Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Nuclear powered software securty
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
carnage
July 01, 2017
Technology
470
0
Share
Nuclear powered software securty
carnage
July 01, 2017
More Decks by carnage
See All by carnage
Object re-orientation
carnage
2
540
Event Driven Development
carnage
0
600
More Secrets of Cryptography
carnage
0
440
Microservices vs The distributed monolith
carnage
1
2.4k
Passwords and how to handle them
carnage
0
420
A storm is brewing
carnage
0
110
The secrets of cryptography
carnage
0
210
The secrets of cryptography
carnage
0
190
You attended talk: An introduction to event sourcing (short)
carnage
0
690
Other Decks in Technology
See All in Technology
[最強DB講義]推薦システム | 評価編
recsyslab
PRO
0
110
データ定義の混乱と戦う 〜 管理会計と財務会計 〜
wonohe
0
150
生成AIが変える SaaS の競争原理と弁護士ドットコムのプロダクト戦略
bengo4com
1
2.5k
COBOL婆さんの伝説
poropinai1966
0
110
20260428_Product Management Summit_tadokoroyoshiro
tadokoro_yoshiro
14
15k
AI時代のガードレールとしてのAPIガバナンス
nagix
0
310
「責任あるAIエージェント」こそ自社で開発しよう!
minorun365
10
2.3k
Microsoft 365 / Microsoft 365 Copilot : 自分の状態を確認する「ラベル」について
taichinakamura
0
370
No Types Needed, Just Callable Method Check
dak2
1
2.2k
色を視る
yuzneri
0
180
AWS Transform CustomでIaCコードを自由自在に変換しよう
duelist2020jp
0
170
VespaのParent Childを用いたフィードパフォーマンスの改善
taking
0
120
Featured
See All Featured
Art, The Web, and Tiny UX
lynnandtonic
304
21k
Testing 201, or: Great Expectations
jmmastey
46
8.1k
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
aleyda
1
1.9k
First, design no harm
axbom
PRO
2
1.2k
Building Applications with DynamoDB
mza
96
7k
Evolving SEO for Evolving Search Engines
ryanjones
0
180
The SEO identity crisis: Don't let AI make you average
varn
0
450
Paper Plane
katiecoart
PRO
1
49k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
Sam Torres - BigQuery for SEOs
techseoconnect
PRO
0
250
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
199
73k
Navigating Weather and Climate Data
rabernat
0
170
Transcript
Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017
1
Introduction
Beware of lists 1
Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via
Wikimedia Commons 2
Nuclear bomb 1By United States Department of Energy [Public domain],
via Wikimedia Commons 3
Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],
via Wikimedia Commons 4
Fault Tree Analysis
Loss of cooling 5
Loss of power 6
Inhibit gate 7
E-Commerce 8
E-Commerce 9
How to use your diagram • Consider risk from each
item 10
How to use your diagram • Consider risk from each
item • Consider mitigations 10
How to use your diagram • Consider risk from each
item • Consider mitigations • Not all mitigations will be technical 10
Defence in Depth
A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],
via Wikimedia Commons 11
Everything is connected 11
Defense in depth 12
Database Access 13
Adding encryption 14
Zonal analysis
United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via
Wikimedia Commons 15
What can we learn from this? 15
Zonal analysis for security • Administrator passwords 16
Zonal analysis for security • Administrator passwords • Shared systems
16
Zonal analysis for security • Administrator passwords • Shared systems
• Operating system vulnerabilities 16
Assume everything is open to the internet. 16
Zonal analysis for data • Look for data hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots • Reduce data in hotspots 17
Failing safe
Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons
18
Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],
via Wikimedia Commons 19
Failing secure 19
What happens when something goes wrong? 19
Conclusion
Identify undesirable outcomes 19
Layer your defences 19
Look out for single points of failure 19
Handle failures securely 19
Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20
SiteGround - Reliable hosting with speed, security, and support you can count on.
carnage
recsyslab
wonohe
bengo4com
poropinai1966
tadokoro_yoshiro
nagix
minorun365
taichinakamura
dak2
yuzneri
duelist2020jp
taking
lynnandtonic
jmmastey
aleyda
axbom
mza
ryanjones
varn
katiecoart
afnizarnur
techseoconnect
soudai
rabernat
![Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_3.jpg){kind=link}
![Nuclear bomb 1By United States Department of Energy [Public domain],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_4.jpg){kind=link}
![Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_5.jpg){kind=link}
![A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_16.jpg){kind=link}
![United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_22.jpg){kind=link}
![Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_32.jpg){kind=link}
![Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_33.jpg){kind=link}
