Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Nuclear powered software securty

D5a2aef3c745cca287ddef1948157fd3?s=47 carnage
July 01, 2017
Technology
0
200

Nuclear powered software securty

D5a2aef3c745cca287ddef1948157fd3?s=128

carnage

July 01, 2017
Tweet

More Decks by carnage

See All by carnage
Object re-orientation
D5a2aef3c745cca287ddef1948157fd3?s=48 carnage
2
260
Event Driven Development
D5a2aef3c745cca287ddef1948157fd3?s=48 carnage
0
420
More Secrets of Cryptography
D5a2aef3c745cca287ddef1948157fd3?s=48 carnage
0
200
Microservices vs The distributed monolith
D5a2aef3c745cca287ddef1948157fd3?s=48 carnage
1
1.7k
Passwords and how to handle them
D5a2aef3c745cca287ddef1948157fd3?s=48 carnage
0
190
A storm is brewing
D5a2aef3c745cca287ddef1948157fd3?s=48 carnage
0
53
The secrets of cryptography
D5a2aef3c745cca287ddef1948157fd3?s=48 carnage
0
110
The secrets of cryptography
D5a2aef3c745cca287ddef1948157fd3?s=48 carnage
0
110
You attended talk: An introduction to event sourcing (short)
D5a2aef3c745cca287ddef1948157fd3?s=48 carnage
0
320

Other Decks in Technology

See All in Technology
フィンテック養成勉強会#24
525442fc70ca92f82ae503f826956137?s=48 finengine
0
340
VS Code Meetup #21 - もう一度知りたい基礎編 - ファイル操作、コーディングの基本編
Fc815be82d09a2e922d4000b65b9f83b?s=48 74th
0
200
今 SLI/SLO の監視をするなら Sloth が良さそうという話
Cb17938137021ead2656d0fe58b7c7b1?s=48 shotakitazawa
1
290
Goで実装するブランドネットワークとの接続ポイント
E10d51de51c08e913216385be87dc1ca?s=48 pongzu
2
290
Power BI のうらがわ
0cc2ebc5781bcb2cae5f9ab7efa40ff2?s=48 hanaseleb
1
170
データをコネコネ!メール配信用データ生成の仕組み
Cdb7fe48c050935995f8a6a58a5ceba9?s=48 kappezoro
0
120
開発環境のセキュリティおよびCI/CDパイプラインのセキュア化
Dc03bf56cb3157b6036f9818593d7e40?s=48 rung
PRO
12
5.2k
聊聊 Cgo 的二三事
B3a7c0d5c590642dbce68bce8929a2df?s=48 david74chou
0
340
Settlement simulation testing to ensure correct settlement processing
23e9a5be8e46efd1cf6a07694a047237?s=48 applepine1125
2
1.5k
殺虫剤のパラドックスの真実 / The Truth of The Pesticide Paradox
45b1fa2c7e781175da2a4be78bbfc1f9?s=48 kzsuzuki
1
190
ニコニコ生放送におけるWebフロントエンドBFFサーバーのKubernetes移行事例の紹介
3a206ec7df76023cca167a8886b69672?s=48 himenon
2
500
セキュキャンを卒業してその後
1f745ff900e1be51aedae18cae76593c?s=48 kurochan
0
600

Featured

See All Featured
Mobile First: as difficult as doing things right
0fe2973fa8d27d96547e43322341183a?s=48 swwweet
213
7.6k
The MySQL Ecosystem @ GitHub 2015
Be9caeb9d4ef9944d151af909063ed6e?s=48 samlambert
239
11k
Docker and Python
Ecdea9b9714877b86cee08458f085481?s=48 trallard
27
1.6k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
498
130k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
173
8.6k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
Fd55de4174accaf3b4f030e43a8a70c6?s=48 marcduiker
6
580
Side Projects
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
450
37k
Typedesign – Prime Four
A0517b08532aec8ab2aae3f65d40ad86?s=48 hannesfritz
34
1.4k
Fontdeck: Realign not Redesign
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
73
4.1k
Designing Experiences People Love
1b75d89772b7eea1f6c89fbf362607d9?s=48 moore
130
22k
ReactJS: Keep Simple. Everything can be a component!
Af6a12710770ad9a7cfd08c97efd40d3?s=48 pedronauck
655
120k
Teambox: Starting and Learning
Aebc2d07a50011e2a30d38435fde564a?s=48 jrom
123
7.7k

Transcript

  1. Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017

    1

  2. Introduction

  3. Beware of lists 1

  4. Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via

    Wikimedia Commons 2

  5. Nuclear bomb 1By United States Department of Energy [Public domain],

    via Wikimedia Commons 3

  6. Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],

    via Wikimedia Commons 4

  7. Fault Tree Analysis

  8. Loss of cooling 5

  9. Loss of power 6

  10. Inhibit gate 7

  11. E-Commerce 8

  12. E-Commerce 9

  13. How to use your diagram • Consider risk from each

    item 10

  14. How to use your diagram • Consider risk from each

    item • Consider mitigations 10

  15. How to use your diagram • Consider risk from each

    item • Consider mitigations • Not all mitigations will be technical 10

  16. Defence in Depth

  17. A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],

    via Wikimedia Commons 11

  18. Everything is connected 11

  19. Defense in depth 12

  20. Database Access 13

  21. Adding encryption 14

  22. Zonal analysis

  23. United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via

    Wikimedia Commons 15

  24. What can we learn from this? 15

  25. Zonal analysis for security • Administrator passwords 16

  26. Zonal analysis for security • Administrator passwords • Shared systems

    16

  27. Zonal analysis for security • Administrator passwords • Shared systems

    • Operating system vulnerabilities 16

  28. Assume everything is open to the internet. 16

  29. Zonal analysis for data • Look for data hotspots 17

  30. Zonal analysis for data • Look for data hotspots •

    Focus on hotspots 17

  31. Zonal analysis for data • Look for data hotspots •

    Focus on hotspots • Reduce data in hotspots 17

  32. Failing safe

  33. Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons

    18

  34. Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],

    via Wikimedia Commons 19

  35. Failing secure 19

  36. What happens when something goes wrong? 19

  37. Conclusion

  38. Identify undesirable outcomes 19

  39. Layer your defences 19

  40. Look out for single points of failure 19

  41. Handle failures securely 19

  42. Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20