Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security design in web applications
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Jester
April 16, 2016
Technology
250
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Security design in web applications
This is about Inner and Outer security in Web application
Jester
April 16, 2016
More Decks by Jester
See All by Jester
Ruby Chat Bots: Work and Fun together
jesterovskiy
0
68
Epic API Fight
jesterovskiy
0
100
Other Decks in Technology
See All in Technology
ヘルスケア領域における AI 活用と その安全性担保のための取り組み (Leveraging AI in Healthcare and Our Efforts to Ensure Its Safety) - Google I/O Extended Tokyo 2026, July 11, 2026
zettaittenani
0
230
“全部コピーしない”ファイルデータの活用 : — FSx for ONTAP × S3 Tables × Icebergで作るメタデータカタログ
yoshiki0705
0
630
AIDLC_ヤフーショッピングの取り組み
lycorptech_jp
PRO
0
580
型は壁、Rustでもバグを直すな、表現できなくせよ
nwiizo
12
1.9k
証券システムを10年Scalaで作り続けるということ - 関数型まつり2026
krrrr38
3
800
Mastraエージェント、どのクラウドにデプロイする?
minorun365
PRO
2
180
プライバシー保護の理論と実践
lycorptech_jp
PRO
1
250
AI Agent SaaS を支える自社仮想化基盤への挑戦と実運用 / ai-agent-saas-virtualization
flatt_security
2
3.4k
美しいコードを書くためにF#を学んでみた話
yud0uhu
1
390
小さいから、全部わかる。— 常駐AI "xangi" のすすめ
sugupoko
0
280
スタートアップにおけるアジャイルの実践について #shibuyagile
murabayashi
3
2.1k
プロダクトだけじゃない、社内プロセスにおける自動化・省力化ノススメ
kakehashi
PRO
1
3.2k
Featured
See All Featured
Building an army of robots
kneath
306
46k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
340
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.2k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
6k
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
2
600
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
150
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
2k
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
590
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
3
180
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.8k
Between Models and Reality
mayunak
4
370
Building AI with AI
inesmontani
PRO
1
1.1k
Transcript
Security design in web applications
Aleksey Dashkevych RubyDev/SysAdmin twitter://dash_as facebook://aleksey.dashkevich github://jesterovskiy
“software has been designed from the ground up to be
secure” C.O. Secure by design
Outer Security Inner Security
Ideal Situation Real Life
None
None
None
User Outer Connection Application DB
User
Linux/OSX Firewall Secure PC White noise generator Ideal
Keep password in mind or use pass saver Make password
strong Change password each period of time Real Keep additional data (DOB, phone)
Connection
Cable VPN … Ideal
SSL SSL updates SRP protocol Real …
Application
Pure HTML Static pages … Ideal
CDN Authentification Authorization Real CRF, XSS
DB
Encryption Tape Drive backup Backup? … Ideal
Backup! Access rights bcrypt/scrypt Real Salt + Verifier (SRP protocol)
Inner Application
Storing API keys in ENV variables Access rights CI Real
Prod, Staging, Testing instances
Test coverage Verify SSL security Real Check libs source code
simplecov gem SSLLabs, DigiCert SSL Mutation testing mutant gem
Make logs simply accessible Security headers Styleguide Real secureheaders gem
rubocop gem Security Policy
Thank You is hiring =)