SlideShare a Scribd company logo

Enterprise Node - Securing Your Environment

•Download as PPTX, PDF•
•
Kurtis Kemple
Kurtis Kemple

This document discusses securing an enterprise Node.js environment. It recommends using Node LTS versions for stability, containerizing applications for isolation, and securing dependencies by whitelisting modules. It also covers authenticating users with JWT, authorizing access with scopes and roles, validating input data, encrypting sensitive data, and ensuring HTTPS is used everywhere. Securing the runtime is important to protect the company from threats, improve confidence, and meet regulations.

Technology
1 of 32
ENTERPRISE NODE SECURING YOUR ENVIRONMENT
ABOUT ME Tech Lead @ MLS Medium: @kurtiskemple Twitter: @kurtiskemple GitHub: @kkemple
REPO FOR THIS WEBINAR KKEMPLE/AWESOME-ENTERPRISE-WEB-SERVICE
WHY IS SECURING YOUR ENVIRONMENT IMPORTANT?
BENEFITS • Protects your company from potential threats • Improves confidence in code and systems • Helps you meet legal/organizational regulations
SECURING YOUR RUNTIME
NODE LTS VERSIONS • Official Node.js long term support versions • Offers a solid foundation to build apps on (No breaking changes) • Provides a maintenance window where critical bug fixes and security fixes are only permitted commits
N | SOLID - ENTERPRISE RUNTIME • Enables deep performance insights (one click flame graphs) • CLI enabled for easy CI/CD integration and automatic control • Advanced console for analyzing your entire Node.js infrastructure • Alerting through threshold monitoring
N | SOLID OVERVIEW
N | SOLID PERFORMANCE FLAME GRAPH
CONTAINERIZATION • Boxes up your application and all it’s dependencies • Provides layer of abstraction from server • Provides isolation from other applications • Images can be checked for vulnerabilities
QUAY.IO
COREOS/CLAIR
AQUA PEEKR
SECURING YOUR DEPENDENCIES
WHITELISTING / BLACKLISTING MODULES • Blacklisting: Allow use of any public module except the ones on the list • Whitelisting: Allow use of only the public modules on the list • Great for meeting audit and legal obligations • Requires a private registry (NPM Enterprise, Sinopia, etc)
NODE SECURITY PROJECT • Keeps a database of all known node module vulnerabilities • Offers a CLI tool for easy CI/CD integration • Maintained by the community and the best Node security experts in the industry (Adam Baldwin)
NPM SHRINKWRAP & SHRINKPACK • Prevent dependency regression (unwanted dependency updates) • Localize tarballs, no need to call to NPM each time you need the module, this greatly speeds up builds as well
SHRINKPACK
SECURING YOUR APPLICATIONS
AUTHENTICATION • Authentication: verify identity of user/client • Should support JWT header and Basic Auth • JWT: JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties
JWT.IO
AUTH.IO/BLOG
AUTHORIZATION • Authorization: verify permission of action by user/client • Uses “Scopes” to define permissions • “Roles” define a group of “Scopes” • “Scopes” are set on endpoints for fine-grained control
DATA VALIDATION • Prevents dirty data from entering your system • Allows you to define schemas that your documentation engines can read • Provides in code documentation on valid endpoint parameters
SWAGGER DOCS FROM JOI SCHEMAS
HTTPS ALL THE THINGS • Encrypts data sent over the internet • Prevents packet sniffing and man in the middle attacks • Generally terminated at CDN layer (AWS Cloudfront, Cloudflare, Fastly, etc) • HTTPS internally provides better security but adds latency to requests
ENCRYPTING DATA • You should ALWAYS encrypt sensitive information (passwords, SSNs, credit card numbers, etc) • Do some research on encryption best practices • Make sure your encryption keys are secret
Q&A
• Enterprise Node.js - Code Quality https://www.crowdcast.io/e/enterprise-node-1 • Enterprise Node.js - Code Discovery https://www.crowdcast.io/e/enterprise-node-2 • Enterprise Node.js - Securing Your Environment https://www.crowdcast.io/e/enterprise-node-3 • Enterprise Node.js - Deploying with Docker https://www.crowdcast.io/e/enterprise-node-4 31 ENTERPRISE NODE.JS
JavaScript is replacing Java, Ruby, and .NET as the technology of choice for companies that want to build enterprise software faster, and with fewer resources. Learn about enterprise JavaScript applications at every level of the stack. As well as how to secure, integrate, test, store, monitor, and deploy them. O’REILLY SOFTWARE ARCHITECTURE CONFERENCE Architecting For Enterprise in Node.js

