Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Nuclear powered software securty

carnage
July 01, 2017
Technology
0
330

Nuclear powered software securty

carnage

July 01, 2017
Tweet

More Decks by carnage

See All by carnage
Object re-orientation
carnage
2
390
Event Driven Development
carnage
0
490
More Secrets of Cryptography
carnage
0
320
Microservices vs The distributed monolith
carnage
1
2k
Passwords and how to handle them
carnage
0
260
A storm is brewing
carnage
0
75
The secrets of cryptography
carnage
0
130
The secrets of cryptography
carnage
0
130
You attended talk: An introduction to event sourcing (short)
carnage
0
480

Other Decks in Technology

See All in Technology
レガシーをぶっ壊せ。AEONで始めるDevRelの話 / Qiita Night 2024-2-22
aeonpeople
3
1.3k
非同期推論システムによるコスト削減と信頼性向上
koki_nishihara
0
240
Kernel MemoryでAzure OpenAI Serviceとお手軽データソース連携
mitsuzono
1
240
一生覚えておきたい「システム開発=コミュニケーション」〜初めての実務案件振り返りLT〜
maimyyym
0
130
ここが嬉しいABAC ここが辛いよABAC #再解説+補足編
masahirokawahara
1
270
web-application-security
matsuihidetoshi
0
160
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.9k
現代CSSフレームワークの内部実装とその仕組み
poteboy
8
3.6k
Next'24 事例セッションの紹介とクラウド資格を活用したキャリア形成について語りMuscle
yasumuusan
1
440
[新卒向け研修資料] テスト文字列に「うんこ」と入れるな(2024年版)
infiniteloop_inc
4
13k
20240416_devopsdaystokyo
kzkmaeda
1
220
20240418_Google ColabにLLMが搭載されたようなのでPython x データ分析の勉強方法を考えてみる
doradora09
0
130

Featured

See All Featured
Happy Clients
brianwarren
92
6.4k
Designing for humans not robots
tammielis
248
25k
GraphQLの誤解/rethinking-graphql
sonatard
50
9.2k
Pencils Down: Stop Designing & Start Developing
hursman
117
11k
GraphQLとの向き合い方2022年版
quramy
32
12k
Navigating Team Friction
lara
178
13k
Typedesign – Prime Four
hannesfritz
36
2.1k
Scaling GitHub
holman
457
140k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
40
4.4k
Why You Should Never Use an ORM
jnunemaker
PRO
51
8.6k
Teambox: Starting and Learning
jrom
128
8.4k
Mobile First: as difficult as doing things right
swwweet
216
8.6k

Transcript

  1. Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017

    1

  2. Introduction

  3. Beware of lists 1

  4. Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via

    Wikimedia Commons 2

  5. Nuclear bomb 1By United States Department of Energy [Public domain],

    via Wikimedia Commons 3

  6. Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],

    via Wikimedia Commons 4

  7. Fault Tree Analysis

  8. Loss of cooling 5

  9. Loss of power 6

  10. Inhibit gate 7

  11. E-Commerce 8

  12. E-Commerce 9

  13. How to use your diagram • Consider risk from each

    item 10

  14. How to use your diagram • Consider risk from each

    item • Consider mitigations 10

  15. How to use your diagram • Consider risk from each

    item • Consider mitigations • Not all mitigations will be technical 10

  16. Defence in Depth

  17. A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],

    via Wikimedia Commons 11

  18. Everything is connected 11

  19. Defense in depth 12

  20. Database Access 13

  21. Adding encryption 14

  22. Zonal analysis

  23. United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via

    Wikimedia Commons 15

  24. What can we learn from this? 15

  25. Zonal analysis for security • Administrator passwords 16

  26. Zonal analysis for security • Administrator passwords • Shared systems

    16

  27. Zonal analysis for security • Administrator passwords • Shared systems

    • Operating system vulnerabilities 16

  28. Assume everything is open to the internet. 16

  29. Zonal analysis for data • Look for data hotspots 17

  30. Zonal analysis for data • Look for data hotspots •

    Focus on hotspots 17

  31. Zonal analysis for data • Look for data hotspots •

    Focus on hotspots • Reduce data in hotspots 17

  32. Failing safe

  33. Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons

    18

  34. Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],

    via Wikimedia Commons 19

  35. Failing secure 19

  36. What happens when something goes wrong? 19

  37. Conclusion

  38. Identify undesirable outcomes 19

  39. Layer your defences 19

  40. Look out for single points of failure 19

  41. Handle failures securely 19

  42. Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20