Defending Against Account Takeovers: Developers' Best Practices

Recorded on March 26, 2018

Watch Now

One of the most critical aspects of applications and APIs is the code that deals with users' accounts. In DevOps environments, adding instrumentation is key, and security instrumentation is no exception. Many attack types can be easily stopped with specific tools and environment configurations, but Account Takeover attacks don't follow conventional attack patterns: they look, act, and feel like legitimate users.

In this webinar, Kevin Hanaford, Head of Information Security at Remitly, will share how DevOps teams are taking a new approach to defending against account takeover attacks, including:

  • How Account Takeover attacks became the problem they are today
  • How Remitly defends against these attacks without impacting legitimate traffic
  • Steps you can take today to secure your applications from ATO attacks



Watch Now

About the Presenters

Kevin Hanaford

Head of Information Security, Infrastructure, and IT, Remitly

Kevin is the Head of Information Security, Infrastructure, and IT at Remitly and leads the teams responsible for Remitly's security posture, cloud environment, development and deployment tools, and is a regular fixture at the coffee machines. Prior to arriving at Remitly, Kevin spent time running security programs for Amazon and PayPal, and managing NOCs for Bungie, Xbox, and Office 365. He takes a customer-centric view on the work he oversees and truly believes that you can increase your security posture without adding friction or sacrificing convenience if you try hard enough... it just may feel a bit like hunting for unicorns in the process.

James Wickett

Signal Sciences

James spends a lot of time at the intersection of the DevOps and Security communities. He works as Head of Research at Signal Sciences and is a supporter of the Rugged Software and Rugged DevOps movements. Seeing the gap in software testing, James founded an open source project, Gauntlt, to serve as a Rugged Testing Framework. He is the author of several security and DevOps courses on Lynda.com and LinkedIn Learning, including: DevOps Fundamentals, Infrastructure Automation, Security Testing, Continuous Delivery, and Site Reliability Engineering.

James is the creator and founder of the Lonestar Application Security Conference which is the largest annual security conference in Austin, TX. He also runs DevOps Days Austin and previously served on the global DevOps Days board. He also holds several security certifications including CISSP and GWAPT.

The world's top companies trust
Signal Sciences.