Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Nuclear powered software securty
Search
carnage
July 01, 2017
Technology
0
350
Nuclear powered software securty
carnage
July 01, 2017
Tweet
Share
More Decks by carnage
See All by carnage
Object re-orientation
carnage
2
420
Event Driven Development
carnage
0
510
More Secrets of Cryptography
carnage
0
340
Microservices vs The distributed monolith
carnage
1
2k
Passwords and how to handle them
carnage
0
280
A storm is brewing
carnage
0
80
The secrets of cryptography
carnage
0
130
The secrets of cryptography
carnage
0
130
You attended talk: An introduction to event sourcing (short)
carnage
0
530
Other Decks in Technology
See All in Technology
楽しくGoを学び合う、LayerXの勉強会文化 / LayerX's study culture of having fun and learning Go together
ar_tama
2
350
Flutter研修【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
160
ペパボのオブザーバビリティ研修2024 説明資料
kesompochy
0
1.1k
エンジニアの生存戦略 〜クラウド潮流の経験から紐解く技術トレンドのメカニズムと乗りこなし方〜
shimy
9
1.9k
開発と事業を繋ぐ!SREのオブザーバビリティ戦略 ~ Developers Summit 2024 Summer ~
leveragestech
0
630
可視化プラットフォームGrafanaの基本と活用方法の全て
hamadakoji
0
230
What if...? 처음부터 다시 LLM 어플리케이션을 개발한다면
huffon
0
1k
[NIKKEI Tech Talk]Bias for Action!! 実践から学ぶための仕組とコミュニティ / Community for Practice and Learning
kanamasa
0
270
AOAI Dev Day LLMシステム開発 Tips集
hirosatogamo
15
3.7k
Classmethod流のPlatform Engineering / classmethod-platform-engineering-devio2024
tomoki10
0
470
エンジニア向け会社紹介資料
caddi_eng
14
220k
AI研修【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
130
Featured
See All Featured
ReactJS: Keep Simple. Everything can be a component!
pedronauck
662
120k
No one is an island. Learnings from fostering a developers community.
thoeni
17
2.8k
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
Building a Modern Day E-commerce SEO Strategy
aleyda
25
6.7k
10 Git Anti Patterns You Should be Aware of
lemiorhan
652
58k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
277
13k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
189
16k
Fantastic passwords and where to find them - at NoRuKo
philnash
42
2.7k
GraphQLの誤解/rethinking-graphql
sonatard
59
9.6k
Imperfection Machines: The Place of Print at Facebook
scottboms
262
13k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
35
6.3k
What the flash - Photography Introduction
edds
65
11k
Transcript
Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017
1
Introduction
Beware of lists 1
Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via
Wikimedia Commons 2
Nuclear bomb 1By United States Department of Energy [Public domain],
via Wikimedia Commons 3
Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],
via Wikimedia Commons 4
Fault Tree Analysis
Loss of cooling 5
Loss of power 6
Inhibit gate 7
E-Commerce 8
E-Commerce 9
How to use your diagram • Consider risk from each
item 10
How to use your diagram • Consider risk from each
item • Consider mitigations 10
How to use your diagram • Consider risk from each
item • Consider mitigations • Not all mitigations will be technical 10
Defence in Depth
A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],
via Wikimedia Commons 11
Everything is connected 11
Defense in depth 12
Database Access 13
Adding encryption 14
Zonal analysis
United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via
Wikimedia Commons 15
What can we learn from this? 15
Zonal analysis for security • Administrator passwords 16
Zonal analysis for security • Administrator passwords • Shared systems
16
Zonal analysis for security • Administrator passwords • Shared systems
• Operating system vulnerabilities 16
Assume everything is open to the internet. 16
Zonal analysis for data • Look for data hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots • Reduce data in hotspots 17
Failing safe
Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons
18
Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],
via Wikimedia Commons 19
Failing secure 19
What happens when something goes wrong? 19
Conclusion
Identify undesirable outcomes 19
Layer your defences 19
Look out for single points of failure 19
Handle failures securely 19
Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20