SlideShare a Scribd company logo

Developers Focus on Security-Minded Tooling - Quintis Venter

Thoughtworks
Thoughtworks
Technology
1 of 19
Download to read offline
DEVELOPERS FOCUS ON SECURITY-MINDED TOOLING Q u i n t i s Ve n t e r | @ c u e v e e
DATA  LEAKS  AND  BREACHES:   A  YEAR  TO  REMEMBER  
3  
COST  TO  BUSINESS   4  
SECURITY-­‐MINDED?   YOU  MUST  HAVE  ME  CONFUSED  WITH  THE  SYS  ADMIN  
WHOSE  RESPONSIBILITY  IS  IT?   6  
CULTURE   7  
SERVER  HARDENING   8   •  Use Data Encryption for your Communications •  Avoid using insecure protocols that send your information or passwords in plain text. •  Minimize unnecessary software on your servers. •  Disable Unwanted SUID and SGID Binaries •  Keep your operating system up to date, especially security patches. •  Using security extensions is a plus. •  When using Linux, SELinux should be considered. Linux server hardening is a primary focus for the web hosting industry, however in web hosting SELinux is probably not a good option as it often causes issues when the server is used for web hosting purposes. •  User Accounts should have very strong passwords •  Change passwords on a regular basis and do not reuse them •  Lock accounts after too many login failures. Often these login failures are illegitimate attempts to gain access to your system.
SERVER  HARDENING   9   •  Do not permit empty passwords. •  SSH Hardening •  Change the port from default to a non standard one •  Disable direct root logins. Switch to root from a lower level account only when necessary. •  Unnecessary services should be disabled. Disable all instances of IRC - BitchX, bnc, eggdrop, generic-sniffers, guardservices, ircd, psyBNC, ptlink. •  Securing /tmp /var/tmp /dev/shm •  Hide BIND DNS Sever Version and Apache version •  Hardening sysctl.conf •  Server hardenining by installing Root Kit Hunter and ChrootKit hunter. •  Minimize open network ports to be only what is needed for your specific circumstances. •  Configure the system firewall (Iptables) or get a software installed like CSF or APF. Proper setup of a firewall itself can prevent many attacks.
SERVER  HARDENING   10   •  Consider also using a hardware firewall •  Separate partitions in ways that make your system more secure. •  Disable unwanted binaries •  Maintain server logs; mirror logs to a separate log server •  Install Logwatch and review logwatch emails daily. Investigate any suspicious activity on your server. •  Use brute force and intrusion detection systems •  Install Linux Socket Monitor - Detects/alerts when new sockets are created on your system, often revealing hacker activity •  Install Mod_security as Webserver Hardening •  Hardening the Php installation •  Limit user accounts to accessing only what they need. Increased access should only be on an as-needed basis. •  Maintain proper backups •  Don't forget about physical server security
SECURITY-­‐MINDED  TOOLING   11  
LINUX  SECURITY  MODULES   12   SELinux AppArmor Smackgrsecurity
BLACKBOX   13   Encrypting files at rest in your repo For git, hg, svn
14   Collaboration
TOTP:  TIME-­‐BASED  OTP   15   Cornerstone of OAUTH Two-factor authentication
OPENID  CONNECT   16   Simple identity layer on top of OAUTH 2.0
PARTING  THOUGHT   17   Security is a process, not a product
MORE  INFO  &  QUESTIONS   18   https://github.com/StackExchange/blackbox http://en.wikipedia.org/wiki/Time-based_One- time_Password_Algorithm http://openid.net/connect/
THANK  YOU   For questions or suggestions: Quintis Venter | @cuevee

Recommended

Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
MehtabRohela
 
Cisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric VanderburgCisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric Vanderburg
Eric Vanderburg
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
Bryley Systems Inc.
 
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
Pranav Gontalwar
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
Amandeep Kaur
 
Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02
devidas shinde
 
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
MehtabRohela
 
nessus
nessusnessus
nessus
Muhammad Yasin
 

Recommended

Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
MehtabRohela
 
Cisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric VanderburgCisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric Vanderburg
Eric Vanderburg
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
Bryley Systems Inc.
 
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
Pranav Gontalwar
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
Amandeep Kaur
 
Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02
devidas shinde
 
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
MehtabRohela
 
nessus
nessusnessus
nessus
Muhammad Yasin
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
edavid2685
 
Firewall
FirewallFirewall
Firewall
Mohanasundaram Nattudurai
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
Ajit Dadresa
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
Romansh Yadav
 
Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?
DevOps.com
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
Megha Sahu
 
Mod security
Mod securityMod security
Mod security
Shruthi Kamath
 
Protect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS ProtectionProtect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS Protection
Imperva Incapsula
 
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate PerformanceIncapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Imperva Incapsula
 
Migrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowMigrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to Know
Imperva Incapsula
 
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPSBreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
Ixia
 
Lession 8
Lession 8Lession 8
Lession 8
Vietfreelancer Expert
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1
Frank Avila Zapata
 
Firewall intro
Firewall introFirewall intro
Firewall intro
amar_panchal
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShell
kieranjacobsen
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
Imperva Incapsula
 
Cci Welcome
Cci WelcomeCci Welcome
Cci Welcome
SoftLayer Technologies
 
Web Server Hardening
Web Server HardeningWeb Server Hardening
Web Server Hardening
n|u - The Open Security Community
 
