Security design in web applications

Eda1654eec376ad5a305a3c6b47275e8?s=47 Jester
April 16, 2016

Security design in web applications

This is about Inner and Outer security in Web application

Eda1654eec376ad5a305a3c6b47275e8?s=128

Jester

April 16, 2016
Tweet

Transcript

  1. Security design in web applications

  2. Aleksey Dashkevych RubyDev/SysAdmin twitter://dash_as facebook://aleksey.dashkevich github://jesterovskiy

  3. “software has been designed from the ground up to be

    secure” C.O. Secure by design
  4. Outer Security Inner Security

  5. Ideal Situation Real Life

  6. None
  7. None
  8. None
  9. User Outer Connection Application DB

  10. User

  11. Linux/OSX Firewall Secure PC White noise generator Ideal

  12. Keep password in mind or use pass saver Make password

    strong Change password each period of time Real Keep additional data (DOB, phone)
  13. Connection

  14. Cable VPN … Ideal

  15. SSL SSL updates SRP protocol Real …

  16. Application

  17. Pure HTML Static pages … Ideal

  18. CDN Authentification Authorization Real CRF, XSS

  19. DB

  20. Encryption Tape Drive backup Backup? … Ideal

  21. Backup! Access rights bcrypt/scrypt Real Salt + Verifier (SRP protocol)

  22. Inner Application

  23. Storing API keys in ENV variables Access rights CI Real

    Prod, Staging, Testing instances
  24. Test coverage Verify SSL security Real Check libs source code

    simplecov gem SSLLabs, DigiCert SSL Mutation testing mutant gem
  25. Make logs simply accessible Security headers Styleguide Real secureheaders gem

    rubocop gem Security Policy
  26. Thank You is hiring =)