Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
There Is No Silver Bullet
Search
Harley Watson
November 29, 2014
Programming
0
780
There Is No Silver Bullet
Harley Watson
November 29, 2014
Tweet
Share
More Decks by Harley Watson
See All by Harley Watson
paper tickets > smartcards, probably.
unlobito
0
7.2k
one, two step
unlobito
0
650
What's in your pocket? (BSides Manchester)
unlobito
0
830
sorry, we're cash only. (securi-tay)
unlobito
1
960
Sorry, we're cash only. (hacksoc)
unlobito
0
98
There Is No Silver Bullet (Español)
unlobito
0
130
Other Decks in Programming
See All in Programming
あなたのアプリ、ログはでてますか?あるいはログをだしてますか? (Funabashi.dev用 軽量版)
uzulla
2
130
LangChainでWebサイトの内容取得やGitHubソースコード取得
shukob
0
160
Amazon BedrockでサーバレスなAIお料理ボットを作成する!!
tosuri13
0
230
Pythonで改めて考える「クラス(class)」の使いどころ
os1ma
8
2.3k
私のEbitengineの第一歩
qt_luigi
0
450
Patched fetch did not work
quramy
4
420
Understand the mechanism! Let's do screenshots tests of Compose Previews with various variations / 仕組みから理解する!Composeプレビューを様々なバリエーションでスクリーンショットテストしよう
sumio
3
880
Hermes: Better Performance with Bytecode Translation (React Universe 2024)
tmikov2023
0
110
Beyond the RuboCop Defaults
koic
0
110
Jakarta EE meets AI
ivargrimstad
1
560
GoのIteratorに詳しくなってしまう
inatonix
1
210
[DroidKaigi 2024] Android ViewからJetpack Composeへ 〜Jetpack Compose移行のすゝめ〜 / From Android View to Jetpack Compose: A Guide to Migration
syarihu
1
690
Featured
See All Featured
The Straight Up "How To Draw Better" Workshop
denniskardys
230
130k
Design by the Numbers
sachag
277
19k
Intergalactic Javascript Robots from Outer Space
tanoku
268
27k
Build The Right Thing And Hit Your Dates
maggiecrowley
30
2.3k
Fontdeck: Realign not Redesign
paulrobertlloyd
80
5.1k
BBQ
matthewcrist
83
9.2k
Typedesign – Prime Four
hannesfritz
39
2.3k
Done Done
chrislema
180
16k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Adopting Sorbet at Scale
ufuk
73
8.9k
10 Git Anti Patterns You Should be Aware of
lemiorhan
653
58k
Music & Morning Musume
bryan
46
6k
Transcript
there is no silver bullet Henri Watson
Which vulnerabili.es commonly affect web applica.ons in the
Dominican Republic?
No HTTPS
Using HTTPS won’t cost you an arm and a
leg.
The current proposal for HTTP/2.0 requires TLS.
If you decide to use HTTPS, also use Strict-‐Transport-‐Security
and ssllabs.com/ssltest
SQL Injec.ons
GET /tracker?order=12345”; DROP TABLE orders;-‐-‐ SELECT * FROM
orders WHERE order = “12345”; DROP TABLE orders;-‐-‐” AND status = “pending” Request from the client to the server Request from the webserver to the database
None
None
None
Authen.ca.on Implementa.on Mistakes
None
None
Cross-‐Site Scrip.ng (XSS)
GET /hi?name=<script src=“hep://evil.example/ l33thax.js”></script> Hello, <script src=“hep://evil.example/ l33thax.js”></script>!
Request from the client to the server Reply from the server to the client
Content-‐Security-‐Policy
Exposure of Sensi.ve Data
None
Using Components With Known Vulnerabili.es
Mailing Lists • bugtraq hep://www.securityfocus.com/archive/1 • debian-‐security-‐announce
heps://lists.debian.org/debian-‐security-‐announce/ • fulldisclosure hep://nmap.org/mailman/lis.nfo/fulldisclosure
Mailing Lists •
[email protected]
heps://hepd.apache.org/lists.html#hep-‐announce • nginx-‐announce
hep://mailman.nginx.org/mailman/lis.nfo/nginx-‐ announce • php-‐announce hep://php.net/mailing-‐lists.php
None
Customer Service
None
Why is there no “silver bullet”?
Informa.on security is a constant investment.
Heartbleed
By placing your users’ informa.on at risk, you also
risk ruining your company’s reputa.on.
Thanks! @henriwatson
[email protected]
heps://henriwatson.com/talks/silverbullet