Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security design in web applications
Search
Jester
April 16, 2016
Technology
0
210
Security design in web applications
This is about Inner and Outer security in Web application
Jester
April 16, 2016
Tweet
Share
More Decks by Jester
See All by Jester
Ruby Chat Bots: Work and Fun together
jesterovskiy
0
57
Epic API Fight
jesterovskiy
0
87
Other Decks in Technology
See All in Technology
Delegating the chores of authenticating users to Keycloak
ahus1
0
130
Understanding_Thread_Tuning_for_Inference_Servers_of_Deep_Models.pdf
lycorptech_jp
PRO
0
160
ドメイン特化なCLIPモデルとデータセットの紹介
tattaka
2
570
タイミーのデータモデリング事例と今後のチャレンジ
ttccddtoki
6
2.3k
OPENLOGI Company Profile
hr01
0
67k
mrubyと micro-ROSが繋ぐロボットの世界
kishima
3
410
マネジメントって難しい、けどおもしろい / Management is tough, but fun! #em_findy
ar_tama
5
700
United Airlines Customer Service– Call 1-833-341-3142 Now!
airhelp
0
160
KubeCon + CloudNativeCon Japan 2025 Recap
ren510dev
1
360
20250707-AI活用の個人差を埋めるチームづくり
shnjtk
3
3.2k
How Community Opened Global Doors
hiroramos4
PRO
1
140
Zephyr RTOSを使った開発コンペに参加した件
iotengineer22
1
190
Featured
See All Featured
The Cult of Friendly URLs
andyhume
79
6.5k
Large-scale JavaScript Application Architecture
addyosmani
512
110k
Docker and Python
trallard
44
3.5k
Visualization
eitanlees
146
16k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
181
53k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.5k
A designer walks into a library…
pauljervisheath
207
24k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.4k
Designing for Performance
lara
610
69k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
GraphQLの誤解/rethinking-graphql
sonatard
71
11k
Writing Fast Ruby
sferik
628
62k
Transcript
Security design in web applications
Aleksey Dashkevych RubyDev/SysAdmin twitter://dash_as facebook://aleksey.dashkevich github://jesterovskiy
“software has been designed from the ground up to be
secure” C.O. Secure by design
Outer Security Inner Security
Ideal Situation Real Life
None
None
None
User Outer Connection Application DB
User
Linux/OSX Firewall Secure PC White noise generator Ideal
Keep password in mind or use pass saver Make password
strong Change password each period of time Real Keep additional data (DOB, phone)
Connection
Cable VPN … Ideal
SSL SSL updates SRP protocol Real …
Application
Pure HTML Static pages … Ideal
CDN Authentification Authorization Real CRF, XSS
DB
Encryption Tape Drive backup Backup? … Ideal
Backup! Access rights bcrypt/scrypt Real Salt + Verifier (SRP protocol)
Inner Application
Storing API keys in ENV variables Access rights CI Real
Prod, Staging, Testing instances
Test coverage Verify SSL security Real Check libs source code
simplecov gem SSLLabs, DigiCert SSL Mutation testing mutant gem
Make logs simply accessible Security headers Styleguide Real secureheaders gem
rubocop gem Security Policy
Thank You is hiring =)