Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security design in web applications

Avatar for Jester Jester
April 16, 2016
Technology
0
210

Security design in web applications

This is about Inner and Outer security in Web application
Avatar for Jester

Jester

April 16, 2016
Tweet

More Decks by Jester

See All by Jester
Ruby Chat Bots: Work and Fun together
Avatar for Jester jesterovskiy
0
57
Epic API Fight
Avatar for Jester jesterovskiy
0
87

Other Decks in Technology

See All in Technology
Maintainer Meetupで「生の声」を聞く ~講演だけじゃないKubeCon
Avatar for Takuto Nagami logica0419
0
120
“日本一のM&A企業”を支える、少人数SREの効率化戦略 / SRE NEXT 2025
Avatar for GENDA genda
1
280
毎晩の 負荷試験自動実行による効果
Avatar for Recruit recruitengineers
PRO
5
190
SREのためのeBPF活用ステップアップガイド
Avatar for Sohei Iwahori egmc
2
1.3k
低レイヤソフトウェア技術者が YouTuberとして食っていこうとした話
Avatar for Satoru Takeuchi sat
PRO
6
5.1k
AIでテストプロセス自動化に挑戦する
Avatar for K_SAK sakatakazunori
1
560
第64回コンピュータビジョン勉強会「The PanAf-FGBG Dataset: Understanding the Impact of Backgrounds in Wildlife Behaviour Recognition」
Avatar for Tatsuya Suzuki x_ttyszk
0
250
AWS Well-Architected から考えるオブザーバビリティの勘所 / Considering the Essentials of Observability from AWS Well-Architected
Avatar for SMS tech sms_tech
1
440
CDK Vibe Coding Fes
Avatar for tomoki10 tomoki10
1
640
TROCCO今昔
Avatar for gtnao gtnao
0
100
Introduction to Sansan for Engineers / エンジニア向け会社紹介
Avatar for Sansan, Inc. sansan33
PRO
5
39k
スタックチャン家庭用アシスタントへの道
Avatar for Hiroyuki Kaneko kanekoh
0
130

Featured

See All Featured
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
301
51k
It's Worth the Effort
Avatar for 3n 3n
185
28k
BBQ
Avatar for Matthew Crist matthewcrist
89
9.7k
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
189
11k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
35
6.7k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
271
27k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
379
70k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
72
4.9k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
140
7k
Git: the NoSQL Database
Avatar for Brandon Keepers bkeepers
PRO
430
65k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
367
19k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
35
2.4k

Transcript

  1. Security design in web applications

  2. Aleksey Dashkevych RubyDev/SysAdmin twitter://dash_as facebook://aleksey.dashkevich github://jesterovskiy

  3. “software has been designed from the ground up to be

    secure” C.O. Secure by design

  4. Outer Security Inner Security

  5. Ideal Situation Real Life

  6. None
  7. None
  8. None

  9. User Outer Connection Application DB

  10. User

  11. Linux/OSX Firewall Secure PC White noise generator Ideal

  12. Keep password in mind or use pass saver Make password

    strong Change password each period of time Real Keep additional data (DOB, phone)

  13. Connection

  14. Cable VPN … Ideal

  15. SSL SSL updates SRP protocol Real …

  16. Application

  17. Pure HTML Static pages … Ideal

  18. CDN Authentification Authorization Real CRF, XSS

  19. DB

  20. Encryption Tape Drive backup Backup? … Ideal

  21. Backup! Access rights bcrypt/scrypt Real Salt + Verifier (SRP protocol)

  22. Inner Application

  23. Storing API keys in ENV variables Access rights CI Real

    Prod, Staging, Testing instances

  24. Test coverage Verify SSL security Real Check libs source code

    simplecov gem SSLLabs, DigiCert SSL Mutation testing mutant gem

  25. Make logs simply accessible Security headers Styleguide Real secureheaders gem

    rubocop gem Security Policy

  26. Thank You is hiring =)