SlideShare a Scribd company logo

Enterprise Node - Securing Your Environment

ā€¢Download as PPTX, PDFā€¢
ā€¢
Kurtis Kemple
Kurtis Kemple

This document discusses securing an enterprise Node.js environment. It recommends using Node LTS versions for stability, containerizing applications for isolation, and securing dependencies by whitelisting modules. It also covers authenticating users with JWT, authorizing access with scopes and roles, validating input data, encrypting sensitive data, and ensuring HTTPS is used everywhere. Securing the runtime is important to protect the company from threats, improve confidence, and meet regulations.

Technology
1 of 32
ENTERPRISE NODE SECURING YOUR ENVIRONMENT
ABOUT ME Tech Lead @ MLS Medium: @kurtiskemple Twitter: @kurtiskemple GitHub: @kkemple
REPO FOR THIS WEBINAR KKEMPLE/AWESOME-ENTERPRISE-WEB-SERVICE
WHY IS SECURING YOUR ENVIRONMENT IMPORTANT?
BENEFITS ā€¢ Protects your company from potential threats ā€¢ Improves confidence in code and systems ā€¢ Helps you meet legal/organizational regulations
SECURING YOUR RUNTIME
NODE LTS VERSIONS ā€¢ Official Node.js long term support versions ā€¢ Offers a solid foundation to build apps on (No breaking changes) ā€¢ Provides a maintenance window where critical bug fixes and security fixes are only permitted commits
N | SOLID - ENTERPRISE RUNTIME ā€¢ Enables deep performance insights (one click flame graphs) ā€¢ CLI enabled for easy CI/CD integration and automatic control ā€¢ Advanced console for analyzing your entire Node.js infrastructure ā€¢ Alerting through threshold monitoring
N | SOLID OVERVIEW
N | SOLID PERFORMANCE FLAME GRAPH
CONTAINERIZATION ā€¢ Boxes up your application and all itā€™s dependencies ā€¢ Provides layer of abstraction from server ā€¢ Provides isolation from other applications ā€¢ Images can be checked for vulnerabilities
QUAY.IO
COREOS/CLAIR
AQUA PEEKR
SECURING YOUR DEPENDENCIES
WHITELISTING / BLACKLISTING MODULES ā€¢ Blacklisting: Allow use of any public module except the ones on the list ā€¢ Whitelisting: Allow use of only the public modules on the list ā€¢ Great for meeting audit and legal obligations ā€¢ Requires a private registry (NPM Enterprise, Sinopia, etc)
NODE SECURITY PROJECT ā€¢ Keeps a database of all known node module vulnerabilities ā€¢ Offers a CLI tool for easy CI/CD integration ā€¢ Maintained by the community and the best Node security experts in the industry (Adam Baldwin)
NPM SHRINKWRAP & SHRINKPACK ā€¢ Prevent dependency regression (unwanted dependency updates) ā€¢ Localize tarballs, no need to call to NPM each time you need the module, this greatly speeds up builds as well
SHRINKPACK
SECURING YOUR APPLICATIONS
AUTHENTICATION ā€¢ Authentication: verify identity of user/client ā€¢ Should support JWT header and Basic Auth ā€¢ JWT: JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties
JWT.IO
AUTH.IO/BLOG
AUTHORIZATION ā€¢ Authorization: verify permission of action by user/client ā€¢ Uses ā€œScopesā€ to define permissions ā€¢ ā€œRolesā€ define a group of ā€œScopesā€ ā€¢ ā€œScopesā€ are set on endpoints for fine-grained control
DATA VALIDATION ā€¢ Prevents dirty data from entering your system ā€¢ Allows you to define schemas that your documentation engines can read ā€¢ Provides in code documentation on valid endpoint parameters
SWAGGER DOCS FROM JOI SCHEMAS
HTTPS ALL THE THINGS ā€¢ Encrypts data sent over the internet ā€¢ Prevents packet sniffing and man in the middle attacks ā€¢ Generally terminated at CDN layer (AWS Cloudfront, Cloudflare, Fastly, etc) ā€¢ HTTPS internally provides better security but adds latency to requests
ENCRYPTING DATA ā€¢ You should ALWAYS encrypt sensitive information (passwords, SSNs, credit card numbers, etc) ā€¢ Do some research on encryption best practices ā€¢ Make sure your encryption keys are secret
Q&A
ā€¢ Enterprise Node.js - Code Quality https://www.crowdcast.io/e/enterprise-node-1 ā€¢ Enterprise Node.js - Code Discovery https://www.crowdcast.io/e/enterprise-node-2 ā€¢ Enterprise Node.js - Securing Your Environment https://www.crowdcast.io/e/enterprise-node-3 ā€¢ Enterprise Node.js - Deploying with Docker https://www.crowdcast.io/e/enterprise-node-4 31 ENTERPRISE NODE.JS
JavaScript is replacing Java, Ruby, and .NET as the technology of choice for companies that want to build enterprise software faster, and with fewer resources. Learn about enterprise JavaScript applications at every level of the stack. As well as how to secure, integrate, test, store, monitor, and deploy them. Oā€™REILLY SOFTWARE ARCHITECTURE CONFERENCE Architecting For Enterprise in Node.js

