Upgrade to Pro — share decks privately, control downloads, hide ads and more …

There Is No Silver Bullet

Harley Watson
November 29, 2014
Programming
0
780

There Is No Silver Bullet

Harley Watson

November 29, 2014
Tweet

More Decks by Harley Watson

See All by Harley Watson
paper tickets > smartcards, probably.
unlobito
0
7.2k
one, two step
unlobito
0
650
What's in your pocket? (BSides Manchester)
unlobito
0
830
sorry, we're cash only. (securi-tay)
unlobito
1
960
Sorry, we're cash only. (hacksoc)
unlobito
0
98
There Is No Silver Bullet (Español)
unlobito
0
130

Other Decks in Programming

See All in Programming
あなたのアプリ、ログはでてますか?あるいはログをだしてますか? (Funabashi.dev用 軽量版)
uzulla
2
130
LangChainでWebサイトの内容取得やGitHubソースコード取得
shukob
0
160
Amazon BedrockでサーバレスなAIお料理ボットを作成する!!
tosuri13
0
230
Pythonで改めて考える「クラス(class)」の使いどころ
os1ma
8
2.3k
私のEbitengineの第一歩
qt_luigi
0
450
Patched fetch did not work
quramy
4
420
Understand the mechanism! Let's do screenshots tests of Compose Previews with various variations / 仕組みから理解する!Composeプレビューを様々なバリエーションでスクリーンショットテストしよう
sumio
3
880
Hermes: Better Performance with Bytecode Translation (React Universe 2024)
tmikov2023
0
110
Beyond the RuboCop Defaults
koic
0
110
Jakarta EE meets AI
ivargrimstad
1
560
GoのIteratorに詳しくなってしまう
inatonix
1
210
[DroidKaigi 2024] Android ViewからJetpack Composeへ 〜Jetpack Compose移行のすゝめ〜 / From Android View to Jetpack Compose: A Guide to Migration
syarihu
1
690

Featured

See All Featured
The Straight Up "How To Draw Better" Workshop
denniskardys
230
130k
Design by the Numbers
sachag
277
19k
Intergalactic Javascript Robots from Outer Space
tanoku
268
27k
Build The Right Thing And Hit Your Dates
maggiecrowley
30
2.3k
Fontdeck: Realign not Redesign
paulrobertlloyd
80
5.1k
BBQ
matthewcrist
83
9.2k
Typedesign – Prime Four
hannesfritz
39
2.3k
Done Done
chrislema
180
16k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Adopting Sorbet at Scale
ufuk
73
8.9k
10 Git Anti Patterns You Should be Aware of
lemiorhan
653
58k
Music & Morning Musume
bryan
46
6k

Transcript

  1. there is no silver bullet Henri Watson

  2. Which  vulnerabili.es  commonly   affect  web  applica.ons  in  the  

    Dominican  Republic?  

  3. No  HTTPS  

  4. Using  HTTPS  won’t  cost  you   an  arm  and  a

     leg.  

  5. The  current  proposal  for   HTTP/2.0  requires  TLS.  

  6. If  you  decide  to  use  HTTPS,   also  use  Strict-­‐Transport-­‐Security

      and  ssllabs.com/ssltest  

  7. SQL  Injec.ons  

  8. GET  /tracker?order=12345”;   DROP  TABLE  orders;-­‐-­‐   SELECT  *  FROM

     orders  WHERE  order  =  “12345”;   DROP  TABLE  orders;-­‐-­‐”  AND  status  =  “pending”   Request  from   the  client  to  the  server   Request  from  the   webserver  to  the  database  
  9. None
  10. None
  11. None

  12. Authen.ca.on  Implementa.on   Mistakes  

  13. None
  14. None

  15. Cross-­‐Site  Scrip.ng  (XSS)  

  16. GET  /hi?name=<script  src=“hep://evil.example/ l33thax.js”></script>   Hello,  <script  src=“hep://evil.example/ l33thax.js”></script>!  

    Request  from   the  client  to  the  server   Reply  from   the  server  to  the  client  

  17. Content-­‐Security-­‐Policy  

  18. Exposure  of  Sensi.ve  Data  

  19. None

  20. Using  Components  With   Known  Vulnerabili.es  

  21. Mailing  Lists   •  bugtraq   hep://www.securityfocus.com/archive/1   •  debian-­‐security-­‐announce

      heps://lists.debian.org/debian-­‐security-­‐announce/   •  fulldisclosure   hep://nmap.org/mailman/lis.nfo/fulldisclosure  

  22. Mailing  Lists   •  [email protected]   heps://hepd.apache.org/lists.html#hep-­‐announce   •  nginx-­‐announce

      hep://mailman.nginx.org/mailman/lis.nfo/nginx-­‐ announce   •  php-­‐announce   hep://php.net/mailing-­‐lists.php  
  23. None

  24. Customer  Service  

  25. None

  26. Why  is  there  no  “silver  bullet”?  

  27. Informa.on  security  is  a  constant   investment.  

  28. Heartbleed  

  29. By  placing  your  users’  informa.on  at   risk,  you  also

     risk  ruining  your   company’s  reputa.on.  

  30. Thanks!   @henriwatson   [email protected]     heps://henriwatson.com/talks/silverbullet