg Maslennikov, CIAN - Securing Microservice Architecture in Kubernetes

Active development of DevOps ideas and microservice architecture has led to the popularization of containerization in mass volumes, when the product is represented by hundreds of microservices. This situation made it necessary to somehow manage the work and layout of all these microservices. The most popular solution to this problem is Kubernetes. In addition to solving operational problems, it also allows you to deal with some common problems in the field of information security inherent in microservice applications. But the functionality provided by Kubernetes often has unobvious or clearly undeclared pitfalls. I’ll tell you how Kubernetes works inside, how it differs from a simple Docker, and what security features it has in various configurations.


Alexandra Svatikova, Odnoklassniki - User account security - a look from inside the online service

Where do the hacked accounts come from and why the absence of vulnerabilities does not guarantee the complete safety of users of the social network? Why, with all its simplicity and clarity, is predential stuffing the most common way to attack online services? I will share our observations of such attacks over the past few years and the experience of implementing measures to counter them, as well as talk about the problems that we encountered along the way.


Yulia Omelyanenko, Wrike - COVID-19: don't let the virus get into your network from the air

Food safety is not limited to the food environment, the human factor remains its main engine. The current situation in the world has given impetus to the development of telecommuting. But the attackers are on the alert and come up with new attack vectors, keeping pace with the times. We’ll talk about approaches to meeting corporate security requirements and how they can help you.


- Registration for Cloud Security meetup May 26
- All Wrike TechClub Meetups