Recommended

Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtubeDhruv Sharma
Ā 
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityšŸ†Ruben CochenošŸ’­
Ā 
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)Scott Lowe
Ā 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets managementKevin Gilpin
Ā 
Security at the Speed of the Network
Security at the Speed of the NetworkSecurity at the Speed of the Network
Security at the Speed of the NetworkHantzley Tauckoor
Ā 
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
Ā 
Securing .Net Hosted Services
Securing .Net Hosted ServicesSecuring .Net Hosted Services
Securing .Net Hosted ServicesBrett Nemec
Ā 
The user s identities
The user s identitiesThe user s identities
The user s identitiesGiuliano Latini
Ā 

Recommended

Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtubeDhruv Sharma
Ā 
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityšŸ†Ruben CochenošŸ’­
Ā 
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)Scott Lowe
Ā 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets managementKevin Gilpin
Ā 
Security at the Speed of the Network
Security at the Speed of the NetworkSecurity at the Speed of the Network
Security at the Speed of the NetworkHantzley Tauckoor
Ā 
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
Ā 
Securing .Net Hosted Services
Securing .Net Hosted ServicesSecuring .Net Hosted Services
Securing .Net Hosted ServicesBrett Nemec
Ā 
The user s identities
The user s identitiesThe user s identities
The user s identitiesGiuliano Latini
Ā 
Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super Meeting
Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super MeetingPaul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super Meeting
Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super MeetingPaul Woodward Jr
Ā 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measuresMaarten Smeets
Ā 
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...NebulaInc
Ā 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
Ā 
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)Scott Lowe
Ā 
Password Express - Data Sheet
Password Express - Data SheetPassword Express - Data Sheet
Password Express - Data SheetILANTUS Technologies
Ā 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
Ā 
VMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQVMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQRichard Common
Ā 
The TLS Upgrade
The TLS UpgradeThe TLS Upgrade
The TLS UpgradeAppViewX
Ā 
Server update management optimization
Server update management optimizationServer update management optimization
Server update management optimizationAllen Brokken
Ā 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Projectwsolomoniv
Ā 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham
Ā 
Redundancy and Failover with Always-on-VPN and KEMP GSLB
Redundancy and Failover with Always-on-VPN and KEMP GSLBRedundancy and Failover with Always-on-VPN and KEMP GSLB
Redundancy and Failover with Always-on-VPN and KEMP GSLBKemp
Ā 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Softwaredefconmoscow
Ā 
Lession 3
Lession 3Lession 3
Lession 3Vietfreelancer Expert
Ā 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...Ixia
Ā 
VMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware
Ā 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSXScott Lowe
Ā 
Bezpečnostnƭ architektura F5
Bezpečnostnƭ architektura F5Bezpečnostnƭ architektura F5
Bezpečnostnƭ architektura F5MarketingArrowECS_CZ
Ā 
A Quick Guide to Windows Server 2016
A Quick Guide to Windows Server 2016A Quick Guide to Windows Server 2016
A Quick Guide to Windows Server 2016QuickStart
Ā 
Gl test without answers
Gl test without answersGl test without answers
Gl test without answerspandeyamit631
Ā 
K8 Sector 129 noida 9555526604
K8 Sector 129 noida 9555526604K8 Sector 129 noida 9555526604
K8 Sector 129 noida 9555526604k8noida
Ā 

