Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security design in web applications
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Jester
April 16, 2016
Technology
0
230
Security design in web applications
This is about Inner and Outer security in Web application
Jester
April 16, 2016
Tweet
Share
More Decks by Jester
See All by Jester
Ruby Chat Bots: Work and Fun together
jesterovskiy
0
65
Epic API Fight
jesterovskiy
0
93
Other Decks in Technology
See All in Technology
Bill One急成長の舞台裏 開発組織が直面した失敗と教訓
sansantech
PRO
2
380
What happened to RubyGems and what can we learn?
mikemcquaid
0
300
セキュリティについて学ぶ会 / 2026 01 25 Takamatsu WordPress Meetup
rocketmartue
1
300
SRE Enabling戦記 - 急成長する組織にSREを浸透させる戦いの歴史
markie1009
0
120
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
1k
日本の85%が使う公共SaaSは、どう育ったのか
taketakekaho
1
220
AzureでのIaC - Bicep? Terraform? それ早く言ってよ会議
torumakabe
1
560
小さく始めるBCP ― 多プロダクト環境で始める最初の一歩
kekke_n
1
420
こんなところでも(地味に)活躍するImage Modeさんを知ってるかい?- Image Mode for OpenShift -
tsukaman
0
140
データの整合性を保ちたいだけなんだ
shoheimitani
8
3.1k
登壇駆動学習のすすめ — CfPのネタの見つけ方と書くときに意識していること
bicstone
3
110
生成AIを活用した音声文字起こしシステムの2つの構築パターンについて
miu_crescent
PRO
2
210
Featured
See All Featured
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
10
1.1k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
270
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
250
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
231
22k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
2.1k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.8k
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
1
300
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
0
180
Agile that works and the tools we love
rasmusluckow
331
21k
We Have a Design System, Now What?
morganepeng
54
8k
The AI Search Optimization Roadmap by Aleyda Solis
aleyda
1
5.2k
Building a A Zero-Code AI SEO Workflow
portentint
PRO
0
310
Transcript
Security design in web applications
Aleksey Dashkevych RubyDev/SysAdmin twitter://dash_as facebook://aleksey.dashkevich github://jesterovskiy
“software has been designed from the ground up to be
secure” C.O. Secure by design
Outer Security Inner Security
Ideal Situation Real Life
None
None
None
User Outer Connection Application DB
User
Linux/OSX Firewall Secure PC White noise generator Ideal
Keep password in mind or use pass saver Make password
strong Change password each period of time Real Keep additional data (DOB, phone)
Connection
Cable VPN … Ideal
SSL SSL updates SRP protocol Real …
Application
Pure HTML Static pages … Ideal
CDN Authentification Authorization Real CRF, XSS
DB
Encryption Tape Drive backup Backup? … Ideal
Backup! Access rights bcrypt/scrypt Real Salt + Verifier (SRP protocol)
Inner Application
Storing API keys in ENV variables Access rights CI Real
Prod, Staging, Testing instances
Test coverage Verify SSL security Real Check libs source code
simplecov gem SSLLabs, DigiCert SSL Mutation testing mutant gem
Make logs simply accessible Security headers Styleguide Real secureheaders gem
rubocop gem Security Policy
Thank You is hiring =)
jesterovskiy
sansantech
mikemcquaid
rocketmartue
markie1009
sansan33
taketakekaho
torumakabe
kekke_n
tsukaman
shoheimitani
bicstone
miu_crescent
addyosmani
akashhashmi
skipperchong
danielanewman
garrettdimon
reverentgeek
jct
apolaine
rasmusluckow
morganepeng
aleyda
portentint
