Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security design in web applications
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Jester
April 16, 2016
Technology
0
230
Security design in web applications
This is about Inner and Outer security in Web application
Jester
April 16, 2016
Tweet
Share
More Decks by Jester
See All by Jester
Ruby Chat Bots: Work and Fun together
jesterovskiy
0
65
Epic API Fight
jesterovskiy
0
93
Other Decks in Technology
See All in Technology
The Rise of Browser Automation: AI-Powered Web Interaction in 2026
marcthompson_seo
0
260
GitHub Copilot CLI で Azure Portal to Bicep
tsubakimoto_s
0
160
2026年もソフトウェアサプライチェーンのリスクに立ち向かうために / Product Security Square #3
flatt_security
1
740
Kiroで見直す開発プロセスとAI-DLC
k_adachi_01
0
110
OpenClaw を Amazon Lightsail で動かす理由
uechishingo
0
260
生成AIで速度と品質を両立する、QAエンジニア・開発者連携のAI協調型テストプロセス
shota_kusaba
0
350
AIエージェント×GitHubで実現するQAナレッジの資産化と業務活用 / QA Knowledge as Assets with AI Agents & GitHub
tknw_hitsuji
0
150
Phase03_ドキュメント管理
overflowinc
0
1.3k
Phase12_総括_自走化
overflowinc
0
730
Astro Islandsの 内部実装を 「日本で一番わかりやすく」 ざっくり解説!
knj
0
150
生成AI活用でQAエンジニアにどのような仕事が生まれるか/Support Required of QA Engineers for Generative AI
goyoki
1
350
Phase06_ClaudeCode実践
overflowinc
0
1k
Featured
See All Featured
Side Projects
sachag
455
43k
Building Flexible Design Systems
yeseniaperezcruz
330
40k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
250
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
190
How STYLIGHT went responsive
nonsquared
100
6k
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
1
330
What's in a price? How to price your products and services
michaelherold
247
13k
Imperfection Machines: The Place of Print at Facebook
scottboms
269
14k
JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022
reverentgeek
1
400
Large-scale JavaScript Application Architecture
addyosmani
515
110k
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
szymonslowik
1
980
The Power of CSS Pseudo Elements
geoffreycrofte
82
6.2k
Transcript
Security design in web applications
Aleksey Dashkevych RubyDev/SysAdmin twitter://dash_as facebook://aleksey.dashkevich github://jesterovskiy
“software has been designed from the ground up to be
secure” C.O. Secure by design
Outer Security Inner Security
Ideal Situation Real Life
None
None
None
User Outer Connection Application DB
User
Linux/OSX Firewall Secure PC White noise generator Ideal
Keep password in mind or use pass saver Make password
strong Change password each period of time Real Keep additional data (DOB, phone)
Connection
Cable VPN … Ideal
SSL SSL updates SRP protocol Real …
Application
Pure HTML Static pages … Ideal
CDN Authentification Authorization Real CRF, XSS
DB
Encryption Tape Drive backup Backup? … Ideal
Backup! Access rights bcrypt/scrypt Real Salt + Verifier (SRP protocol)
Inner Application
Storing API keys in ENV variables Access rights CI Real
Prod, Staging, Testing instances
Test coverage Verify SSL security Real Check libs source code
simplecov gem SSLLabs, DigiCert SSL Mutation testing mutant gem
Make logs simply accessible Security headers Styleguide Real secureheaders gem
rubocop gem Security Policy
Thank You is hiring =)
jesterovskiy
marcthompson_seo
tsubakimoto_s
flatt_security
k_adachi_01
uechishingo
.jpg){kind=avatar}
shota_kusaba
tknw_hitsuji
overflowinc
knj
goyoki
sachag
yeseniaperezcruz
tammyeverts
nikkihalliwell
nonsquared
jct
michaelherold
scottboms
reverentgeek
addyosmani
szymonslowik
geoffreycrofte