More Related Content

What's hot

Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super Meeting
Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super MeetingPaul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super Meeting
Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super MeetingPaul Woodward Jr
Ā 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measuresMaarten Smeets
Ā 
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...NebulaInc
Ā 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
Ā 
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)Scott Lowe
Ā 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
Ā 
VMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQVMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQRichard Common
Ā 
The TLS Upgrade
The TLS UpgradeThe TLS Upgrade
The TLS UpgradeAppViewX
Ā 
Server update management optimization
Server update management optimizationServer update management optimization
Server update management optimizationAllen Brokken
Ā 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Projectwsolomoniv
Ā 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham
Ā 
Redundancy and Failover with Always-on-VPN and KEMP GSLB
Redundancy and Failover with Always-on-VPN and KEMP GSLBRedundancy and Failover with Always-on-VPN and KEMP GSLB
Redundancy and Failover with Always-on-VPN and KEMP GSLBKemp
Ā 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Softwaredefconmoscow
Ā 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...Ixia
Ā 
VMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware
Ā 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSXScott Lowe
Ā 
Bezpečnostnƭ architektura F5
Bezpečnostnƭ architektura F5Bezpečnostnƭ architektura F5
Bezpečnostnƭ architektura F5MarketingArrowECS_CZ
Ā 
A Quick Guide to Windows Server 2016
A Quick Guide to Windows Server 2016A Quick Guide to Windows Server 2016
A Quick Guide to Windows Server 2016QuickStart
Ā 

What's hot (20)

Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super Meeting
Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super MeetingPaul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super Meeting
Paul Woodward VMworld 2018 presentation v2 - Minneapolis VMUG Super Meeting
Ā 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measures
Ā 
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Ā 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSX
Ā 
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
Ā 
Password Express - Data Sheet
Password Express - Data SheetPassword Express - Data Sheet
Password Express - Data Sheet
Ā 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSX
Ā 
VMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQVMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQ
Ā 
The TLS Upgrade
The TLS UpgradeThe TLS Upgrade
The TLS Upgrade
Ā 
Server update management optimization
Server update management optimizationServer update management optimization
Server update management optimization
Ā 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Project
Ā 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Ā 
Redundancy and Failover with Always-on-VPN and KEMP GSLB
Redundancy and Failover with Always-on-VPN and KEMP GSLBRedundancy and Failover with Always-on-VPN and KEMP GSLB
Redundancy and Failover with Always-on-VPN and KEMP GSLB
Ā 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Software
Ā 
Lession 3
Lession 3Lession 3
Lession 3
Ā 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
Ā 
VMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats New
Ā 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSX
Ā 
Bezpečnostnƭ architektura F5
Bezpečnostnƭ architektura F5Bezpečnostnƭ architektura F5
Bezpečnostnƭ architektura F5
Ā 
A Quick Guide to Windows Server 2016
A Quick Guide to Windows Server 2016A Quick Guide to Windows Server 2016
A Quick Guide to Windows Server 2016
Ā 

Viewers also liked

Gl test without answers
Gl test without answersGl test without answers
Gl test without answerspandeyamit631
Ā 
K8 Sector 129 noida 9555526604
K8 Sector 129 noida 9555526604K8 Sector 129 noida 9555526604
K8 Sector 129 noida 9555526604k8noida
Ā 
K8 Developers Noida
K8 Developers NoidaK8 Developers Noida
K8 Developers Noidak8noida
Ā 
K8 Noida
K8 NoidaK8 Noida
K8 Noidak8noida
Ā 
K8 Sector 129, Noida
K8 Sector 129, NoidaK8 Sector 129, Noida
K8 Sector 129, Noidak8noida
Ā 
Healthcare and Diamonds Brighten Prabodh Mehta
Healthcare and Diamonds Brighten Prabodh MehtaHealthcare and Diamonds Brighten Prabodh Mehta
Healthcare and Diamonds Brighten Prabodh MehtaPrabodh Mehta
Ā 
Diamonds of prabodh mehta allure the globe!
Diamonds of prabodh mehta allure the globe!Diamonds of prabodh mehta allure the globe!
Diamonds of prabodh mehta allure the globe!Prabodh Mehta
Ā 
K8 & Lord Krishna Commercial Project
K8 & Lord Krishna Commercial ProjectK8 & Lord Krishna Commercial Project
K8 & Lord Krishna Commercial Projectk8noida
Ā 
K8 Sector 129 Noida - 9555526605-04-03
K8 Sector 129 Noida - 9555526605-04-03K8 Sector 129 Noida - 9555526605-04-03
K8 Sector 129 Noida - 9555526605-04-03k8noida
Ā 