Recommended

Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtubeDhruv Sharma
 
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security🏆Ruben Cocheno💭
 
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)Scott Lowe
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets managementKevin Gilpin
 
Security at the Speed of the Network
Security at the Speed of the NetworkSecurity at the Speed of the Network
Security at the Speed of the NetworkHantzley Tauckoor
 
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
 
Securing .Net Hosted Services
Securing .Net Hosted ServicesSecuring .Net Hosted Services
Securing .Net Hosted ServicesBrett Nemec
 
The user s identities
The user s identitiesThe user s identities
The user s identitiesGiuliano Latini
 

Recommended

Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtubeDhruv Sharma
 
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security🏆Ruben Cocheno💭
 
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)Scott Lowe
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets managementKevin Gilpin
 
Security at the Speed of the Network
Security at the Speed of the NetworkSecurity at the Speed of the Network
Security at the Speed of the NetworkHantzley Tauckoor
 
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
 
Securing .Net Hosted Services
Securing .Net Hosted ServicesSecuring .Net Hosted Services
Securing .Net Hosted ServicesBrett Nemec
 
The user s identities
The user s identitiesThe user s identities
The user s identitiesGiuliano Latini
 
Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super Meeting
Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super MeetingPaul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super Meeting
Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super MeetingPaul Woodward Jr
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measuresMaarten Smeets
 
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...NebulaInc
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
 
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)Scott Lowe
 
Password Express - Data Sheet
Password Express - Data SheetPassword Express - Data Sheet
Password Express - Data SheetILANTUS Technologies
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 
VMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQVMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQRichard Common
 
The TLS Upgrade
The TLS UpgradeThe TLS Upgrade
The TLS UpgradeAppViewX
 
Server update management optimization
Server update management optimizationServer update management optimization
Server update management optimizationAllen Brokken
 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Projectwsolomoniv
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham
 
Redundancy and Failover with Always-on-VPN and KEMP GSLB
Redundancy and Failover with Always-on-VPN and KEMP GSLBRedundancy and Failover with Always-on-VPN and KEMP GSLB
Redundancy and Failover with Always-on-VPN and KEMP GSLBKemp
 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Softwaredefconmoscow
 
Lession 3
Lession 3Lession 3
Lession 3Vietfreelancer Expert
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...Ixia
 
VMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSXScott Lowe
 
BezpeÄŤnostnĂ­ architektura F5
BezpeÄŤnostnĂ­ architektura F5BezpeÄŤnostnĂ­ architektura F5
BezpeÄŤnostnĂ­ architektura F5MarketingArrowECS_CZ
 
A Quick Guide to Windows Server 2016
A Quick Guide to Windows Server 2016A Quick Guide to Windows Server 2016
A Quick Guide to Windows Server 2016QuickStart
 
Gl test without answers
Gl test without answersGl test without answers
Gl test without answerspandeyamit631
 
K8 Sector 129 noida 9555526604
K8 Sector 129 noida 9555526604K8 Sector 129 noida 9555526604
K8 Sector 129 noida 9555526604k8noida
 

More Related Content

What's hot

Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super Meeting
Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super MeetingPaul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super Meeting
Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super MeetingPaul Woodward Jr
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measuresMaarten Smeets
 
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...NebulaInc
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
 
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)Scott Lowe
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 
VMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQVMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQRichard Common
 
