Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Nuclear powered software securty

Avatar for carnage carnage
July 01, 2017
Technology
0
430

Nuclear powered software securty

Avatar for carnage

carnage

July 01, 2017
Tweet

More Decks by carnage

See All by carnage
Object re-orientation
Avatar for carnage carnage
2
500
Event Driven Development
Avatar for carnage carnage
0
540
More Secrets of Cryptography
Avatar for carnage carnage
0
400
Microservices vs The distributed monolith
Avatar for carnage carnage
1
2.3k
Passwords and how to handle them
Avatar for carnage carnage
0
390
A storm is brewing
Avatar for carnage carnage
0
97
The secrets of cryptography
Avatar for carnage carnage
0
180
The secrets of cryptography
Avatar for carnage carnage
0
170
You attended talk: An introduction to event sourcing (short)
Avatar for carnage carnage
0
650

Other Decks in Technology

See All in Technology
Oracle Base Database Service 技術詳細
Avatar for oracle4engineer oracle4engineer
PRO
11
77k
SREとソフトウェア開発者の合同チームはどのようにS3のコストを削減したか?
Avatar for Masahiro Yoshizawa muziyoshiz
1
100
Trust as Infrastructure
Avatar for Bryan Cantrill bcantrill
0
310
「Verify with Wallet API」を アプリに導入するために
Avatar for hinakko hinakko
1
230
Azure SynapseからAzure Databricksへ 移行してわかった新時代のコスト問題!?
Avatar for Databricks Japan databricksjapan
0
130
Azure Well-Architected Framework入門
Avatar for tomokusaba tomokusaba
0
280
ZOZOのAI活用実践〜社内基盤からサービス応用まで〜
Avatar for ZOZO Developers zozotech
PRO
0
160
Goにおける 生成AIによるコード生成の ベンチマーク評価入門
Avatar for どすこい daisuketakeda
2
100
空間を設計する力を考える / 20251004 Naoki Takahashi
Avatar for SHIFT EVOLVE shift_evolve
PRO
3
330
SwiftUIのGeometryReaderとScrollViewを基礎から応用まで学び直す:設計と活用事例
Avatar for Fumiya Sakai fumiyasac0921
0
130
定期的な価値提供だけじゃない、スクラムが導くチームの共創化 / 20251004 Naoki Takahashi
Avatar for SHIFT EVOLVE shift_evolve
PRO
3
300
英語は話せません!それでも海外チームと信頼関係を作るため、対話を重ねた2ヶ月間のまなび
Avatar for ニイオカ niioka_97
0
100

Featured

See All Featured
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
30
2.9k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
273
27k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
95
14k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
127
53k
Testing 201, or: Great Expectations
Avatar for Joseph Mastey jmmastey
45
7.7k
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
PRO
23
1.5k
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
110k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
232
18k
How GitHub (no longer) Works
Avatar for Zach Holman holman
315
140k
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
64
7.9k
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
79
6k
Scaling GitHub
Avatar for Zach Holman holman
463
140k

Transcript

  1. Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017

    1

  2. Introduction

  3. Beware of lists 1

  4. Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via

    Wikimedia Commons 2

  5. Nuclear bomb 1By United States Department of Energy [Public domain],

    via Wikimedia Commons 3

  6. Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],

    via Wikimedia Commons 4

  7. Fault Tree Analysis

  8. Loss of cooling 5

  9. Loss of power 6

  10. Inhibit gate 7

  11. E-Commerce 8

  12. E-Commerce 9

  13. How to use your diagram • Consider risk from each

    item 10

  14. How to use your diagram • Consider risk from each

    item • Consider mitigations 10

  15. How to use your diagram • Consider risk from each

    item • Consider mitigations • Not all mitigations will be technical 10

  16. Defence in Depth

  17. A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],

    via Wikimedia Commons 11

  18. Everything is connected 11

  19. Defense in depth 12

  20. Database Access 13

  21. Adding encryption 14

  22. Zonal analysis

  23. United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via

    Wikimedia Commons 15

  24. What can we learn from this? 15

  25. Zonal analysis for security • Administrator passwords 16

  26. Zonal analysis for security • Administrator passwords • Shared systems

    16

  27. Zonal analysis for security • Administrator passwords • Shared systems

    • Operating system vulnerabilities 16

  28. Assume everything is open to the internet. 16

  29. Zonal analysis for data • Look for data hotspots 17

  30. Zonal analysis for data • Look for data hotspots •

    Focus on hotspots 17

  31. Zonal analysis for data • Look for data hotspots •

    Focus on hotspots • Reduce data in hotspots 17

  32. Failing safe

  33. Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons

    18

  34. Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],

    via Wikimedia Commons 19

  35. Failing secure 19

  36. What happens when something goes wrong? 19

  37. Conclusion

  38. Identify undesirable outcomes 19

  39. Layer your defences 19

  40. Look out for single points of failure 19

  41. Handle failures securely 19

  42. Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20