Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Nuclear powered software securty
Search
carnage
July 01, 2017
Technology
0
440
Nuclear powered software securty
carnage
July 01, 2017
Tweet
Share
More Decks by carnage
See All by carnage
Object re-orientation
carnage
2
510
Event Driven Development
carnage
0
570
More Secrets of Cryptography
carnage
0
420
Microservices vs The distributed monolith
carnage
1
2.4k
Passwords and how to handle them
carnage
0
400
A storm is brewing
carnage
0
98
The secrets of cryptography
carnage
0
190
The secrets of cryptography
carnage
0
180
You attended talk: An introduction to event sourcing (short)
carnage
0
660
Other Decks in Technology
See All in Technology
チーリンについて
hirotomotaguchi
3
880
最近のLinux普段づかいWaylandデスクトップ元年
penguin2716
1
660
5分で知るMicrosoft Ignite
taiponrock
PRO
0
220
Kubernetes Multi-tenancy: Principles and Practices for Large Scale Internal Platforms
hhiroshell
0
110
eBPFとwaruiBPF
sat
PRO
4
2.5k
SSO方式とJumpアカウント方式の比較と設計方針
yuobayashi
7
510
20251209_WAKECareer_生成AIを活用した設計・開発プロセス
syobochim
5
1.4k
Playwright x GitHub Actionsで実現する「レビューしやすい」E2Eテストレポート
kinosuke01
0
410
ML PM Talk #1 - ML PMの分類に関する考察
lycorptech_jp
PRO
1
730
モダンデータスタック (MDS) の話とデータ分析が起こすビジネス変革
sutotakeshi
0
430
AWS Bedrock AgentCoreで作る 1on1支援AIエージェント 〜Memory × Evaluationsによる実践開発〜
yusukeshimizu
6
370
生成AIでテスト設計はどこまでできる? 「テスト粒度」を操るテーラリング術
shota_kusaba
0
520
Featured
See All Featured
The Cult of Friendly URLs
andyhume
79
6.7k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.3k
Making the Leap to Tech Lead
cromwellryan
135
9.7k
Leading Effective Engineering Teams in the AI Era
addyosmani
8
1.3k
Build The Right Thing And Hit Your Dates
maggiecrowley
38
3k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
1
93
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.3k
Context Engineering - Making Every Token Count
addyosmani
9
490
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.8k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.1k
VelocityConf: Rendering Performance Case Studies
addyosmani
333
24k
How to train your dragon (web standard)
notwaldorf
97
6.4k
Transcript
Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017
1
Introduction
Beware of lists 1
Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via
Wikimedia Commons 2
Nuclear bomb 1By United States Department of Energy [Public domain],
via Wikimedia Commons 3
Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],
via Wikimedia Commons 4
Fault Tree Analysis
Loss of cooling 5
Loss of power 6
Inhibit gate 7
E-Commerce 8
E-Commerce 9
How to use your diagram • Consider risk from each
item 10
How to use your diagram • Consider risk from each
item • Consider mitigations 10
How to use your diagram • Consider risk from each
item • Consider mitigations • Not all mitigations will be technical 10
Defence in Depth
A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],
via Wikimedia Commons 11
Everything is connected 11
Defense in depth 12
Database Access 13
Adding encryption 14
Zonal analysis
United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via
Wikimedia Commons 15
What can we learn from this? 15
Zonal analysis for security • Administrator passwords 16
Zonal analysis for security • Administrator passwords • Shared systems
16
Zonal analysis for security • Administrator passwords • Shared systems
• Operating system vulnerabilities 16
Assume everything is open to the internet. 16
Zonal analysis for data • Look for data hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots • Reduce data in hotspots 17
Failing safe
Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons
18
Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],
via Wikimedia Commons 19
Failing secure 19
What happens when something goes wrong? 19
Conclusion
Identify undesirable outcomes 19
Layer your defences 19
Look out for single points of failure 19
Handle failures securely 19
Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20
carnage
hirotomotaguchi
penguin2716
taiponrock
hhiroshell
sat
yuobayashi
syobochim
kinosuke01
lycorptech_jp
sutotakeshi
yusukeshimizu
shota_kusaba
andyhume
sergeychernyshev
cromwellryan
addyosmani
maggiecrowley
tammyeverts
rmw
reverentgeek
kastner
notwaldorf
![Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_3.jpg){kind=link}
![Nuclear bomb 1By United States Department of Energy [Public domain],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_4.jpg){kind=link}
![Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_5.jpg){kind=link}
![A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_16.jpg){kind=link}
![United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_22.jpg){kind=link}
![Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_32.jpg){kind=link}
![Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_33.jpg){kind=link}
