Security of realtime Systems; old attacks, new tools
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Security of realtime Systems; old attacks, new tools

on

  • 678 views

node.js, socket.io, express and other technologies are simply awesome for the real time web. They are enabling front end javascript developers to take their skills to the server. This does not come ...

node.js, socket.io, express and other technologies are simply awesome for the real time web. They are enabling front end javascript developers to take their skills to the server. This does not come without a price. Adam will discuss his experiences and thoughts on securing real time systems built on some of these technologies, the talk hopes to promote positive discussion not finger pointing of how we as a community can avoid the pitfalls of the past and make the realtime web a safer place.

Adam is the co-founder of nGenuity where he focuses on helping developers ship secure code.

Statistics

Views

Total Views
678
Views on SlideShare
631
Embed Views
47

Actions

Likes
0
Downloads
3
Comments
0

5 Embeds 47

http://krtconf.com 28
http://lanyrd.com 15
http://www.krtconf.com 2
http://a0.twimg.com 1
http://bitly.com 1

Accessibility

Upload Details

Uploaded via as Apple Keynote

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n

Security of realtime Systems; old attacks, new tools Presentation Transcript

  • 1. Old Problems, New ToolsKeeping It Realtime // 2011 // Adam Baldwin
  • 2. Hi. I’m AdamKeeping it Realtime // @adam_baldwin
  • 3. Keeping it Realtime // @adam_baldwin
  • 4. Introduction Co-Founder of nGenuity Penetration Tester evilpacket.netKeeping it Realtime // @adam_baldwin
  • 5. Keeping it Realtime // @adam_baldwin
  • 6. State of ThingsKeeping it Realtime // @adam_baldwin
  • 7. secure DefaultsKeeping it Realtime // @adam_baldwin
  • 8. A security lesson: instead ofaction and safe_action,your API should be actionand unsafe_action.Safe should be the default / via @jezdez Keeping it Realtime // @adam_baldwin
  • 9. Better Examples(docs that donʼt suck)Keeping it Realtime // @adam_baldwin
  • 10. Socket.ioKeeping it Realtime // @adam_baldwin
  • 11. Set Origins by DefaultLog WarningsBetter Examples Keeping it Realtime // @adam_baldwin
  • 12. Express, et alKeeping it Realtime // @adam_baldwin
  • 13. CSRF Protection by DefaultBetter Examples / Improved BoilerplateAnti-Evil Headers™ on by Default Keeping it Realtime // @adam_baldwin
  • 14. Magical headers are magical.X-FRAME-OPTIONSContent Security Policy (CSP) Keeping it Realtime // @adam_baldwin
  • 15. Jade, et alKeeping it Realtime // @adam_baldwin
  • 16. &<>‘“Keeping it Realtime // @adam_baldwin
  • 17. If you fell asleep;-Set socket.io origins-Properly authorize sockets-Use CSRF tokens-Contextual Output encoding-Do all this by default-Write better docs Keeping it Realtime // @adam_baldwin
  • 18. Keeping it Realtime // @adam_baldwin
  • 19. Questions?adam@ngenuity-is.com // @adam_baldwin