Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Nuclear powered software securty

carnage
July 01, 2017
Technology
0
380

Nuclear powered software securty

carnage

July 01, 2017
Tweet

More Decks by carnage

See All by carnage
Object re-orientation
carnage
2
460
Event Driven Development
carnage
0
520
More Secrets of Cryptography
carnage
0
360
Microservices vs The distributed monolith
carnage
1
2.1k
Passwords and how to handle them
carnage
0
330
A storm is brewing
carnage
0
88
The secrets of cryptography
carnage
0
130
The secrets of cryptography
carnage
0
130
You attended talk: An introduction to event sourcing (short)
carnage
0
590

Other Decks in Technology

See All in Technology
Redmine 6.0 新機能評価ガイド
vividtone
0
310
エンジニアが一生困らない ドキュメント作成の基本
naohiro_nakata
3
160
なぜ今 AI Agent なのか _近藤憲児
kenjikondobai
2
1.2k
音声×Copilot オンコパの世界
kasada
1
120
dev 補講: プロダクトセキュリティ / Product security overview
wa6sn
0
1.8k
AGIについてChatGPTに聞いてみた
blueb
0
100
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.1k
データ活用促進のためのデータ分析基盤の進化
takumakouno
2
780
社内で最大の技術的負債のリファクタリングに取り組んだお話し
kidooonn
1
500
Exadata Database Service on Cloud@Customer セキュリティ、ネットワーク、および管理について
oracle4engineer
PRO
0
1.1k
Microsoft MVPになる前、なってから/Fukuoka_Tech_Women_Community_1_baba
nina01
0
180
3次元点群データ「VIRTUAL SHIZUOKA』のオープンデータ化による恩恵と協働の未来/FOSS4G Japan 2024
kazz24s
0
140

Featured

See All Featured
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
Gamification - CAS2011
davidbonilla
80
5k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
43
2.2k
Designing for humans not robots
tammielis
250
25k
Documentation Writing (for coders)
carmenintech
65
4.4k
Speed Design
sergeychernyshev
24
610
Art, The Web, and Tiny UX
lynnandtonic
297
20k
It's Worth the Effort
3n
183
27k
A Philosophy of Restraint
colly
203
16k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
Writing Fast Ruby
sferik
627
61k

Transcript

  1. Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017

    1

  2. Introduction

  3. Beware of lists 1

  4. Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via

    Wikimedia Commons 2

  5. Nuclear bomb 1By United States Department of Energy [Public domain],

    via Wikimedia Commons 3

  6. Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],

    via Wikimedia Commons 4

  7. Fault Tree Analysis

  8. Loss of cooling 5

  9. Loss of power 6

  10. Inhibit gate 7

  11. E-Commerce 8

  12. E-Commerce 9

  13. How to use your diagram • Consider risk from each

    item 10

  14. How to use your diagram • Consider risk from each

    item • Consider mitigations 10

  15. How to use your diagram • Consider risk from each

    item • Consider mitigations • Not all mitigations will be technical 10

  16. Defence in Depth

  17. A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],

    via Wikimedia Commons 11

  18. Everything is connected 11

  19. Defense in depth 12

  20. Database Access 13

  21. Adding encryption 14

  22. Zonal analysis

  23. United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via

    Wikimedia Commons 15

  24. What can we learn from this? 15

  25. Zonal analysis for security • Administrator passwords 16

  26. Zonal analysis for security • Administrator passwords • Shared systems

    16

  27. Zonal analysis for security • Administrator passwords • Shared systems

    • Operating system vulnerabilities 16

  28. Assume everything is open to the internet. 16

  29. Zonal analysis for data • Look for data hotspots 17

  30. Zonal analysis for data • Look for data hotspots •

    Focus on hotspots 17

  31. Zonal analysis for data • Look for data hotspots •

    Focus on hotspots • Reduce data in hotspots 17

  32. Failing safe

  33. Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons

    18

  34. Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],

    via Wikimedia Commons 19

  35. Failing secure 19

  36. What happens when something goes wrong? 19

  37. Conclusion

  38. Identify undesirable outcomes 19

  39. Layer your defences 19

  40. Look out for single points of failure 19

  41. Handle failures securely 19

  42. Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20