Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security design in web applications

Avatar for Jester Jester
April 16, 2016
Technology
0
220

Security design in web applications

This is about Inner and Outer security in Web application

Avatar for Jester

Jester

April 16, 2016
Tweet

More Decks by Jester

See All by Jester
Ruby Chat Bots: Work and Fun together
Avatar for Jester jesterovskiy
0
60
Epic API Fight
Avatar for Jester jesterovskiy
0
90

Other Decks in Technology

See All in Technology
Claude Codeを駆使した初めてのiOSアプリ開発 ~ゼロから3週間でグローバルハッカソンで入賞するまで~
Avatar for Oikon oikon48
10
5.3k
AIエージェント入門 〜基礎からMCP・A2Aまで〜
Avatar for Shu Kobuchi shukob
1
140
[VPoE Global Summit] サービスレベル目標による信頼性への投資最適化
Avatar for sato-s satos
0
200
WEBサービスを成り立たせるAWSサービス
Avatar for Takano takano0131
1
200
OCIjp_Oracle AI World_Recap
Avatar for Shinya Omori shinpy
1
150
事業開発におけるDify活用事例
Avatar for KentaroFujii kentarofujii
4
1.2k
Claude Code Subagents 再入門 ~cc-sddの実装で学んだこと~
Avatar for Gota gotalab555
10
17k
[OCI Skill Mapping] AWSユーザーのためのOCI – IaaS編(Compute/Storage/Networking) (2025年10月8日開催)
Avatar for oracle4engineer oracle4engineer
PRO
1
160
それでも私が品質保証プロセスを作り続ける理由 #テストラジオ / Why I still continue to create QA process
Avatar for ぱいん pineapplecandy
0
150
NLPコロキウム20251022_超効率化への挑戦: LLM 1bit量子化のロードマップ
Avatar for Yuma Ichikawa yumaichikawa
1
170
難しいセキュリティ用語をわかりやすくしてみた
Avatar for Yuta3110 yuta3110
0
360
研究開発部メンバーの働き⽅ / Sansan R&D Profile
Avatar for Sansan, Inc. sansan33
PRO
3
20k

Featured

See All Featured
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
PRO
23
1.5k
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
52
3.5k
Side Projects
Avatar for Sacha Greif sachag
455
43k
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
347
40k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
4.9k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
31
2.7k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
127
54k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
274
41k
Docker and Python
Avatar for Tania Allard trallard
46
3.6k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
232
18k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1371
200k
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.3k

Transcript

  1. Security design in web applications

  2. Aleksey Dashkevych RubyDev/SysAdmin twitter://dash_as facebook://aleksey.dashkevich github://jesterovskiy

  3. “software has been designed from the ground up to be

    secure” C.O. Secure by design

  4. Outer Security Inner Security

  5. Ideal Situation Real Life

  6. None
  7. None
  8. None

  9. User Outer Connection Application DB

  10. User

  11. Linux/OSX Firewall Secure PC White noise generator Ideal

  12. Keep password in mind or use pass saver Make password

    strong Change password each period of time Real Keep additional data (DOB, phone)

  13. Connection

  14. Cable VPN … Ideal

  15. SSL SSL updates SRP protocol Real …

  16. Application

  17. Pure HTML Static pages … Ideal

  18. CDN Authentification Authorization Real CRF, XSS

  19. DB

  20. Encryption Tape Drive backup Backup? … Ideal

  21. Backup! Access rights bcrypt/scrypt Real Salt + Verifier (SRP protocol)

  22. Inner Application

  23. Storing API keys in ENV variables Access rights CI Real

    Prod, Staging, Testing instances

  24. Test coverage Verify SSL security Real Check libs source code

    simplecov gem SSLLabs, DigiCert SSL Mutation testing mutant gem

  25. Make logs simply accessible Security headers Styleguide Real secureheaders gem

    rubocop gem Security Policy

  26. Thank You is hiring =)