Viewers also liked (10)

Gl test without answers
Gl test without answersGl test without answers
Gl test without answers
Ā 
K8 Sector 129 noida 9555526604
K8 Sector 129 noida 9555526604K8 Sector 129 noida 9555526604
K8 Sector 129 noida 9555526604
Ā 
K8 Developers Noida
K8 Developers NoidaK8 Developers Noida
K8 Developers Noida
Ā 
K8 Noida
K8 NoidaK8 Noida
K8 Noida
Ā 
K8 Sector 129, Noida
K8 Sector 129, NoidaK8 Sector 129, Noida
K8 Sector 129, Noida
Ā 
Healthcare and Diamonds Brighten Prabodh Mehta
Healthcare and Diamonds Brighten Prabodh MehtaHealthcare and Diamonds Brighten Prabodh Mehta
Healthcare and Diamonds Brighten Prabodh Mehta
Ā 
Diamonds of prabodh mehta allure the globe!
Diamonds of prabodh mehta allure the globe!Diamonds of prabodh mehta allure the globe!
Diamonds of prabodh mehta allure the globe!
Ā 
K8 & Lord Krishna Commercial Project
K8 & Lord Krishna Commercial ProjectK8 & Lord Krishna Commercial Project
K8 & Lord Krishna Commercial Project
Ā 
Ii
IiIi
Ii
Ā 
K8 Sector 129 Noida - 9555526605-04-03
K8 Sector 129 Noida - 9555526605-04-03K8 Sector 129 Noida - 9555526605-04-03
K8 Sector 129 Noida - 9555526605-04-03
Ā 

Similar to Enterprise Node - Securing Your Environment

15-factor-apps.pdf
15-factor-apps.pdf15-factor-apps.pdf
15-factor-apps.pdfNilesh Gule
Ā 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectIntroduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectMichael J Geiser
Ā 
Operations: Security Crash Course ā€” Best Practices for Securing your Company
Operations: Security Crash Course ā€” Best Practices for Securing your CompanyOperations: Security Crash Course ā€” Best Practices for Securing your Company
Operations: Security Crash Course ā€” Best Practices for Securing your CompanyAmazon Web Services
Ā 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
Ā 
Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning Cisco Russia
Ā 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Ajin Abraham
Ā 
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?Tobias Koprowski
Ā 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsJay Bryant
Ā 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHansFarroCastillo1
Ā 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL PracticesBrian A. McHenry
Ā 
Scoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedScoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedWes Moskal-Fitzpatrick
Ā 
IBM Think Session 8598 Domino and JavaScript Development MasterClass
IBM Think Session 8598 Domino and JavaScript Development MasterClassIBM Think Session 8598 Domino and JavaScript Development MasterClass
IBM Think Session 8598 Domino and JavaScript Development MasterClassPaul Withers
Ā 
APT iTest and Velocity 7.3 Use Cases.pptx
APT iTest and Velocity 7.3 Use Cases.pptxAPT iTest and Velocity 7.3 Use Cases.pptx
APT iTest and Velocity 7.3 Use Cases.pptxRajeshParmar99
Ā 
F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017Guy Brown
Ā 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Andrejs Prokopjevs
Ā 
Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Miguel Zuniga
Ā 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
Ā 

Similar to Enterprise Node - Securing Your Environment (20)