The TLS Upgrade
The TLS UpgradeThe TLS Upgrade
The TLS UpgradeAppViewX
 
Server update management optimization
Server update management optimizationServer update management optimization
Server update management optimizationAllen Brokken
 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Projectwsolomoniv
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham
 
Redundancy and Failover with Always-on-VPN and KEMP GSLB
Redundancy and Failover with Always-on-VPN and KEMP GSLBRedundancy and Failover with Always-on-VPN and KEMP GSLB
Redundancy and Failover with Always-on-VPN and KEMP GSLBKemp
 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Softwaredefconmoscow
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...Ixia
 
VMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSXScott Lowe
 
BezpeÄŤnostnĂ­ architektura F5
BezpeÄŤnostnĂ­ architektura F5BezpeÄŤnostnĂ­ architektura F5
BezpeÄŤnostnĂ­ architektura F5MarketingArrowECS_CZ
 
A Quick Guide to Windows Server 2016
A Quick Guide to Windows Server 2016A Quick Guide to Windows Server 2016
A Quick Guide to Windows Server 2016QuickStart
 

What's hot (20)

Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super Meeting
Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super MeetingPaul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super Meeting
Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super Meeting
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measures
 
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSX
 
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
 
Password Express - Data Sheet
Password Express - Data SheetPassword Express - Data Sheet
Password Express - Data Sheet
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSX
 
VMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQVMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQ
 
The TLS Upgrade
The TLS UpgradeThe TLS Upgrade
The TLS Upgrade
 
Server update management optimization
Server update management optimizationServer update management optimization
Server update management optimization
 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Project
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
 
Redundancy and Failover with Always-on-VPN and KEMP GSLB
Redundancy and Failover with Always-on-VPN and KEMP GSLBRedundancy and Failover with Always-on-VPN and KEMP GSLB
Redundancy and Failover with Always-on-VPN and KEMP GSLB
 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Software
 
Lession 3
Lession 3Lession 3
Lession 3
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
 
VMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats New
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSX
 
BezpeÄŤnostnĂ­ architektura F5
BezpeÄŤnostnĂ­ architektura F5BezpeÄŤnostnĂ­ architektura F5
BezpeÄŤnostnĂ­ architektura F5
 
A Quick Guide to Windows Server 2016
A Quick Guide to Windows Server 2016A Quick Guide to Windows Server 2016
A Quick Guide to Windows Server 2016
 

Viewers also liked

Gl test without answers
Gl test without answersGl test without answers
Gl test without answerspandeyamit631
 
K8 Sector 129 noida 9555526604
K8 Sector 129 noida 9555526604K8 Sector 129 noida 9555526604
K8 Sector 129 noida 9555526604k8noida
 
K8 Developers Noida
K8 Developers NoidaK8 Developers Noida
K8 Developers Noidak8noida
 
K8 Noida
K8 NoidaK8 Noida
K8 Noidak8noida
 
K8 Sector 129, Noida
K8 Sector 129, NoidaK8 Sector 129, Noida
K8 Sector 129, Noidak8noida
 
Healthcare and Diamonds Brighten Prabodh Mehta
Healthcare and Diamonds Brighten Prabodh MehtaHealthcare and Diamonds Brighten Prabodh Mehta
Healthcare and Diamonds Brighten Prabodh MehtaPrabodh Mehta
 
Diamonds of prabodh mehta allure the globe!
Diamonds of prabodh mehta allure the globe!Diamonds of prabodh mehta allure the globe!
Diamonds of prabodh mehta allure the globe!Prabodh Mehta
 
K8 & Lord Krishna Commercial Project
K8 & Lord Krishna Commercial ProjectK8 & Lord Krishna Commercial Project
K8 & Lord Krishna Commercial Projectk8noida
 
K8 Sector 129 Noida - 9555526605-04-03
K8 Sector 129 Noida - 9555526605-04-03K8 Sector 129 Noida - 9555526605-04-03
K8 Sector 129 Noida - 9555526605-04-03k8noida
 

