Submit Search
Upload
Tune your App Perf (and get fit for summer)
•
0 likes
•
1,617 views
Sqreen
Follow
Tune your App Perf (and get fit for summer) @SqreenIO https://www.sqreen.io
Read less
Read more
Software
Report
Share
Report
Share
1 of 26
Download Now
Download to read offline
Recommended
Ruby on Rails security in your Continuous Integration
Ruby on Rails security in your Continuous Integration
Sqreen
Instrument Rack to visualize Rails requests processing
Instrument Rack to visualize Rails requests processing
Sqreen
Application Security from the Inside - OWASP
Application Security from the Inside - OWASP
Sqreen
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?
Sqreen
Serverless Security: What's Left To Protect
Serverless Security: What's Left To Protect
Guy Podjarny
Policy as code what helm developers need to know about security
Policy as code what helm developers need to know about security
LibbySchulze
Securing Serverless - By Breaking In
Securing Serverless - By Breaking In
Guy Podjarny
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
Lacework
More Related Content
What's hot
Prepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/Green
Sonatype
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
Matt Raible
Signal r core workshop - netconf
Signal r core workshop - netconf
Miguel Angel Teheran Garcia
DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1
DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1
Felipe Prado
Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?
Teri Radichel
Application Security in a Container World - Akash Mahajan - BCC 2017
Application Security in a Container World - Akash Mahajan - BCC 2017
CodeOps Technologies LLP
Automating security test using Selenium and OWASP ZAP - Practical DevSecOps
Automating security test using Selenium and OWASP ZAP - Practical DevSecOps
Mohammed A. Imran
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
Lacework
Cloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minute
Israel AWS User Group
Third Party Performance (Velocity, 2014)
Third Party Performance (Velocity, 2014)
Guy Podjarny
Incapsula D3 - A Single Source of Truth for Security Issues - Pushing Siem L...
Incapsula D3 - A Single Source of Truth for Security Issues - Pushing Siem L...
Tirza DiOro
Mitigate Security Threats with SIEM
Mitigate Security Threats with SIEM
Akamai Developers & Admins
.NET Security (Radu Vunvulea)
.NET Security (Radu Vunvulea)
Radu Vunvulea
Better Bug Stomping with Zend Studio and Zend Server
Better Bug Stomping with Zend Studio and Zend Server
Zend by Rogue Wave Software
Lessons from running AppSync in prod
Lessons from running AppSync in prod
Yan Cui
10 things you can do at the edge
10 things you can do at the edge
Akamai Developers & Admins
Customer Story: Property Partner
Customer Story: Property Partner
Amazon Web Services
Syntribos API Security Test Automation
Syntribos API Security Test Automation
Matthew Valdes
Ignite Denver - Robots!
Ignite Denver - Robots!
360|Conferences
Empower every Azure Function to achieve more!!
Empower every Azure Function to achieve more!!
Massimo Bonanni
What's hot
(20)
Prepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/Green
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
Signal r core workshop - netconf
Signal r core workshop - netconf
DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1
DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1
Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?
Application Security in a Container World - Akash Mahajan - BCC 2017
Application Security in a Container World - Akash Mahajan - BCC 2017
Automating security test using Selenium and OWASP ZAP - Practical DevSecOps
Automating security test using Selenium and OWASP ZAP - Practical DevSecOps
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
Cloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minute
Third Party Performance (Velocity, 2014)
Third Party Performance (Velocity, 2014)
Incapsula D3 - A Single Source of Truth for Security Issues - Pushing Siem L...
Incapsula D3 - A Single Source of Truth for Security Issues - Pushing Siem L...
Mitigate Security Threats with SIEM
Mitigate Security Threats with SIEM
.NET Security (Radu Vunvulea)
.NET Security (Radu Vunvulea)
Better Bug Stomping with Zend Studio and Zend Server
Better Bug Stomping with Zend Studio and Zend Server
Lessons from running AppSync in prod
Lessons from running AppSync in prod
10 things you can do at the edge
10 things you can do at the edge
Customer Story: Property Partner
Customer Story: Property Partner
Syntribos API Security Test Automation
Syntribos API Security Test Automation
Ignite Denver - Robots!
