Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security design in web applications

Eda1654eec376ad5a305a3c6b47275e8?s=47 Jester
April 16, 2016
Technology
0
63

Security design in web applications

This is about Inner and Outer security in Web application

Eda1654eec376ad5a305a3c6b47275e8?s=128

Jester

April 16, 2016
Tweet

More Decks by Jester

See All by Jester
Eda1654eec376ad5a305a3c6b47275e8?s=48 jesterovskiy
0
43
Eda1654eec376ad5a305a3c6b47275e8?s=48 jesterovskiy
0
69

Other Decks in Technology

See All in Technology
8bc2f1f5bfb8ed1f79492bfa7da6ddb1?s=48 hichikawa1126
0
140
9c551bfc52665c832b89e2748e33cf60?s=48 hitomi___kt
1
240
3f848c0c0b9a6603894e157da93e4655?s=48 sadayoshitada0919
0
1.1k
E53046bb9794560f541fcf2cf0b9d526?s=48 sayokomiura
0
270
7e20183342a040a32924a41343603286?s=48 konabuta
1
350
8ca67ac59d908cf23431095fc2cacb09?s=48 sada913
0
190
2b0404a5db1a74f01bf3bf94d142e28c?s=48 alexzhukovich
0
100
7817a37f86a649081722e52270d2ba75?s=48 line_recruiting
0
120
4e7f712e4bba241f579d3dc0eaf130d4?s=48 mito201
0
340
Dce5df1d6cddfca0b3823ebaee7b6864?s=48 harunakanishi
0
210
Fb69af32a1d6d3ea3bc002b7718a7166?s=48 tomotaka_yamasaki
1
680
97b3cca999b52cb5296675ac0a5c12cd?s=48 emiki
1
120

Featured

See All Featured
Ba530e786553390f3fb271848485681c?s=48 3n
167
22k
5b6a2bd86ef643786a381a212e0ef2f1?s=48 geoffreycrofte
38
1.3k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
170
7.5k
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
189
14k
91cefdf141106fa10674aae74ce05890?s=48 yeseniaperezcruz
304
32k
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
273
32k
D8fc2580cfaca035f666d9e4ee79a7f7?s=48 mongodb
24
4k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
55
4.6k
F383c6a4dc55e331bbe2987b622cee6b?s=48 stephaniewalter
263
11k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
195
9k
56c4053438af8e8b90d6f53cbb7573be?s=48 jakevdp
777
200k
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
90
8.8k

Transcript

  1. Security design in web applications

  2. Aleksey Dashkevych RubyDev/SysAdmin twitter://dash_as facebook://aleksey.dashkevich github://jesterovskiy

  3. “software has been designed from the ground up to be

    secure” C.O. Secure by design

  4. Outer Security Inner Security

  5. Ideal Situation Real Life

  6. None
  7. None
  8. None

  9. User Outer Connection Application DB

  10. User

  11. Linux/OSX Firewall Secure PC White noise generator Ideal

  12. Keep password in mind or use pass saver Make password

    strong Change password each period of time Real Keep additional data (DOB, phone)

  13. Connection

  14. Cable VPN … Ideal

  15. SSL SSL updates SRP protocol Real …

  16. Application

  17. Pure HTML Static pages … Ideal

  18. CDN Authentification Authorization Real CRF, XSS

  19. DB

  20. Encryption Tape Drive backup Backup? … Ideal

  21. Backup! Access rights bcrypt/scrypt Real Salt + Verifier (SRP protocol)

  22. Inner Application

  23. Storing API keys in ENV variables Access rights CI Real

    Prod, Staging, Testing instances

  24. Test coverage Verify SSL security Real Check libs source code

    simplecov gem SSLLabs, DigiCert SSL Mutation testing mutant gem

  25. Make logs simply accessible Security headers Styleguide Real secureheaders gem

    rubocop gem Security Policy

  26. Thank You is hiring =)