Viewers also liked (10)

Gl test without answers
Gl test without answersGl test without answers
Gl test without answers
 
K8 Sector 129 noida 9555526604
K8 Sector 129 noida 9555526604K8 Sector 129 noida 9555526604
K8 Sector 129 noida 9555526604
 
K8 Developers Noida
K8 Developers NoidaK8 Developers Noida
K8 Developers Noida
 
K8 Noida
K8 NoidaK8 Noida
K8 Noida
 
K8 Sector 129, Noida
K8 Sector 129, NoidaK8 Sector 129, Noida
K8 Sector 129, Noida
 
Healthcare and Diamonds Brighten Prabodh Mehta
Healthcare and Diamonds Brighten Prabodh MehtaHealthcare and Diamonds Brighten Prabodh Mehta
Healthcare and Diamonds Brighten Prabodh Mehta
 
Diamonds of prabodh mehta allure the globe!
Diamonds of prabodh mehta allure the globe!Diamonds of prabodh mehta allure the globe!
Diamonds of prabodh mehta allure the globe!
 
K8 & Lord Krishna Commercial Project
K8 & Lord Krishna Commercial ProjectK8 & Lord Krishna Commercial Project
K8 & Lord Krishna Commercial Project
 
Ii
IiIi
Ii
 
K8 Sector 129 Noida - 9555526605-04-03
K8 Sector 129 Noida - 9555526605-04-03K8 Sector 129 Noida - 9555526605-04-03
K8 Sector 129 Noida - 9555526605-04-03
 

Similar to Enterprise Node - Securing Your Environment

15-factor-apps.pdf
15-factor-apps.pdf15-factor-apps.pdf
15-factor-apps.pdfNilesh Gule
 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectIntroduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectMichael J Geiser
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyAmazon Web Services
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 
Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning Cisco Russia
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Ajin Abraham
 
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?Tobias Koprowski
 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsJay Bryant
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHansFarroCastillo1
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL PracticesBrian A. McHenry
 
Scoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedScoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedWes Moskal-Fitzpatrick
 
IBM Think Session 8598 Domino and JavaScript Development MasterClass
IBM Think Session 8598 Domino and JavaScript Development MasterClassIBM Think Session 8598 Domino and JavaScript Development MasterClass
IBM Think Session 8598 Domino and JavaScript Development MasterClassPaul Withers
 
APT iTest and Velocity 7.3 Use Cases.pptx
APT iTest and Velocity 7.3 Use Cases.pptxAPT iTest and Velocity 7.3 Use Cases.pptx
APT iTest and Velocity 7.3 Use Cases.pptxRajeshParmar99
 
F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017Guy Brown
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Andrejs Prokopjevs
 
Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Miguel Zuniga
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 

Similar to Enterprise Node - Securing Your Environment (20)

15-factor-apps.pdf
15-factor-apps.pdf15-factor-apps.pdf
15-factor-apps.pdf
 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectIntroduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS Project
 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your Company
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best Pratices
 
Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
 
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge Clouds
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptx
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 
Scoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedScoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys Limited
 
IBM Think Session 8598 Domino and JavaScript Development MasterClass
IBM Think Session 8598 Domino and JavaScript Development MasterClassIBM Think Session 8598 Domino and JavaScript Development MasterClass
IBM Think Session 8598 Domino and JavaScript Development MasterClass
 
Windows azure overview for SharePoint Pros
Windows azure overview for SharePoint Pros Windows azure overview for SharePoint Pros
Windows azure overview for SharePoint Pros
 
APT iTest and Velocity 7.3 Use Cases.pptx
APT iTest and Velocity 7.3 Use Cases.pptxAPT iTest and Velocity 7.3 Use Cases.pptx
APT iTest and Velocity 7.3 Use Cases.pptx
 
F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
 
Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 

Recently uploaded

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraĂşjo
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Recently uploaded (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