15-factor-apps.pdf
15-factor-apps.pdf15-factor-apps.pdf
15-factor-apps.pdf
Ā 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectIntroduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Ā 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
Ā 
Operations: Security Crash Course ā€” Best Practices for Securing your Company
Operations: Security Crash Course ā€” Best Practices for Securing your CompanyOperations: Security Crash Course ā€” Best Practices for Securing your Company
Operations: Security Crash Course ā€” Best Practices for Securing your Company
Ā 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best Pratices
Ā 
Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning
Ā 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Ā 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
Ā 
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
Ā 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge Clouds
Ā 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptx
Ā 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
Ā 
Scoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedScoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Ā 
IBM Think Session 8598 Domino and JavaScript Development MasterClass
IBM Think Session 8598 Domino and JavaScript Development MasterClassIBM Think Session 8598 Domino and JavaScript Development MasterClass
IBM Think Session 8598 Domino and JavaScript Development MasterClass
Ā 
Windows azure overview for SharePoint Pros
Windows azure overview for SharePoint Pros Windows azure overview for SharePoint Pros
Windows azure overview for SharePoint Pros
Ā 
APT iTest and Velocity 7.3 Use Cases.pptx
APT iTest and Velocity 7.3 Use Cases.pptxAPT iTest and Velocity 7.3 Use Cases.pptx
APT iTest and Velocity 7.3 Use Cases.pptx
Ā 
F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017
Ā 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Ā 
Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014
Ā 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
Ā 

Recently uploaded

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
Ā 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
Ā 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
Ā 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
Ā 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
Ā 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
Ā 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
Ā 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
Ā 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
Ā 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
Ā 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
Ā 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
Ā 
Bun (KitWorks Team Study ė…øė³„ė§ˆė£Ø ė°œķ‘œ 2024.4.22)
Bun (KitWorks Team Study ė…øė³„ė§ˆė£Ø ė°œķ‘œ 2024.4.22)Bun (KitWorks Team Study ė…øė³„ė§ˆė£Ø ė°œķ‘œ 2024.4.22)
Bun (KitWorks Team Study ė…øė³„ė§ˆė£Ø ė°œķ‘œ 2024.4.22)Wonjun Hwang
Ā 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
Ā 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
Ā 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
Ā 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
Ā 
Nellā€™iperspazio con Rocket: il Framework Web di Rust!
Nellā€™iperspazio con Rocket: il Framework Web di Rust!Nellā€™iperspazio con Rocket: il Framework Web di Rust!
Nellā€™iperspazio con Rocket: il Framework Web di Rust!Commit University
Ā 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
Ā 

Recently uploaded (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
Ā 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Ā 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
Ā 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Ā 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Ā 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
Ā 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
Ā 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
Ā 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Ā 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Ā 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Ā 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Ā 
Bun (KitWorks Team Study ė…øė³„ė§ˆė£Ø ė°œķ‘œ 2024.4.22)
Bun (KitWorks Team Study ė…øė³„ė§ˆė£Ø ė°œķ‘œ 2024.4.22)Bun (KitWorks Team Study ė…øė³„ė§ˆė£Ø ė°œķ‘œ 2024.4.22)
Bun (KitWorks Team Study ė…øė³„ė§ˆė£Ø ė°œķ‘œ 2024.4.22)
Ā 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Ā 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Ā 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
Ā 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
Ā 
Nellā€™iperspazio con Rocket: il Framework Web di Rust!
Nellā€™iperspazio con Rocket: il Framework Web di Rust!Nellā€™iperspazio con Rocket: il Framework Web di Rust!
Nellā€™iperspazio con Rocket: il Framework Web di Rust!
Ā 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
Ā 
Hot Sexy call girls in Panjabi Bagh šŸ” 9953056974 šŸ” Delhi escort Service
Hot Sexy call girls in Panjabi Bagh šŸ” 9953056974 šŸ” Delhi escort ServiceHot Sexy call girls in Panjabi Bagh šŸ” 9953056974 šŸ” Delhi escort Service
Hot Sexy call girls in Panjabi Bagh šŸ” 9953056974 šŸ” Delhi escort Service
Ā 

