$30 off During Our Annual Pro Sale. View Details »

Designing Secure APIs with State Machines

Designing Secure APIs with State Machines

Did you ever need to create an application whose behavior varies with its state, while still presenting a consistent interface to its callers? A good, layered design using state machines can help avoid the tedious 'if' checks for flags, and ensure that if your code runs at all, it will run with all the required values initialized. I will demonstrate this with examples, and talk about some available tools and libraries to build state machines in Python.

I will also discuss how to effectively use the process of threat modeling to build secure web applications. Threat modeling is a computer security technique that helps you better understand the systems you create, identify attacks, and build defenses. I will talk about things that we, as software developers, can do to assess the security of our applications in the real world through this process.

Ashwini Oruganti

May 20, 2017
Tweet

More Decks by Ashwini Oruganti

Other Decks in Programming

Transcript

  1. Designing Secure APIs with State Machines Ashwini Oruganti PyCon 2017

  2. twitter.com/_ashfall_ Security Engineer, Docker < pyca/tls, Twisted >

  3. Problem Solution

  4. Forgot Password

  5. None
  6. A single token belongs to a single user.

  7. None
  8. Threat Modeling a computer security technique to help defenders understand

    their own systems and drive the process of building better defenses. -https://alexgaynor.net/2016/jul/29/intro-to-threat-modeling/
  9. Tokens should be generated via a cryptographically secure random number

    generator.
  10. None
  11. Tokens should expire after use / a set period of

    time
  12. None
  13. State happens.

  14. Complexity -> Bugs

  15. (Computer) Science!

  16. None
  17. None
  18. None
  19. Hard to: * Test * Read * Debug * Change

  20. State Machines!

  21. A state machine is a piece of software that accepts

    input and then (usually) generates a deterministic (probably) output.
  22. Settings, values, data == “state”

  23. None
  24. None
  25. None
  26. Maintainable

  27. Automated Testing

  28. STATES = [HAVE_PASSWORD, TOKEN_CREATED] INPUTS = [REQUEST_RESET, ENTER_PASSWORD] AT LEAST

    4 CASES TO TEST. Enhanced Unit Testing
  29. How do I state machine in Python?

  30. None
  31. Automat https://github.com/glyph/automat

  32. “Automat is designed from the perspective of a deep and

    abiding sense of shame” - Glyph, Author
  33. Q. How do I get the current state of a

    state machine?
  34. Q. How do I get the current state of a

    state machine? A. You don’t.
  35. None
  36. None
  37. None
  38. None
  39. If you are designing a system, threat modeling it as

    early as possible is ideal.
  40. Threat modeling forces you to look at all of your

    assets.
  41. Threat modeling forces you to identify how all of those

    assets are used.
  42. Threat modeling forces you to identify mutable state.

  43. If you find yourself writing a lot of if-else checks,

    Remember there’s one or more explicit State Machines to explore. To summarize:
  44. https://clusterhq.com/2013/12/05/ what-is-a-state-machine/ https://github.com/glyph/automat https://gist.github.com/markrwilliams/ 9caf35e2dc2dfa07f4f64af6a77ec170

  45. Thank You! twitter.com/_ashfall_ State Machines Open Space: 5pm @ b114