10 tips for a stable webshop - Safeshops 2017

by Thijs Feryn

Slide 1

Slide 1 text

10 tips for a stable webshop By Thijs Feryn

Slide 2

Slide 2 text

Hi, I’m Thijs

Slide 3

Slide 3 text

I’m @ThijsFeryn on Twitter

Slide 4

Slide 4 text

I’m an Evangelist At

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

10 tips

Slide 7

Slide 7 text

ONE

Slide 8

Slide 8 text

Own your own domain

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

TWO

Slide 11

Slide 11 text

Anti-DDos measures

Slide 12

Slide 12 text

✓Volume-based ✓Botnets ✓Traditional UDP flow ✓(DNS) amplification & reflection attacks ✓Slow Loris ✓Targeted attacks DDoS

Slide 13

Slide 13 text

✓Web Application Firewall ✓CDN (+DNS offloading) ✓Flow monitoring + BGP routing ✓NAWAS Anti-DDoS

Slide 14

Slide 14 text

THREE

Slide 15

Slide 15 text

SSL all the way

Slide 16

Slide 16 text

Encryption & trust

Slide 17

Slide 17 text

✓Domain Validation ✓Organization Validation ✓Extended Validation ✓LetsEncrypt SSL

Slide 18

Slide 18 text

No content

Slide 19

Slide 19 text

FOUR

Slide 20

Slide 20 text

Protect sensitive data

Slide 21

Slide 21 text

✓Hash passwords ✓Encrypt super-sensitive data ✓Restricted database access ✓GDPR Protect sensitive data

Slide 22

Slide 22 text

FIVE

Slide 23

Slide 23 text

Install updates, patch your code

Slide 24

Slide 24 text

✓OS & distribution ✓Application stack ✓Your code ✓CMS, Frameworks & libraries Install updates

Slide 25

Slide 25 text

✓Web application firewall with 0day updates ✓Patchman, maldet In case your forget

Slide 26

Slide 26 text

Prevent & cure

Slide 27

Slide 27 text

SIX

Slide 28

Slide 28 text

Scale: up & out

Slide 29

Slide 29 text

✓Scale up: more resources ✓Scale out: more servers ✓Server per role ✓Multiple servers per role ✓Loadbalancing ✓Clustering Scale

Slide 30

Slide 30 text

✓Multiple webservers ✓Separate admin backend ✓Replicated databases ✓Caching servers ✓Logging & indexing servers Scale: in e-commerce

Slide 31

Slide 31 text

SEVEN

Slide 32

Slide 32 text

Caching

Slide 33

Slide 33 text

Don’t recompute if the data hasn’t changed

Slide 34

Slide 34 text

✓Redis or Memcached as internal cache ✓Varnish as page cache ✓CDN for media ✓User profile, checkout, … cannot be cached Caching

Slide 35

Slide 35 text

EIGHT

Slide 36

Slide 36 text

Optimize your images

Slide 37

Slide 37 text

✓Compress & optimize for web ✓Inline images ✓SVG data ✓Optimize for connection & resolution Optimize your images

Slide 38

Slide 38 text

NINE

Slide 39

Slide 39 text

Deployments Automated & safe

Slide 40

Slide 40 text

✓Version control (Git, SVN) ✓Build server ✓Automated tests ✓SSH-based (SFTP, SCP, Rsync) ✓Post-deploy tasks ✓Atomic version switch ✓Rollback Automated & safe deployments

Slide 41

Slide 41 text

TEN

Slide 42

Slide 42 text

What kind of …

Slide 43

Slide 43 text

No content

Slide 44

Slide 44 text

✓Shared ✓Dedicated ✓Managed Cloud ✓Colocation ✓SaaS ✓PaaS ✓IaaS What kind of hosting?

Slide 45

Slide 45 text

No content