Locking down internal apps presents unique and frustrating challenges for appsec teams. Your organization may have dozens if not hundreds of sensitive internal tools, dashboards, and control panels, running on heterogenous technical stacks with varying levels of code quality, technical debt, external dependencies, and maintenance commitments. Hongyi discusses experiences in managing internal appsec, conveying the technical and management lessons Dropbox has learned in the process. He captures what worked well — finding a useful mental model to organize a road map and rolling out content security policy — and what didn’t.
- WATCH NOW
- VIEW 2023 EVENTS
- DIVIDER
- EXPLORE TOPICS
- MACHINE LEARNING AND AI
- Data, Systems, and Networking
- ANDROID, VIDEO, AND WEB
- DEV TOOLS AND OPS, PRIVACY, SUSTAINABILITY, AND PERFORMANCE
- Fighting Abuse and Security
- DIVIDER
- Annual @Scale Conference
- Blog
- Community Forum
- About @Scale