SecAppDev 2020 Lecture Details

Intro to trust & safety - Identifying abuse vectors

Lexi Galantino
Tuesday March 10, 14:00 - 15:30
Short description

Trust & safety is all about how bad actors can exploit application design vulnerabilities to abuse other users. Here, you’ll learn how to identify these vulnerabilities so that you can prevent or close them in your applications.

Abstract

The field of secure application development tends to focus on how bad actors can exploit code vulnerabilities to abuse the application. In contrast, the field of trust & safety focuses on how bad actors can exploit application design vulnerabilities to abuse other users.

In this session, we’ll tour common types of these trust & safety vulnerabilities, called abuse vectors, and construct guiding principles for identifying them. Then, we’ll look at several example applications and practice spotting these problems.

Key takeaway

Attendees will learn how to identify trust & safety application vulnerabilities so that they can prevent or close them in their applications.

Content level

Introductory

Target audience

This session is intended for anyone who designs, builds, or secures software for users.

Prerequisites

Familiarity with one or more social sites, like GitHub, Twitter, Slack, etc. is helpful. Awareness of the problem of online harassment is a plus.


Lexi Galantino

Lexi Galantino

Software Engineer, Community & Safety team, GitHub

Lexi is a software engineer on GitHub's Community & Safety team, where she builds features to ensure user privacy, trust, and safety on GitHub.com. In addition, she enjoys speaking and teaching about online Trust & Safety, the design and implementation principles that enable positive and trustful interactions between strangers on the internet. Aside from her work, she also enjoys traveling, and spending time with dogs.

Full speaker profile


Related privacy, safety & ethics sessions

Trust & safety II - Best practices & current topics

Lecture by Lexi Galantino

Following “Intro to trust & safety”, this session will concern more advanced trust & safety design problems. We’ll also look at the current edge of research and recent product experiments and discuss their implications.

Privacy, safety & ethics Thursday March 12, 09:00 - 10:30