$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security design in web applications
Search
Jester
April 16, 2016
Technology
0
220
Security design in web applications
This is about Inner and Outer security in Web application
Jester
April 16, 2016
Tweet
Share
More Decks by Jester
See All by Jester
Ruby Chat Bots: Work and Fun together
jesterovskiy
0
63
Epic API Fight
jesterovskiy
0
91
Other Decks in Technology
See All in Technology
新 Security HubがついにGA!仕組みや料金を深堀り #AWSreInvent #regrowth / AWS Security Hub Advanced GA
masahirokawahara
1
1.3k
生成AI時代の自動E2Eテスト運用とPlaywright実践知_引持力哉
legalontechnologies
PRO
0
210
形式手法特論:CEGAR を用いたモデル検査の状態空間削減 #kernelvm / Kernel VM Study Hokuriku Part 8
ytaka23
2
440
最近のLinux普段づかいWaylandデスクトップ元年
penguin2716
1
660
Gemini でコードレビュー知見を見える化
zozotech
PRO
1
180
多様なデジタルアイデンティティを攻撃からどうやって守るのか / 20251212
ayokura
0
140
[CMU-DB-2025FALL] Apache Fluss - A Streaming Storage for Real-Time Lakehouse
jark
0
110
GitHub Copilotを使いこなす 実例に学ぶAIコーディング活用術
74th
3
1.2k
第4回 「メタデータ通り」 リアル開催
datayokocho
0
110
Edge AI Performance on Zephyr Pico vs. Pico 2
iotengineer22
0
110
AWS Trainium3 をちょっと身近に感じたい
bigmuramura
1
120
直接メモリアクセス
koba789
0
280
Featured
See All Featured
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
253
22k
Imperfection Machines: The Place of Print at Facebook
scottboms
269
13k
How STYLIGHT went responsive
nonsquared
100
5.9k
Reflections from 52 weeks, 52 projects
jeffersonlam
355
21k
Statistics for Hackers
jakevdp
799
230k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.5k
What's in a price? How to price your products and services
michaelherold
246
12k
Art, The Web, and Tiny UX
lynnandtonic
303
21k
Thoughts on Productivity
jonyablonski
73
5k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
9
1k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.3k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
659
61k
Transcript
Security design in web applications
Aleksey Dashkevych RubyDev/SysAdmin twitter://dash_as facebook://aleksey.dashkevich github://jesterovskiy
“software has been designed from the ground up to be
secure” C.O. Secure by design
Outer Security Inner Security
Ideal Situation Real Life
None
None
None
User Outer Connection Application DB
User
Linux/OSX Firewall Secure PC White noise generator Ideal
Keep password in mind or use pass saver Make password
strong Change password each period of time Real Keep additional data (DOB, phone)
Connection
Cable VPN … Ideal
SSL SSL updates SRP protocol Real …
Application
Pure HTML Static pages … Ideal
CDN Authentification Authorization Real CRF, XSS
DB
Encryption Tape Drive backup Backup? … Ideal
Backup! Access rights bcrypt/scrypt Real Salt + Verifier (SRP protocol)
Inner Application
Storing API keys in ENV variables Access rights CI Real
Prod, Staging, Testing instances
Test coverage Verify SSL security Real Check libs source code
simplecov gem SSLLabs, DigiCert SSL Mutation testing mutant gem
Make logs simply accessible Security headers Styleguide Real secureheaders gem
rubocop gem Security Policy
Thank You is hiring =)
jesterovskiy
masahirokawahara
legalontechnologies
ytaka23
penguin2716
zozotech
ayokura
jark
74th
datayokocho
iotengineer22
bigmuramura
koba789
smashingmag
scottboms
nonsquared
jeffersonlam
jakevdp
philnash
michaelherold
lynnandtonic
jonyablonski
addyosmani
marcduiker
lemiorhan