Ignite Denver - Robots!
Empower every Azure Function to achieve more!!
Empower every Azure Function to achieve more!!
Viewers also liked
NoSQL Injections in Node.js - The case of MongoDB
NoSQL Injections in Node.js - The case of MongoDB
Sqreen
Bletchley
Bletchley
Diogo Mónica
From 0 to 0xdeadbeef - security mistakes that will haunt your startup
From 0 to 0xdeadbeef - security mistakes that will haunt your startup
Diogo Mónica
Leveraging Honest Users: Stealth Command-and-Control of Botnets
Leveraging Honest Users: Stealth Command-and-Control of Botnets
Diogo Mónica
PhD Thesis Diogo Mónica
PhD Thesis Diogo Mónica
Diogo Mónica
An IDS for browser hijacking
An IDS for browser hijacking
Diogo Mónica
WiFiHop - mitigating the Evil twin attack through multi-hop detection
WiFiHop - mitigating the Evil twin attack through multi-hop detection
Diogo Mónica
Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks
Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks
Diogo Mónica
MultiPath TCP - The path to multipath
MultiPath TCP - The path to multipath
Diogo Mónica
Secure Software Distribution in an Adversarial World
Secure Software Distribution in an Adversarial World
Diogo Mónica
ESORICS 2014: Local Password validation using Self-Organizing Maps
ESORICS 2014: Local Password validation using Self-Organizing Maps
Diogo Mónica
Web Summit 2015 - Enterprise stage - Cloud, Open-Source, Security
Web Summit 2015 - Enterprise stage - Cloud, Open-Source, Security
Diogo Mónica
MTLS in a Microservices World
MTLS in a Microservices World
Diogo Mónica
How to-use-buffer-by-ella
How to-use-buffer-by-ella
Eleaza Rose Devilleres
From Second Screen to Multi-Screen: We Are Social's Guide to Social Screens
From Second Screen to Multi-Screen: We Are Social's Guide to Social Screens
We Are Social Singapore
Security best practices for kubernetes deployment
Security best practices for kubernetes deployment
Michael Cherny
SteadyBudget's Seed Funding Pitch Deck
SteadyBudget's Seed Funding Pitch Deck
Shape Integrated Software
Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM
Amazon Web Services
7 Tips to Beautiful PowerPoint by @itseugenec
7 Tips to Beautiful PowerPoint by @itseugenec
Eugene Cheng
The Minimum Loveable Product
The Minimum Loveable Product
The Happy Startup School
Viewers also liked
(20)
NoSQL Injections in Node.js - The case of MongoDB
NoSQL Injections in Node.js - The case of MongoDB
Bletchley
Bletchley
From 0 to 0xdeadbeef - security mistakes that will haunt your startup
From 0 to 0xdeadbeef - security mistakes that will haunt your startup
Leveraging Honest Users: Stealth Command-and-Control of Botnets
Leveraging Honest Users: Stealth Command-and-Control of Botnets
PhD Thesis Diogo Mónica
PhD Thesis Diogo Mónica
An IDS for browser hijacking
An IDS for browser hijacking
WiFiHop - mitigating the Evil twin attack through multi-hop detection
WiFiHop - mitigating the Evil twin attack through multi-hop detection
Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks
Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks
MultiPath TCP - The path to multipath
MultiPath TCP - The path to multipath
Secure Software Distribution in an Adversarial World
Secure Software Distribution in an Adversarial World
ESORICS 2014: Local Password validation using Self-Organizing Maps
ESORICS 2014: Local Password validation using Self-Organizing Maps
Web Summit 2015 - Enterprise stage - Cloud, Open-Source, Security
Web Summit 2015 - Enterprise stage - Cloud, Open-Source, Security
MTLS in a Microservices World
MTLS in a Microservices World
How to-use-buffer-by-ella
How to-use-buffer-by-ella
From Second Screen to Multi-Screen: We Are Social's Guide to Social Screens
From Second Screen to Multi-Screen: We Are Social's Guide to Social Screens
Security best practices for kubernetes deployment
Security best practices for kubernetes deployment
SteadyBudget's Seed Funding Pitch Deck
SteadyBudget's Seed Funding Pitch Deck
Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM
7 Tips to Beautiful PowerPoint by @itseugenec
7 Tips to Beautiful PowerPoint by @itseugenec
The Minimum Loveable Product
The Minimum Loveable Product
Similar to Tune your App Perf (and get fit for summer)
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWS
Eric Smalling
How the Cloud Shifts the Burden of Security to Development
How the Cloud Shifts the Burden of Security to Development
Erika Barron
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
Cisco DevNet
360° Kubernetes Security: From Source Code to K8s Configuration Security
360° Kubernetes Security: From Source Code to K8s Configuration Security
DevOps.com
Delivering Java Applications? Ensure Top Performance Every Time, with Intell...
