Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Nuclear powered software securty
Search
carnage
July 01, 2017
Technology
470
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Nuclear powered software securty
carnage
July 01, 2017
More Decks by carnage
See All by carnage
Object re-orientation
carnage
2
550
Event Driven Development
carnage
0
610
More Secrets of Cryptography
carnage
0
450
Microservices vs The distributed monolith
carnage
1
2.4k
Passwords and how to handle them
carnage
0
440
A storm is brewing
carnage
0
110
The secrets of cryptography
carnage
0
210
The secrets of cryptography
carnage
0
210
You attended talk: An introduction to event sourcing (short)
carnage
0
710
Other Decks in Technology
See All in Technology
打造你的 AI 工作流:Agent Skill + MCP 實戰工作坊
appleboy
0
340
AWS Summit 2026で見えたSIerにとっての Amazon Quickの位置づけ
maf_0521
0
150
Kotlin 開発のツラミを爆破した話! / Explode the difficulty of Kotlin dev!
eller86
0
130
Hatena Engineer Seminar 37 jj1uzh
jj1uzh
0
400
Foundry Toolkit + Lemonade Serverでローカルワークフロー開発
seosoft
0
120
徹底討論!ECS vs EKS!
daitak
3
1.8k
『AIに負けない』より『AIと遊ぶ』」〜ワクワクが最強のテスト・QA学習戦略_公開用
odan611
1
330
製造現場での生成AIの活用、およびエージェントAIの実装のあり方、AVEVAの取り組み
iotcomjpadmin
0
210
RAGの精度向上とエージェント活用
kintotechdev
2
110
トークン最適化のためのユーザーストーリー分析 / User Story Analysis for Token Optimization
oomatomo
0
160
FinOps X 2026 Recap from Engineer Side #JapanFinOps
chacco38
0
230
きのこカンファレンス2026_肩書きを外したとき私は誰か
yamasatimi
1
120
Featured
See All Featured
The Cost Of JavaScript in 2023
addyosmani
55
10k
Between Models and Reality
mayunak
4
360
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
auna
0
180
Crafting Experiences
bethany
1
200
Faster Mobile Websites
deanohume
310
32k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
49
10k
Navigating Team Friction
lara
192
16k
Paper Plane (Part 1)
katiecoart
PRO
0
9.4k
Git: the NoSQL Database
bkeepers
PRO
432
67k
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.9k
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
uxyall
0
330
Transcript
Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017
1
Introduction
Beware of lists 1
Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via
Wikimedia Commons 2
Nuclear bomb 1By United States Department of Energy [Public domain],
via Wikimedia Commons 3
Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],
via Wikimedia Commons 4
Fault Tree Analysis
Loss of cooling 5
Loss of power 6
Inhibit gate 7
E-Commerce 8
E-Commerce 9
How to use your diagram • Consider risk from each
item 10
How to use your diagram • Consider risk from each
item • Consider mitigations 10
How to use your diagram • Consider risk from each
item • Consider mitigations • Not all mitigations will be technical 10
Defence in Depth
A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],
via Wikimedia Commons 11
Everything is connected 11
Defense in depth 12
Database Access 13
Adding encryption 14
Zonal analysis
United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via
Wikimedia Commons 15
What can we learn from this? 15
Zonal analysis for security • Administrator passwords 16
Zonal analysis for security • Administrator passwords • Shared systems
16
Zonal analysis for security • Administrator passwords • Shared systems
• Operating system vulnerabilities 16
Assume everything is open to the internet. 16
Zonal analysis for data • Look for data hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots • Reduce data in hotspots 17
Failing safe
Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons
18
Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],
via Wikimedia Commons 19
Failing secure 19
What happens when something goes wrong? 19
Conclusion
Identify undesirable outcomes 19
Layer your defences 19
Look out for single points of failure 19
Handle failures securely 19
Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20