Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security design in web applications

Eda1654eec376ad5a305a3c6b47275e8?s=47 Jester
April 16, 2016
Technology
0
77

Security design in web applications

This is about Inner and Outer security in Web application

Eda1654eec376ad5a305a3c6b47275e8?s=128

Jester

April 16, 2016
Tweet

More Decks by Jester

See All by Jester
Eda1654eec376ad5a305a3c6b47275e8?s=48 jesterovskiy
0
43
Eda1654eec376ad5a305a3c6b47275e8?s=48 jesterovskiy
0
70

Other Decks in Technology

See All in Technology
Da5a59469ce3ebb55619ce34f85f8c4f?s=48 syarihu
0
120
76df086a2bef4b357cf29acb07959cce?s=48 m_coder
2
350
3318abf64ba11ee70d4f5dee62051801?s=48 tagucch
0
150
9955f1755a5ae81bc294db7291e56af2?s=48 cmnakahara
0
360
966e29b84ae7dbde170f66b0bc75b7a6?s=48 ishiayaya
0
530
2c0947c6a28e7f771ebd9859ecf54e5c?s=48 shinyorke
3
1.7k
B1cc148711c6a37a5c922b6e72a4ad52?s=48 upura
5
4.5k
Cb88f765dd38cd942c39aacb5abbea06?s=48 ufoo68
0
130
0f162107f1b716c9fa62d6071eb8b995?s=48 mugi_uno
3
1k
49f49940f0831a426745c028684bcdad?s=48 hatena
0
2.8k
6f7b7931d8ce4dc1349767c8b086f355?s=48 keio_smilab
PRO
0
140
5decf7f10129094643082b24a97a89ad?s=48 nalpan
0
370

Featured

See All Featured
5ce91fa49a613cbc3e20d5f96856473f?s=48 edds
57
9.6k
5f50f94346fbcb23706f0707169317a4?s=48 aarron
261
36k
Ef32e0b1ac5082450dc8c1fca3a26b5c?s=48 cherdarchuk
78
270k
9375a9529679f1b42b567a640d775e7d?s=48 schacon
152
6.9k
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
74
1.7k
4262b9cfacfb6b2c77f23e1d0310cd3e?s=48 myddelton
110
11k
32de0bd2ba869609d26fd052a4622778?s=48 cromwellryan
107
6.5k
9cde37f47e4a800ea081ea42de8d749a?s=48 dougneiner
56
5.6k
170b760e0147792d0140e59ec78e9893?s=48 eitanlees
120
11k
A9704266587836f7e784235e5073b93e?s=48 jmmastey
20
5.1k
D67fff74178013024d833b3eec6cf27f?s=48 lynnandtonic
277
17k
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
35
3.8k

Transcript

  1. Security design in web applications

  2. Aleksey Dashkevych RubyDev/SysAdmin twitter://dash_as facebook://aleksey.dashkevich github://jesterovskiy

  3. “software has been designed from the ground up to be

    secure” C.O. Secure by design

  4. Outer Security Inner Security

  5. Ideal Situation Real Life

  6. None
  7. None
  8. None

  9. User Outer Connection Application DB

  10. User

  11. Linux/OSX Firewall Secure PC White noise generator Ideal

  12. Keep password in mind or use pass saver Make password

    strong Change password each period of time Real Keep additional data (DOB, phone)

  13. Connection

  14. Cable VPN … Ideal

  15. SSL SSL updates SRP protocol Real …

  16. Application

  17. Pure HTML Static pages … Ideal

  18. CDN Authentification Authorization Real CRF, XSS

  19. DB

  20. Encryption Tape Drive backup Backup? … Ideal

  21. Backup! Access rights bcrypt/scrypt Real Salt + Verifier (SRP protocol)

  22. Inner Application

  23. Storing API keys in ENV variables Access rights CI Real

    Prod, Staging, Testing instances

  24. Test coverage Verify SSL security Real Check libs source code

    simplecov gem SSLLabs, DigiCert SSL Mutation testing mutant gem

  25. Make logs simply accessible Security headers Styleguide Real secureheaders gem

    rubocop gem Security Policy

  26. Thank You is hiring =)