Delivering Java Applications? Ensure Top Performance Every Time, with Intell...
John Williams
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro
Amazon Web Services
Adding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps Pipelines
Amazon Web Services
Cncf checkov and bridgecrew
Cncf checkov and bridgecrew
LibbySchulze
Automating your AWS Security Operations
Automating your AWS Security Operations
Evident.io
DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)
Amazon Web Services
Kontinuierliche Sicherheitstests für APIs mit Testkube und OWASP ZAP
Kontinuierliche Sicherheitstests für APIs mit Testkube und OWASP ZAP
QAware GmbH
Automating your AWS Security Operations
Automating your AWS Security Operations
Amazon Web Services
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
Amazon Web Services
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud
Amazon Web Services
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
Amazon Web Services
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
Amazon Web Services Korea
Monitoring for Operational Outcomes and Application Insights: Best Practices ...
Monitoring for Operational Outcomes and Application Insights: Best Practices ...
Amazon Web Services
Secure Configuration and Automation Overview
Secure Configuration and Automation Overview
Amazon Web Services
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
CA Technologies
Machine Learning to Turbo-Charge the Ops Portion of DevOps
Machine Learning to Turbo-Charge the Ops Portion of DevOps
Deborah Schalm
Similar to Tune your App Perf (and get fit for summer)
(20)
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWS
How the Cloud Shifts the Burden of Security to Development
How the Cloud Shifts the Burden of Security to Development
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
360° Kubernetes Security: From Source Code to K8s Configuration Security
360° Kubernetes Security: From Source Code to K8s Configuration Security
Delivering Java Applications? Ensure Top Performance Every Time, with Intell...
Delivering Java Applications? Ensure Top Performance Every Time, with Intell...
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro
Adding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps Pipelines
Cncf checkov and bridgecrew
Cncf checkov and bridgecrew
Automating your AWS Security Operations
Automating your AWS Security Operations
DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)
Kontinuierliche Sicherheitstests für APIs mit Testkube und OWASP ZAP
Kontinuierliche Sicherheitstests für APIs mit Testkube und OWASP ZAP
Automating your AWS Security Operations
Automating your AWS Security Operations
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
Monitoring for Operational Outcomes and Application Insights: Best Practices ...
Monitoring for Operational Outcomes and Application Insights: Best Practices ...
Secure Configuration and Automation Overview
Secure Configuration and Automation Overview
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Machine Learning to Turbo-Charge the Ops Portion of DevOps
Machine Learning to Turbo-Charge the Ops Portion of DevOps
Recently uploaded
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security Challenges
Shyamsundar Das
Generative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-Council
VICTOR MAESTRE RAMIREZ
Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Jonathan Katz
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Alluxio, Inc.
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?
