Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security design in web applications

Avatar for Jester Jester
April 16, 2016
Technology
240
0

Security design in web applications

This is about Inner and Outer security in Web application

Avatar for Jester

Jester

April 16, 2016

More Decks by Jester

See All by Jester
Ruby Chat Bots: Work and Fun together
Avatar for Jester jesterovskiy
0
67
Epic API Fight
Avatar for Jester jesterovskiy
0
100

Other Decks in Technology

See All in Technology
Claude code Orchestra
Avatar for Taisei Ozaki ozakiomumkj
3
950
もりもり新機能を一挙紹介! AgentCoreに入門して、AWS上にAIエージェントを構築しよう
Avatar for みのるん minorun365
PRO
6
770
Chart.js が簡単に使えるようになっていたので OGP 画像生成に使った話
Avatar for すずとも kamekyame
0
160
AI駆動開発が変える、大規模開発の前提 ーHuman in the Loop から Human on the Loop へ / AIE2026
Avatar for Visional Engineering & Design visional_engineering_and_design
5
3.7k
ITエンジニアを取り巻く環境とキャリアパス / A career path for Japanese IT engineers
Avatar for 高玉 広和 / TAKATAMA Hirokazu takatama
4
1.8k
速さだけじゃない! VoidZero ツールが移行先に選ばれる理由
Avatar for mizdra mizdra
PRO
6
750
Databricks 月刊サービスアップデート 2026年05月号
Avatar for ちょし tyosi1212
0
200
Dynamic Workersについて
Avatar for Yusuke Wada yusukebe
2
580
さきさん文庫の書籍ができるまで
Avatar for H.Saki sakiengineer
0
360
ルールやカスタム機能、どう使う?理想の出力を引き出すために今知りたいIBM Bob 5つの機能
Avatar for mu (Mizuho Uehara) muehara
1
330
PHP と TypeScript の型システム比較:AI 時代の「型」は誰のためにあるのか? #frontend_phpcon_do / frontend_phpcon_do_2026
Avatar for shogogg shogogg
1
240
AI と創る新たな世界 / A New World Created with AI
Avatar for Kenji Saito ks91
PRO
0
110

Featured

See All Featured
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
51
52k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
57
6.9k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
96
14k
Designing for humans not robots
Avatar for Tammie Lister tammielis
254
26k
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.9k
The Curious Case for Waylosing
Avatar for Cassini Nazir cassininazir
1
370
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
135
9.9k
Exploring anti-patterns in Rails
Avatar for Elle Meredith aemeredith
3
390
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
61
9.9k
Test your architecture with Archunit
Avatar for Yoan thirion
1
2.3k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
35
3.5k
Lessons Learnt from Crawling 1000+ Websites
Avatar for Charles Meaden charlesmeaden
PRO
1
1.3k

Transcript

  1. Security design in web applications

  2. Aleksey Dashkevych RubyDev/SysAdmin twitter://dash_as facebook://aleksey.dashkevich github://jesterovskiy

  3. “software has been designed from the ground up to be

    secure” C.O. Secure by design

  4. Outer Security Inner Security

  5. Ideal Situation Real Life

  6. None
  7. None
  8. None

  9. User Outer Connection Application DB

  10. User

  11. Linux/OSX Firewall Secure PC White noise generator Ideal

  12. Keep password in mind or use pass saver Make password

    strong Change password each period of time Real Keep additional data (DOB, phone)

  13. Connection

  14. Cable VPN … Ideal

  15. SSL SSL updates SRP protocol Real …

  16. Application

  17. Pure HTML Static pages … Ideal

  18. CDN Authentification Authorization Real CRF, XSS

  19. DB

  20. Encryption Tape Drive backup Backup? … Ideal

  21. Backup! Access rights bcrypt/scrypt Real Salt + Verifier (SRP protocol)

  22. Inner Application

  23. Storing API keys in ENV variables Access rights CI Real

    Prod, Staging, Testing instances

  24. Test coverage Verify SSL security Real Check libs source code

    simplecov gem SSLLabs, DigiCert SSL Mutation testing mutant gem

  25. Make logs simply accessible Security headers Styleguide Real secureheaders gem

    rubocop gem Security Policy

  26. Thank You is hiring =)