Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security design in web applications
Search
Jester
April 16, 2016
Technology
0
220
Security design in web applications
This is about Inner and Outer security in Web application
Jester
April 16, 2016
Tweet
Share
More Decks by Jester
See All by Jester
Ruby Chat Bots: Work and Fun together
jesterovskiy
0
64
Epic API Fight
jesterovskiy
0
91
Other Decks in Technology
See All in Technology
20251209_WAKECareer_生成AIを活用した設計・開発プロセス
syobochim
7
1.5k
品質のための共通認識
kakehashi
PRO
3
260
[CMU-DB-2025FALL] Apache Fluss - A Streaming Storage for Real-Time Lakehouse
jark
0
120
OCI Oracle Database Services新機能アップデート(2025/09-2025/11)
oracle4engineer
PRO
1
180
Snowflakeでデータ基盤を もう一度作り直すなら / rebuilding-data-platform-with-snowflake
pei0804
5
1.5k
EM歴1年10ヶ月のぼくがぶち当たった苦悩とこれからへ向けて
maaaato
0
280
年間40件以上の登壇を続けて見えた「本当の発信力」/ 20251213 Masaki Okuda
shift_evolve
PRO
1
130
会社紹介資料 / Sansan Company Profile
sansan33
PRO
11
390k
Lambdaの常識はどう変わる?!re:Invent 2025 before after
iwatatomoya
1
500
Database イノベーショントークを振り返る/reinvent-2025-database-innovation-talk-recap
emiki
0
170
WordPress は終わったのか ~今のWordPress の制作手法ってなにがあんねん?~ / Is WordPress Over? How We Build with WordPress Today
tbshiki
1
760
評価駆動開発で不確実性を制御する - MLflow 3が支えるエージェント開発
databricksjapan
1
180
Featured
See All Featured
What’s in a name? Adding method to the madness
productmarketing
PRO
24
3.8k
The Art of Programming - Codeland 2020
erikaheidi
56
14k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.6k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Bash Introduction
62gerente
615
210k
Site-Speed That Sticks
csswizardry
13
1k
Java REST API Framework Comparison - PWX 2021
mraible
34
9k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3.2k
Building a Modern Day E-commerce SEO Strategy
aleyda
45
8.3k
Statistics for Hackers
jakevdp
799
230k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.8k
A Modern Web Designer's Workflow
chriscoyier
698
190k
Transcript
Security design in web applications
Aleksey Dashkevych RubyDev/SysAdmin twitter://dash_as facebook://aleksey.dashkevich github://jesterovskiy
“software has been designed from the ground up to be
secure” C.O. Secure by design
Outer Security Inner Security
Ideal Situation Real Life
None
None
None
User Outer Connection Application DB
User
Linux/OSX Firewall Secure PC White noise generator Ideal
Keep password in mind or use pass saver Make password
strong Change password each period of time Real Keep additional data (DOB, phone)
Connection
Cable VPN … Ideal
SSL SSL updates SRP protocol Real …
Application
Pure HTML Static pages … Ideal
CDN Authentification Authorization Real CRF, XSS
DB
Encryption Tape Drive backup Backup? … Ideal
Backup! Access rights bcrypt/scrypt Real Salt + Verifier (SRP protocol)
Inner Application
Storing API keys in ENV variables Access rights CI Real
Prod, Staging, Testing instances
Test coverage Verify SSL security Real Check libs source code
simplecov gem SSLLabs, DigiCert SSL Mutation testing mutant gem
Make logs simply accessible Security headers Styleguide Real secureheaders gem
rubocop gem Security Policy
Thank You is hiring =)
jesterovskiy
syobochim
kakehashi
jark
oracle4engineer
pei0804
maaaato
shift_evolve
sansan33
iwatatomoya
emiki
tbshiki
databricksjapan
productmarketing
erikaheidi
thoeni
samlambert
62gerente
csswizardry
mraible
eileencodes
aleyda
jakevdp
reverentgeek
chriscoyier