AmeliaSmith90
The Crypto Code WaveBot Automated Crypto Trading for Consistent Profits
The Crypto Code WaveBot Automated Crypto Trading for Consistent Profits
James Euan en
Use a Referral Program to Get 1 Million Users Waiting To Try Your App Before ...
Use a Referral Program to Get 1 Million Users Waiting To Try Your App Before ...
Flyyx Tech
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
Shane Coughlan
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptx
João Esperancinha
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG time
Neo4j
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Inc
robinwilliams8624
How to Improve the Employee Experience? - HRMS Software
How to Improve the Employee Experience? - HRMS Software
NYGGS Automation Suite
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
ThousandEyes
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AI
Ivo Andreev
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptx
Autus Cyber Tech
Rebuilding Your Cloud Native Community Lessons learned from Stardew Valley
Rebuilding Your Cloud Native Community Lessons learned from Stardew Valley
Imma Valls Bernaus
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies
Rejekts 24 EU No GitOps Pain, No Platform Gain
Rejekts 24 EU No GitOps Pain, No Platform Gain
Łukasz Piątkowski
React 19: Revolutionizing Web Development
React 19: Revolutionizing Web Development
BOSC Tech Labs
Salesforce AI Associate Certification.pptx
Salesforce AI Associate Certification.pptx
Salesforce Developer Group, Bauchi.
Recently uploaded
(20)
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security Challenges
Generative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-Council
Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?
The Crypto Code WaveBot Automated Crypto Trading for Consistent Profits
The Crypto Code WaveBot Automated Crypto Trading for Consistent Profits
Use a Referral Program to Get 1 Million Users Waiting To Try Your App Before ...
Use a Referral Program to Get 1 Million Users Waiting To Try Your App Before ...
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptx
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG time
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Inc
How to Improve the Employee Experience? - HRMS Software
How to Improve the Employee Experience? - HRMS Software
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AI
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptx
Rebuilding Your Cloud Native Community Lessons learned from Stardew Valley
Rebuilding Your Cloud Native Community Lessons learned from Stardew Valley
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Rejekts 24 EU No GitOps Pain, No Platform Gain
Rejekts 24 EU No GitOps Pain, No Platform Gain
React 19: Revolutionizing Web Development
React 19: Revolutionizing Web Development
Salesforce AI Associate Certification.pptx
Salesforce AI Associate Certification.pptx
Tune your App Perf (and get fit for summer)
1.
Confidential & proprietary
© Sqreen, 2015 Tune your app perf (and get fit for summer) We make products antifragile
2.
© Sqreensqreen.io Jean-Baptiste Aviat CTO
@SqreenIO (https://sqreen.io) Former hacker at Apple (Red Team) @JbAviat jb@sqreen.io
3.
Confidential & proprietary
© Sqreen, 2015 – Donald Knuth “Premature optimization is the root of all evil.”
4.
Confidential & proprietary
© Sqreen, 2015sqreen.io « We don’t have bugs. » « Or maybe one… » « Okay, beta are done for that! »
5.
Confidential & proprietary
© Sqreen, 2015sqreen.io Sqreen behind the scenes Examine the environment Run code specific to the class of vulnerability Log security events Automatically check for Sqreen security rules updates While keeping the app fast.
6.
Confidential & proprietary
© Sqreen, 2015sqreen.io HTTP request anatomy DB Cache QueryQuery JSON request response Services Rails server Client Rails app code
7.
Confidential & proprietary
© Sqreen, 2015sqreen.io HTTP request with Sqreen QueryQuery DB Cache JSON Services Rails server Client Sqreen code request response Rails app code
8.
Confidential & proprietary
© Sqreen, 2015sqreen.io Attack blocked by Sqreen Attack Error Query Sqreen backend Log event DB CacheServices Rails server Client Sqreen code Rails app code
9.
Confidential & proprietary
© Sqreen, 2015sqreen.io Thanks early adopters, we owe you one! Our beta customers raised different concerns: 1. Average response time 2. CPU consumption (mostly machine facing APIs) 3. Memory usage 4. Bandwidth
10.
