Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Nuclear powered software securty
Search
carnage
July 01, 2017
Technology
0
330
Nuclear powered software securty
carnage
July 01, 2017
Tweet
Share
More Decks by carnage
See All by carnage
Object re-orientation
carnage
2
390
Event Driven Development
carnage
0
490
More Secrets of Cryptography
carnage
0
320
Microservices vs The distributed monolith
carnage
1
2k
Passwords and how to handle them
carnage
0
260
A storm is brewing
carnage
0
75
The secrets of cryptography
carnage
0
130
The secrets of cryptography
carnage
0
130
You attended talk: An introduction to event sourcing (short)
carnage
0
480
Other Decks in Technology
See All in Technology
レガシーをぶっ壊せ。AEONで始めるDevRelの話 / Qiita Night 2024-2-22
aeonpeople
3
1.3k
非同期推論システムによるコスト削減と信頼性向上
koki_nishihara
0
240
Kernel MemoryでAzure OpenAI Serviceとお手軽データソース連携
mitsuzono
1
240
一生覚えておきたい「システム開発=コミュニケーション」〜初めての実務案件振り返りLT〜
maimyyym
0
130
ここが嬉しいABAC ここが辛いよABAC #再解説+補足編
masahirokawahara
1
270
web-application-security
matsuihidetoshi
0
160
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.9k
現代CSSフレームワークの内部実装とその仕組み
poteboy
8
3.6k
Next'24 事例セッションの紹介とクラウド資格を活用したキャリア形成について語りMuscle
yasumuusan
1
440
[新卒向け研修資料] テスト文字列に「うんこ」と入れるな(2024年版)
infiniteloop_inc
4
13k
20240416_devopsdaystokyo
kzkmaeda
1
220
20240418_Google ColabにLLMが搭載されたようなのでPython x データ分析の勉強方法を考えてみる
doradora09
0
130
Featured
See All Featured
Happy Clients
brianwarren
92
6.4k
Designing for humans not robots
tammielis
248
25k
GraphQLの誤解/rethinking-graphql
sonatard
50
9.2k
Pencils Down: Stop Designing & Start Developing
hursman
117
11k
GraphQLとの向き合い方2022年版
quramy
32
12k
Navigating Team Friction
lara
178
13k
Typedesign – Prime Four
hannesfritz
36
2.1k
Scaling GitHub
holman
457
140k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
40
4.4k
Why You Should Never Use an ORM
jnunemaker
PRO
51
8.6k
Teambox: Starting and Learning
jrom
128
8.4k
Mobile First: as difficult as doing things right
swwweet
216
8.6k
Transcript
Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017
1
Introduction
Beware of lists 1
Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via
Wikimedia Commons 2
Nuclear bomb 1By United States Department of Energy [Public domain],
via Wikimedia Commons 3
Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],
via Wikimedia Commons 4
Fault Tree Analysis
Loss of cooling 5
Loss of power 6
Inhibit gate 7
E-Commerce 8
E-Commerce 9
How to use your diagram • Consider risk from each
item 10
How to use your diagram • Consider risk from each
item • Consider mitigations 10
How to use your diagram • Consider risk from each
item • Consider mitigations • Not all mitigations will be technical 10
Defence in Depth
A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],
via Wikimedia Commons 11
Everything is connected 11
Defense in depth 12
Database Access 13
Adding encryption 14
Zonal analysis
United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via
Wikimedia Commons 15
What can we learn from this? 15
Zonal analysis for security • Administrator passwords 16
Zonal analysis for security • Administrator passwords • Shared systems
16
Zonal analysis for security • Administrator passwords • Shared systems
• Operating system vulnerabilities 16
Assume everything is open to the internet. 16
Zonal analysis for data • Look for data hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots • Reduce data in hotspots 17
Failing safe
Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons
18
Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],
via Wikimedia Commons 19
Failing secure 19
What happens when something goes wrong? 19
Conclusion
Identify undesirable outcomes 19
Layer your defences 19
Look out for single points of failure 19
Handle failures securely 19
Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20