Dmitry Desyatkov

Director of Information Security, Wrike

About speaker

* Director of Information Security at Wrike with solid experience of end-to-end application and information security processes

* 17 years in the IT industry, 10+ in Security

June 17
15:00 — 16:00
Frequently Product Security term is mixed with Application Security approach and processes, which certainly play key roles in security development process and the development of product functionality, but the Product Security is the combination of various security domains and areas including but not limited to Application, System, Infrastructure and Incident Response Management, as well as Product activities to develop and improve «security» features and the functionality of application itself. So the Product Security is something like the product quality measure that shows how a product or service is secure.

The presentation describes our experience of establishing product security from scratch with common mistakes made in security processes and successful strategies allowed us to make our product aligned with key enterprise security requirements and standards. Also we will discuss the key components of a successful product strategy that includes such aspects as setting security team up and communication with departments as engineering and product managers, and everything that finally helped us to formulate the basic principles of the Product Security Framework for secure product.
June 18
12:00 — 13:00
First Track
All those who analyze a web application code face the problem of search for vulnerabilities on the client side, in JavaScript to be exact. On the one hand, it is difficult to perform a static analysis of JavaScript, by its nature. On the other hand, there are not so many types of vulnerabilities there. However, a security team has to find them and it is better to do it automatically, rather than by using grep command.