Confidential & proprietary
© Sqreen, 2015sqreen.io Endless path to perf optimization Know what you are looking for Measure: understand precisely what need change Pareto law: 80% of execution time is spent in 20% of your code Change: just code it Evaluate: compare to previous measures Start over. Change Evaluate Measure
11.
Confidential & proprietary
© Sqreen, 2015 What about our Gem?
12.
Confidential & proprietary
© Sqreen, 2015sqreen.io Sqreen code executed during a client request: doesn’t use network doesn’t interact with filesystem The decision to block is made in the application Back-end communication is performed in a dedicated thread Request processing Query
13.
Confidential & proprietary
© Sqreen, 2015sqreen.io Asynchronous by design Sqreen worker Rails threads Sqreen thread request response Rails server Sqreen backend Sqreen code Rails / app code
14.
Confidential & proprietary
© Sqreen, 2015sqreen.io 156ms Asynchronism benefits + X ms + XX % time 150ms 225ms + 0 % Default Dumb 0ms + 4 % Sqreen
15.
Confidential & proprietary
© Sqreen, 2015sqreen.io Reduce I/O Bandwith Memory Requests AggregateStrip Required? I/O
16.
Confidential & proprietary
© Sqreen, 2015sqreen.io ExecJS call time ExecJS allows many runtimes: V8 (close to Pure Ruby) JSCore (OSX only) Node (ExecJS runs the Node binary) miliseconds 0 17,5 35 52,5 70 Pure Ruby V8 JSCore (OSX) Node
17.
Confidential & proprietary
© Sqreen, 2015sqreen.io ExecJS memory usage Low memory usage But it leaks! @samsaffron helped a lot Can be solved using context recycling ExecJS should be reset regularly memory(MB) 0 175 350 525 700 seconds 0 150 300 450 600
18.
Confidential & proprietary
© Sqreen, 2015sqreen.io Optimize ExecJS use Reduce ExecJS spawn time Precompile everything Spawn ExecJS as less as possible We introduced pure Ruby pre-conditions Now the decision to call ExecJS is taken in Ruby
19.
Confidential & proprietary
© Sqreen, 2015sqreen.io Minimize ExecJS overhead Perform analysis only on requests using a risky API Pick relevant methods The JS engine is spawned and performs further analysis Analyze Check if the API uses arguments that can be vulnerable Validate exposure If there is a security risk, we block the request and alert our back-end Alert & block if method.include?(watch_methods) if method_arg.include?(parameters) if ExecJS.is_an_attack? tell_thread_to_record_alert block_this_request end end end
20.
Confidential & proprietary
© Sqreen, 2015sqreen.io Mem I/O CPU Band- width Reducing memory usage leads to smaller objects to be treated, faster garbage collection Memory Reducing CPU usage leads to overall faster process CPU Less bandwidth means less server occupation and leads to faster responses Bandwidth Reducing I/O reduces time needed for tasks I/O Virtuous circle of optimization
21.
Confidential & proprietary
© Sqreen, 2015sqreen.io Benefits of multithreading 144% (over dumb implementation)
22.
Confidential & proprietary
© Sqreen, 2015sqreen.io -1000% Benefits of V8 (over Node runtime)
23.
Confidential & proprietary
© Sqreen, 2015sqreen.io reduce leaks Benefits of recycling ExecJS context (garbage collection, overall memory usage…)
24.
Confidential & proprietary
© Sqreen, 2015sqreen.io just faster :) Benefits of pre-condition (less context recycling, less context switch…)
25.
Confidential & proprietary
© Sqreen, 2015sqreen.io Client perf is not all about client How to reduce I/O time without changing the client? The exposed APIs need to respond faster We are applying the same method to our back-end
26.
Confidential & proprietary
© Sqreen, 2015sqreen.io Set up your feedback loop Now, you should to monitor your performances (automatically)! And do the same with Security ;) Keep on coding…
Download Now