Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security design in web applications

Avatar for Jester Jester
April 16, 2016
Technology
0
210

Security design in web applications

This is about Inner and Outer security in Web application
Avatar for Jester

Jester

April 16, 2016
Tweet

More Decks by Jester

See All by Jester
Ruby Chat Bots: Work and Fun together
Avatar for Jester jesterovskiy
0
57
Epic API Fight
Avatar for Jester jesterovskiy
0
87

Other Decks in Technology

See All in Technology
本が全く読めなかった過去の自分へ
Avatar for ゲンシュン genshun9
0
730
ドメイン特化なCLIPモデルとデータセットの紹介
Avatar for tattaka tattaka
2
540
LangChain Interrupt & LangChain Ambassadors meetingレポート
Avatar for os1ma os1ma
2
240
Core Audio tapを使ったリアルタイム音声処理のお話
Avatar for Sloth yuta0306
0
160
プロダクトエンジニアリング組織への歩み、その現在地 / Our journey to becoming a product engineering organization
Avatar for hiro-torii hiro_torii
0
140
Delegating the chores of authenticating users to Keycloak
Avatar for Alexander Schwartz ahus1
0
130
低レイヤを知りたいPHPerのためのCコンパイラ作成入門 完全版 / Building a C Compiler for PHPers Who Want to Dive into Low-Level Programming - Expanded
Avatar for HASEGAWA Tomoki tomzoh
4
3.4k
Should Our Project Join the CNCF? (Japanese Recap)
Avatar for whywaita whywaita
PRO
0
300
KubeCon + CloudNativeCon Japan 2025 Recap Opening & Choose Your Own Adventureシリーズまとめ
Avatar for mm-matsuda mmmatsuda
0
240
Model Mondays S2E03: SLMs & Reasoning
Avatar for Nitya Narasimhan, PhD nitya
0
240
ビギナーであり続ける/beginning
Avatar for 小田中育生 ikuodanaka
3
510
ビズリーチが挑む メトリクスを活用した技術的負債の解消 / dev-productivity-con2025
Avatar for Visional Engineering & Design visional_engineering_and_design
1
2.1k

Featured

See All Featured
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
34
3.1k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
72
4.9k
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
299
21k
Testing 201, or: Great Expectations
Avatar for Joseph Mastey jmmastey
42
7.6k
Done Done
Avatar for chrislema chrislema
184
16k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
184
22k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
28
5.4k
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
407
66k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1031
460k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
48
50k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
53
2.8k

Transcript

  1. Security design in web applications

  2. Aleksey Dashkevych RubyDev/SysAdmin twitter://dash_as facebook://aleksey.dashkevich github://jesterovskiy

  3. “software has been designed from the ground up to be

    secure” C.O. Secure by design

  4. Outer Security Inner Security

  5. Ideal Situation Real Life

  6. None
  7. None
  8. None

  9. User Outer Connection Application DB

  10. User

  11. Linux/OSX Firewall Secure PC White noise generator Ideal

  12. Keep password in mind or use pass saver Make password

    strong Change password each period of time Real Keep additional data (DOB, phone)

  13. Connection

  14. Cable VPN … Ideal

  15. SSL SSL updates SRP protocol Real …

  16. Application

  17. Pure HTML Static pages … Ideal

  18. CDN Authentification Authorization Real CRF, XSS

  19. DB

  20. Encryption Tape Drive backup Backup? … Ideal

  21. Backup! Access rights bcrypt/scrypt Real Salt + Verifier (SRP protocol)

  22. Inner Application

  23. Storing API keys in ENV variables Access rights CI Real

    Prod, Staging, Testing instances

  24. Test coverage Verify SSL security Real Check libs source code

    simplecov gem SSLLabs, DigiCert SSL Mutation testing mutant gem

  25. Make logs simply accessible Security headers Styleguide Real secureheaders gem

    rubocop gem Security Policy

  26. Thank You is hiring =)