Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security design in web applications
Search
Jester
April 16, 2016
Technology
0
220
Security design in web applications
This is about Inner and Outer security in Web application
Jester
April 16, 2016
Tweet
Share
More Decks by Jester
See All by Jester
Ruby Chat Bots: Work and Fun together
jesterovskiy
0
64
Epic API Fight
jesterovskiy
0
91
Other Decks in Technology
See All in Technology
Reinforcement Fine-tuning 基礎〜実践まで
ch6noota
0
190
Lookerで実現するセキュアな外部データ提供
zozotech
PRO
0
140
コミューンのデータ分析AIエージェント「Community Sage」の紹介
fufufukakaka
0
500
新 Security HubがついにGA!仕組みや料金を深堀り #AWSreInvent #regrowth / AWS Security Hub Advanced GA
masahirokawahara
1
2.1k
シニアソフトウェアエンジニアになるためには
kworkdev
PRO
3
120
[デモです] NotebookLM で作ったスライドの例
kongmingstrap
0
150
大企業でもできる!ボトムアップで拡大させるプラットフォームの作り方
findy_eventslides
1
790
IAMユーザーゼロの運用は果たして可能なのか
yama3133
1
390
エンジニアリングマネージャー はじめての目標設定と評価
halkt
0
290
AWS re:Invent 2025で見たGrafana最新機能の紹介
hamadakoji
0
390
「図面」から「法則」へ 〜メタ視点で読み解く現代のソフトウェアアーキテクチャ〜
scova0731
0
230
AWSを使う上で最低限知っておきたいセキュリティ研修を社内で実施した話 ~みんなでやるセキュリティ~
maimyyym
2
1.5k
Featured
See All Featured
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
390
Done Done
chrislema
186
16k
Automating Front-end Workflow
addyosmani
1371
200k
A designer walks into a library…
pauljervisheath
210
24k
Facilitating Awesome Meetings
lara
57
6.7k
How to Think Like a Performance Engineer
csswizardry
28
2.4k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
196
70k
Testing 201, or: Great Expectations
jmmastey
46
7.8k
The Pragmatic Product Professional
lauravandoore
37
7.1k
Building Applications with DynamoDB
mza
96
6.8k
Optimizing for Happiness
mojombo
379
70k
Designing for humans not robots
tammielis
254
26k
Transcript
Security design in web applications
Aleksey Dashkevych RubyDev/SysAdmin twitter://dash_as facebook://aleksey.dashkevich github://jesterovskiy
“software has been designed from the ground up to be
secure” C.O. Secure by design
Outer Security Inner Security
Ideal Situation Real Life
None
None
None
User Outer Connection Application DB
User
Linux/OSX Firewall Secure PC White noise generator Ideal
Keep password in mind or use pass saver Make password
strong Change password each period of time Real Keep additional data (DOB, phone)
Connection
Cable VPN … Ideal
SSL SSL updates SRP protocol Real …
Application
Pure HTML Static pages … Ideal
CDN Authentification Authorization Real CRF, XSS
DB
Encryption Tape Drive backup Backup? … Ideal
Backup! Access rights bcrypt/scrypt Real Salt + Verifier (SRP protocol)
Inner Application
Storing API keys in ENV variables Access rights CI Real
Prod, Staging, Testing instances
Test coverage Verify SSL security Real Check libs source code
simplecov gem SSLLabs, DigiCert SSL Mutation testing mutant gem
Make logs simply accessible Security headers Styleguide Real secureheaders gem
rubocop gem Security Policy
Thank You is hiring =)
jesterovskiy
ch6noota
zozotech
fufufukakaka
masahirokawahara
kworkdev
kongmingstrap
findy_eventslides
yama3133
halkt
hamadakoji
scova0731
maimyyym
tammyeverts
chrislema
addyosmani
pauljervisheath
lara
csswizardry
soudai
jmmastey
lauravandoore
mza
mojombo
tammielis