Enterprise Node - Securing Your Environment

  • 2. ABOUT ME Tech Lead @ MLS Medium: @kurtiskemple Twitter: @kurtiskemple GitHub: @kkemple
  • 3. REPO FOR THIS WEBINAR KKEMPLE/AWESOME-ENTERPRISE-WEB-SERVICE
  • 4. WHY IS SECURING YOUR ENVIRONMENT IMPORTANT?
  • 5. BENEFITS • Protects your company from potential threats • Improves confidence in code and systems • Helps you meet legal/organizational regulations
  • 7. NODE LTS VERSIONS • Official Node.js long term support versions • Offers a solid foundation to build apps on (No breaking changes) • Provides a maintenance window where critical bug fixes and security fixes are only permitted commits
  • 8.
  • 9. N | SOLID - ENTERPRISE RUNTIME • Enables deep performance insights (one click flame graphs) • CLI enabled for easy CI/CD integration and automatic control • Advanced console for analyzing your entire Node.js infrastructure • Alerting through threshold monitoring
  • 10. N | SOLID OVERVIEW
  • 11. N | SOLID PERFORMANCE FLAME GRAPH
  • 12. CONTAINERIZATION • Boxes up your application and all it’s dependencies • Provides layer of abstraction from server • Provides isolation from other applications • Images can be checked for vulnerabilities
  • 17. WHITELISTING / BLACKLISTING MODULES • Blacklisting: Allow use of any public module except the ones on the list • Whitelisting: Allow use of only the public modules on the list • Great for meeting audit and legal obligations • Requires a private registry (NPM Enterprise, Sinopia, etc)
  • 18. NODE SECURITY PROJECT • Keeps a database of all known node module vulnerabilities • Offers a CLI tool for easy CI/CD integration • Maintained by the community and the best Node security experts in the industry (Adam Baldwin)
  • 19. NPM SHRINKWRAP & SHRINKPACK • Prevent dependency regression (unwanted dependency updates) • Localize tarballs, no need to call to NPM each time you need the module, this greatly speeds up builds as well
  • 22. AUTHENTICATION • Authentication: verify identity of user/client • Should support JWT header and Basic Auth • JWT: JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties
  • 25. AUTHORIZATION • Authorization: verify permission of action by user/client • Uses “Scopes” to define permissions • “Roles” define a group of “Scopes” • “Scopes” are set on endpoints for fine-grained control
  • 26. DATA VALIDATION • Prevents dirty data from entering your system • Allows you to define schemas that your documentation engines can read • Provides in code documentation on valid endpoint parameters
  • 27. SWAGGER DOCS FROM JOI SCHEMAS
  • 28. HTTPS ALL THE THINGS • Encrypts data sent over the internet • Prevents packet sniffing and man in the middle attacks • Generally terminated at CDN layer (AWS Cloudfront, Cloudflare, Fastly, etc) • HTTPS internally provides better security but adds latency to requests
  • 29. ENCRYPTING DATA • You should ALWAYS encrypt sensitive information (passwords, SSNs, credit card numbers, etc) • Do some research on encryption best practices • Make sure your encryption keys are secret
  • 30. Q&A
  • 31. • Enterprise Node.js - Code Quality https://www.crowdcast.io/e/enterprise-node-1 • Enterprise Node.js - Code Discovery https://www.crowdcast.io/e/enterprise-node-2 • Enterprise Node.js - Securing Your Environment https://www.crowdcast.io/e/enterprise-node-3 • Enterprise Node.js - Deploying with Docker https://www.crowdcast.io/e/enterprise-node-4 31 ENTERPRISE NODE.JS
  • 32. JavaScript is replacing Java, Ruby, and .NET as the technology of choice for companies that want to build enterprise software faster, and with fewer resources. Learn about enterprise JavaScript applications at every level of the stack. As well as how to secure, integrate, test, store, monitor, and deploy them. O’REILLY SOFTWARE ARCHITECTURE CONFERENCE Architecting For Enterprise in Node.js