$30 off During Our Annual Pro Sale. View Details »

Security design in web applications

Jester
April 16, 2016
Technology
0
160

Security design in web applications

This is about Inner and Outer security in Web application

Jester

April 16, 2016
Tweet

More Decks by Jester

See All by Jester
Ruby Chat Bots: Work and Fun together
jesterovskiy
0
48
Epic API Fight
jesterovskiy
0
77

Other Decks in Technology

See All in Technology
【Quollio】メタデータ・マネジメント入門
rytmq
PRO
6
1.7k
Next decade of Rails Girls and the community
okuramasafumi
1
120
Code Graphology
fr0gger
0
130
TreasureData Tech Talk 2022 - Journey to Improve Stability and Scalability of Plazma
yajirobee
0
210
API Gateway ご紹介 / api-gateway-overview
oracle4engineer
PRO
0
400
ローコードツールを用いてチーム全員で自動テスト導入 -mabl で自動テスト-
jkubota
0
580
ソフトウェアアーキテクチャ・ ハードパーツ: Software Architecture The Hard Parts
snoozer05
PRO
8
3.7k
re:Growth2022「Analytics系アップデートまとめ」
sutotakeshi
0
160
Next.jsチョットデキル!サイトの規模やページ特性に合わせた開発テクニック
hanetsuki
2
1.4k
Oracle Exadata Database Service:サービス概要のご紹介
oracle4engineer
PRO
0
1.9k
Unlearn Software Quality: Redefine What Should Be Really Cared
lemiorhan
1
480
20221130-elastic-seminar
yutakawasaki0911
0
140

Featured

See All Featured
Building Better People: How to give real-time feedback that sticks.
wjessup
344
17k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
236
1.1M
Product Roadmaps are Hard
iamctodd
35
7.5k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
1
310
Fashionably flexible responsive web design (full day workshop)
malarkey
396
63k
What’s in a name? Adding method to the madness
productmarketing
11
1.8k
Faster Mobile Websites
deanohume
294
29k
GraphQLとの向き合い方2022年版
quramy
19
9.4k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
21
1.6k
A Tale of Four Properties
chriscoyier
149
21k
Building an army of robots
kneath
301
40k
The Web Native Designer (August 2011)
paulrobertlloyd
76
2.1k

Transcript

  1. Security design in web applications

  2. Aleksey Dashkevych RubyDev/SysAdmin twitter://dash_as facebook://aleksey.dashkevich github://jesterovskiy

  3. “software has been designed from the ground up to be

    secure” C.O. Secure by design

  4. Outer Security Inner Security

  5. Ideal Situation Real Life

  6. None
  7. None
  8. None

  9. User Outer Connection Application DB

  10. User

  11. Linux/OSX Firewall Secure PC White noise generator Ideal

  12. Keep password in mind or use pass saver Make password

    strong Change password each period of time Real Keep additional data (DOB, phone)

  13. Connection

  14. Cable VPN … Ideal

  15. SSL SSL updates SRP protocol Real …

  16. Application

  17. Pure HTML Static pages … Ideal

  18. CDN Authentification Authorization Real CRF, XSS

  19. DB

  20. Encryption Tape Drive backup Backup? … Ideal

  21. Backup! Access rights bcrypt/scrypt Real Salt + Verifier (SRP protocol)

  22. Inner Application

  23. Storing API keys in ENV variables Access rights CI Real

    Prod, Staging, Testing instances

  24. Test coverage Verify SSL security Real Check libs source code

    simplecov gem SSLLabs, DigiCert SSL Mutation testing mutant gem

  25. Make logs simply accessible Security headers Styleguide Real secureheaders gem

    rubocop gem Security Policy

  26. Thank You is hiring =)