Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up
for free
Security design in web applications
Jester
April 16, 2016
Technology
0
38
Security design in web applications
This is about Inner and Outer security in Web application
Jester
April 16, 2016
Tweet
Share
More Decks by Jester
See All by Jester
jesterovskiy
0
43
jesterovskiy
0
58
Other Decks in Technology
See All in Technology
greymd
0
630
kraj
0
5.4k
yosshi_
3
350
hhiroshell
7
470
ymas0315
0
180
viva_tweet_x
5
2.7k
yutamakotaro
1
190
ocise
1
970
toshinoritakai
1
210
ocise
0
170
layerx
1
940
kanaugust
PRO
0
110
Featured
See All Featured
lauravandoore
11
1.3k
qrush
285
18k
paulrobertlloyd
71
1.4k
malarkey
119
16k
kastner
54
1.9k
destraynor
223
47k
tenderlove
52
3.4k
brad_frost
156
6.4k
frogandcode
127
20k
holman
288
130k
kneath
219
15k
keithpitt
401
20k
Transcript
Security design in web applications
Aleksey Dashkevych RubyDev/SysAdmin twitter://dash_as facebook://aleksey.dashkevich github://jesterovskiy
“software has been designed from the ground up to be
secure” C.O. Secure by design
Outer Security Inner Security
Ideal Situation Real Life
None
None
None
User Outer Connection Application DB
User
Linux/OSX Firewall Secure PC White noise generator Ideal
Keep password in mind or use pass saver Make password
strong Change password each period of time Real Keep additional data (DOB, phone)
Connection
Cable VPN … Ideal
SSL SSL updates SRP protocol Real …
Application
Pure HTML Static pages … Ideal
CDN Authentification Authorization Real CRF, XSS
DB
Encryption Tape Drive backup Backup? … Ideal
Backup! Access rights bcrypt/scrypt Real Salt + Verifier (SRP protocol)
Inner Application
Storing API keys in ENV variables Access rights CI Real
Prod, Staging, Testing instances
Test coverage Verify SSL security Real Check libs source code
simplecov gem SSLLabs, DigiCert SSL Mutation testing mutant gem
Make logs simply accessible Security headers Styleguide Real secureheaders gem
rubocop gem Security Policy
Thank You is hiring =)