Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Nuclear powered software securty
Search
carnage
July 01, 2017
Technology
0
460
Nuclear powered software securty
carnage
July 01, 2017
Tweet
Share
More Decks by carnage
See All by carnage
Object re-orientation
carnage
2
530
Event Driven Development
carnage
0
600
More Secrets of Cryptography
carnage
0
430
Microservices vs The distributed monolith
carnage
1
2.4k
Passwords and how to handle them
carnage
0
410
A storm is brewing
carnage
0
100
The secrets of cryptography
carnage
0
200
The secrets of cryptography
carnage
0
180
You attended talk: An introduction to event sourcing (short)
carnage
0
680
Other Decks in Technology
See All in Technology
The_Evolution_of_Bits_AI_SRE.pdf
nulabinc
PRO
0
250
実践 Datadog MCP Server
nulabinc
PRO
2
250
2026年もソフトウェアサプライチェーンのリスクに立ち向かうために / Product Security Square #3
flatt_security
1
710
AI時代のSaaSとETL
shoe116
1
200
Phase01_AI座学_基礎
overflowinc
0
210
AWSの資格って役に立つの?
tk3fftk
2
370
「お金で解決」が全てではない!大規模WebアプリのCI高速化 #phperkaigi
stefafafan
4
1.9k
「コントロールの三分法」で考える「コト」への向き合い方 / phperkaigi2026
blue_goheimochi
0
100
Cortex Code CLI と一緒に進めるAgentic Data Engineering
__allllllllez__
0
510
WebアクセシビリティをCI/CDで担保する ― axe DevTools × Playwright C#実践ガイド
tomokusaba
2
200
NewSQL_ ストレージ分離と分散合意を用いたスケーラブルアーキテクチャ
hacomono
PRO
4
420
Goのerror型がシンプルであることの恩恵について理解する
yamatai1212
1
270
Featured
See All Featured
We Have a Design System, Now What?
morganepeng
55
8k
My Coaching Mixtape
mlcsv
0
80
Designing for humans not robots
tammielis
254
26k
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
livdayseo
0
85
The World Runs on Bad Software
bkeepers
PRO
72
12k
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
690
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
90
Tell your own story through comics
letsgokoyo
1
850
Test your architecture with Archunit
thirion
1
2.2k
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
baasie
0
260
Facilitating Awesome Meetings
lara
57
6.8k
Impact Scores and Hybrid Strategies: The future of link building
tamaranovitovic
0
230
Transcript
Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017
1
Introduction
Beware of lists 1
Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via
Wikimedia Commons 2
Nuclear bomb 1By United States Department of Energy [Public domain],
via Wikimedia Commons 3
Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],
via Wikimedia Commons 4
Fault Tree Analysis
Loss of cooling 5
Loss of power 6
Inhibit gate 7
E-Commerce 8
E-Commerce 9
How to use your diagram • Consider risk from each
item 10
How to use your diagram • Consider risk from each
item • Consider mitigations 10
How to use your diagram • Consider risk from each
item • Consider mitigations • Not all mitigations will be technical 10
Defence in Depth
A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],
via Wikimedia Commons 11
Everything is connected 11
Defense in depth 12
Database Access 13
Adding encryption 14
Zonal analysis
United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via
Wikimedia Commons 15
What can we learn from this? 15
Zonal analysis for security • Administrator passwords 16
Zonal analysis for security • Administrator passwords • Shared systems
16
Zonal analysis for security • Administrator passwords • Shared systems
• Operating system vulnerabilities 16
Assume everything is open to the internet. 16
Zonal analysis for data • Look for data hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots • Reduce data in hotspots 17
Failing safe
Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons
18
Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],
via Wikimedia Commons 19
Failing secure 19
What happens when something goes wrong? 19
Conclusion
Identify undesirable outcomes 19
Layer your defences 19
Look out for single points of failure 19
Handle failures securely 19
Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20
carnage
nulabinc
flatt_security
shoe116
overflowinc
tk3fftk
stefafafan
blue_goheimochi
__allllllllez__
tomokusaba
hacomono
yamatai1212
morganepeng
mlcsv
tammielis
livdayseo
bkeepers
nmsamuel
stuffmc
letsgokoyo
thirion
baasie
lara
tamaranovitovic
![Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_3.jpg){kind=link}
![Nuclear bomb 1By United States Department of Energy [Public domain],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_4.jpg){kind=link}
![Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_5.jpg){kind=link}
![A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_16.jpg){kind=link}
![United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_22.jpg){kind=link}
![Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_32.jpg){kind=link}
![Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_33.jpg){kind=link}