Enterprise Node - Securing Your Environment

  • 2. ABOUT ME Tech Lead @ MLS Medium: @kurtiskemple Twitter: @kurtiskemple GitHub: @kkemple
  • 3. REPO FOR THIS WEBINAR KKEMPLE/AWESOME-ENTERPRISE-WEB-SERVICE
  • 4. WHY IS SECURING YOUR ENVIRONMENT IMPORTANT?
  • 5. BENEFITS ā€¢ Protects your company from potential threats ā€¢ Improves confidence in code and systems ā€¢ Helps you meet legal/organizational regulations
  • 7. NODE LTS VERSIONS ā€¢ Official Node.js long term support versions ā€¢ Offers a solid foundation to build apps on (No breaking changes) ā€¢ Provides a maintenance window where critical bug fixes and security fixes are only permitted commits
  • 8.
  • 9. N | SOLID - ENTERPRISE RUNTIME ā€¢ Enables deep performance insights (one click flame graphs) ā€¢ CLI enabled for easy CI/CD integration and automatic control ā€¢ Advanced console for analyzing your entire Node.js infrastructure ā€¢ Alerting through threshold monitoring
  • 10. N | SOLID OVERVIEW
  • 11. N | SOLID PERFORMANCE FLAME GRAPH
  • 12. CONTAINERIZATION ā€¢ Boxes up your application and all itā€™s dependencies ā€¢ Provides layer of abstraction from server ā€¢ Provides isolation from other applications ā€¢ Images can be checked for vulnerabilities
  • 17. WHITELISTING / BLACKLISTING MODULES ā€¢ Blacklisting: Allow use of any public module except the ones on the list ā€¢ Whitelisting: Allow use of only the public modules on the list ā€¢ Great for meeting audit and legal obligations ā€¢ Requires a private registry (NPM Enterprise, Sinopia, etc)
  • 18. NODE SECURITY PROJECT ā€¢ Keeps a database of all known node module vulnerabilities ā€¢ Offers a CLI tool for easy CI/CD integration ā€¢ Maintained by the community and the best Node security experts in the industry (Adam Baldwin)
  • 19. NPM SHRINKWRAP & SHRINKPACK ā€¢ Prevent dependency regression (unwanted dependency updates) ā€¢ Localize tarballs, no need to call to NPM each time you need the module, this greatly speeds up builds as well
  • 22. AUTHENTICATION ā€¢ Authentication: verify identity of user/client ā€¢ Should support JWT header and Basic Auth ā€¢ JWT: JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties
  • 25. AUTHORIZATION ā€¢ Authorization: verify permission of action by user/client ā€¢ Uses ā€œScopesā€ to define permissions ā€¢ ā€œRolesā€ define a group of ā€œScopesā€ ā€¢ ā€œScopesā€ are set on endpoints for fine-grained control
  • 26. DATA VALIDATION ā€¢ Prevents dirty data from entering your system ā€¢ Allows you to define schemas that your documentation engines can read ā€¢ Provides in code documentation on valid endpoint parameters
  • 27. SWAGGER DOCS FROM JOI SCHEMAS
  • 28. HTTPS ALL THE THINGS ā€¢ Encrypts data sent over the internet ā€¢ Prevents packet sniffing and man in the middle attacks ā€¢ Generally terminated at CDN layer (AWS Cloudfront, Cloudflare, Fastly, etc) ā€¢ HTTPS internally provides better security but adds latency to requests
  • 29. ENCRYPTING DATA ā€¢ You should ALWAYS encrypt sensitive information (passwords, SSNs, credit card numbers, etc) ā€¢ Do some research on encryption best practices ā€¢ Make sure your encryption keys are secret
  • 30. Q&A
  • 31. ā€¢ Enterprise Node.js - Code Quality https://www.crowdcast.io/e/enterprise-node-1 ā€¢ Enterprise Node.js - Code Discovery https://www.crowdcast.io/e/enterprise-node-2 ā€¢ Enterprise Node.js - Securing Your Environment https://www.crowdcast.io/e/enterprise-node-3 ā€¢ Enterprise Node.js - Deploying with Docker https://www.crowdcast.io/e/enterprise-node-4 31 ENTERPRISE NODE.JS
  • 32. JavaScript is replacing Java, Ruby, and .NET as the technology of choice for companies that want to build enterprise software faster, and with fewer resources. Learn about enterprise JavaScript applications at every level of the stack. As well as how to secure, integrate, test, store, monitor, and deploy them. Oā€™REILLY SOFTWARE ARCHITECTURE CONFERENCE Architecting For Enterprise in Node.js