Security Training & Awareness at Tinkoff

Friends, before you is the transcript of Elena Klochkova's report from the Avito meetup on security.



image



Hello! My name is Elena Klochkova, I work in the Application Security team.



, , , . : , , . .



, . - : , SDLC. , . SAST DAST, , Bug Bounty.





. :



  • .
  • - .

    , AppSec. secured-by-design .




, .



image



:



image



.



image



iOS, Android . . — , . — , , . , .



. . , .



OWASP, . — «» «».



350 .





: , , .



best practices - (ASWS MASWS). -.



Security Champions



— Security Champions ( , ). « » , .



20 . , . , , .



Security Champions :



  • .
  • SSDL .
  • .
  • .

    . «», , , .


Bug Bounty



. , , : «», «» «», . 15% 18 .



, « » . 5% .





. , — « ». , , , .

image



.





. , , . -, .




All Articles