$30 off During Our Annual Pro Sale. View Details »

Security design in web applications

Avatar for Jester Jester
April 16, 2016
Technology
0
220

Security design in web applications

This is about Inner and Outer security in Web application

Avatar for Jester

Jester

April 16, 2016
Tweet

More Decks by Jester

See All by Jester
Ruby Chat Bots: Work and Fun together
Avatar for Jester jesterovskiy
0
64
Epic API Fight
Avatar for Jester jesterovskiy
0
91

Other Decks in Technology

See All in Technology
障害対応訓練、その前に
Avatar for coconala_engineer coconala_engineer
0
150
AWSに革命を起こすかもしれない新サービス・アップデートについてのお話
Avatar for Yuuki Yamashita yama3133
0
460
ハッカソンから社内プロダクトへ AIエージェント「ko☆shi」開発で学んだ4つの重要要素
Avatar for そのだ sonoda_mj
6
1.3k
20251222_サンフランシスコサバイバル術
Avatar for ponponmikan ponponmikankan
2
130
Identity Management for Agentic AI 解説
Avatar for Naohiro Fujie fujie
0
340
AIBuildersDay_track_A_iidaxs
Avatar for iidaxs iidaxs
4
940
ペアーズにおけるAIエージェント 基盤とText to SQLツールの紹介
Avatar for Hikaru Sasamoto hisamouna
2
1.3k
アプリにAIを正しく組み込むための アーキテクチャ── 国産LLMの現実と実践
Avatar for Yasushi Taki kohju
0
170
高度サイバー人材育成専科資料(前半)
Avatar for Nomizo Nomizo nomizone
0
410
シニアソフトウェアエンジニアになるためには
Avatar for KNOWLEDGE WORK / 株式会社ナレッジワーク kworkdev
PRO
3
210
20251219 OpenIDファウンデーション・ジャパン紹介 / OpenID Foundation Japan Intro
Avatar for OpenID Foundation Japan oidfj
0
390
【ServiceNow SNUG Meetup LT deck】WorkFlow Editorの廃止と Flow Designerへの移行戦略
Avatar for NIWATO niwato
0
120

Featured

See All Featured
エンジニアに許された特別な時間の終わり
Avatar for watany watany
105
220k
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
Avatar for Christian Goodrich cargoodrich
2
61
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
Avatar for Sara Fernández Carmona sarafernandez
1
1.3k
Mozcon NYC 2025: Stop Losing SEO Traffic
Avatar for Sam Torres samtorres
0
80
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
40
2.2k
How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today
Avatar for Helen Beal helenjbeal
1
78
How to Align SEO within the Product Triangle To Get 
Buy-In & Support - #RIMC
Avatar for Aleyda Solis aleyda
1
1.3k
Gemini Prompt Engineering: Practical Techniques for Tangible AI Outcomes
Avatar for Mfonobong Umondia mfonobong
2
220
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
249
1.3M
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
73
5k
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
13
1k
What Being in a Rock Band Can Teach Us About Real World SEO
Avatar for Ade Holder 427marketing
0
140

Transcript

  1. Security design in web applications

  2. Aleksey Dashkevych RubyDev/SysAdmin twitter://dash_as facebook://aleksey.dashkevich github://jesterovskiy

  3. “software has been designed from the ground up to be

    secure” C.O. Secure by design

  4. Outer Security Inner Security

  5. Ideal Situation Real Life

  6. None
  7. None
  8. None

  9. User Outer Connection Application DB

  10. User

  11. Linux/OSX Firewall Secure PC White noise generator Ideal

  12. Keep password in mind or use pass saver Make password

    strong Change password each period of time Real Keep additional data (DOB, phone)

  13. Connection

  14. Cable VPN … Ideal

  15. SSL SSL updates SRP protocol Real …

  16. Application

  17. Pure HTML Static pages … Ideal

  18. CDN Authentification Authorization Real CRF, XSS

  19. DB

  20. Encryption Tape Drive backup Backup? … Ideal

  21. Backup! Access rights bcrypt/scrypt Real Salt + Verifier (SRP protocol)

  22. Inner Application

  23. Storing API keys in ENV variables Access rights CI Real

    Prod, Staging, Testing instances

  24. Test coverage Verify SSL security Real Check libs source code

    simplecov gem SSLLabs, DigiCert SSL Mutation testing mutant gem

  25. Make logs simply accessible Security headers Styleguide Real secureheaders gem

    rubocop gem Security Policy

  26. Thank You is hiring =)