Activity stream - How to feed the Beast
Activity stream - How to feed the BeastActivity stream - How to feed the Beast
Activity stream - How to feed the Beast
Andreas Artner
 
DNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS ProtectionDNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS Protection
Imperva Incapsula
 
Learnings from Mobile Application Testing
Learnings from Mobile Application TestingLearnings from Mobile Application Testing
Learnings from Mobile Application Testing
Thoughtworks
 
Mobile - More than just an app
Mobile - More than just an appMobile - More than just an app
Mobile - More than just an app
Thoughtworks
 

More Related Content

What's hot

Protect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS ProtectionProtect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS Protection
Imperva Incapsula
 
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate PerformanceIncapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Imperva Incapsula
 

What's hot (20)

System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 
Firewall
FirewallFirewall
Firewall
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
 
Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
 
Mod security
Mod securityMod security
Mod security
 
Protect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS ProtectionProtect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS Protection
 
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate PerformanceIncapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
 
Migrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowMigrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to Know
 
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPSBreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
 
Lession 8
Lession 8Lession 8
Lession 8
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1
 
Firewall intro
Firewall introFirewall intro
Firewall intro
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShell
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
 
Cci Welcome
Cci WelcomeCci Welcome
Cci Welcome
 
Web Server Hardening
Web Server HardeningWeb Server Hardening
Web Server Hardening
 
Activity stream - How to feed the Beast
Activity stream - How to feed the BeastActivity stream - How to feed the Beast
Activity stream - How to feed the Beast
 
DNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS ProtectionDNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS Protection
 

Viewers also liked

Cafe agil em Recife - Agile and Design
Cafe agil em Recife - Agile and DesignCafe agil em Recife - Agile and Design
Cafe agil em Recife - Agile and Design
Thoughtworks
 

Viewers also liked (7)

Learnings from Mobile Application Testing
Learnings from Mobile Application TestingLearnings from Mobile Application Testing
Learnings from Mobile Application Testing
 
Mobile - More than just an app
Mobile - More than just an appMobile - More than just an app
Mobile - More than just an app
 
Distributed agile testing for enterprises
Distributed agile testing for enterprisesDistributed agile testing for enterprises
Distributed agile testing for enterprises
 
How do you accelerate your enterprise agility?
How do you accelerate your enterprise agility?How do you accelerate your enterprise agility?
How do you accelerate your enterprise agility?
 
Cafe agil em Recife - Agile and Design
Cafe agil em Recife - Agile and DesignCafe agil em Recife - Agile and Design
Cafe agil em Recife - Agile and Design
 
Automating the Polymer Way
Automating the Polymer WayAutomating the Polymer Way
Automating the Polymer Way
 
What can possibly get from the 11.11 - 2014ThoughtWorks Live China
What can possibly get from the 11.11 - 2014ThoughtWorks Live ChinaWhat can possibly get from the 11.11 - 2014ThoughtWorks Live China
What can possibly get from the 11.11 - 2014ThoughtWorks Live China
 

Similar to Developers Focus on Security-Minded Tooling - Quintis Venter

Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
Desmond Devendran
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Andrejs Prokopjevs
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
Volodymyr Shynkar
 

Similar to Developers Focus on Security-Minded Tooling - Quintis Venter (20)

Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS Vulnerabilites
 
Chapter08
Chapter08Chapter08
Chapter08
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdf
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
 
Systems administration for coders presentation
Systems administration for coders presentationSystems administration for coders presentation
Systems administration for coders presentation
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the application
 
OWASP Top 10 2017
OWASP Top 10 2017OWASP Top 10 2017
OWASP Top 10 2017
 
CNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesCNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS Vulnerabilities
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtube
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
 
12-Factor Apps
12-Factor Apps12-Factor Apps
12-Factor Apps
 
How To Protect Your Network with Firewall Security?
How To Protect Your Network with Firewall Security?How To Protect Your Network with Firewall Security?
How To Protect Your Network with Firewall Security?
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
 
linux - Google Docs.pdf
linux - Google Docs.pdflinux - Google Docs.pdf
linux - Google Docs.pdf
 

More from Thoughtworks

Designers, Developers & Dogs
Designers, Developers & DogsDesigners, Developers & Dogs
Designers, Developers & Dogs
Thoughtworks
 
More impact with flexible teams
More impact with flexible teamsMore impact with flexible teams
More impact with flexible teams
Thoughtworks
 
When we design together
When we design togetherWhen we design together
When we design together
Thoughtworks
 
Hardware is hard(er)
Hardware is hard(er)Hardware is hard(er)
Hardware is hard(er)
Thoughtworks
 

More from Thoughtworks (20)

Design System as a Product
Design System as a ProductDesign System as a Product
Design System as a Product
 
Designers, Developers & Dogs
Designers, Developers & DogsDesigners, Developers & Dogs
Designers, Developers & Dogs
 
Cloud-first for fast innovation
Cloud-first for fast innovationCloud-first for fast innovation
Cloud-first for fast innovation
 
More impact with flexible teams
More impact with flexible teamsMore impact with flexible teams
More impact with flexible teams
 
Culture of Innovation
Culture of InnovationCulture of Innovation
Culture of Innovation
 
Dual-Track Agile
Dual-Track AgileDual-Track Agile
Dual-Track Agile
 
Developer Experience
Developer ExperienceDeveloper Experience
Developer Experience
 
When we design together
When we design togetherWhen we design together
When we design together
 
Hardware is hard(er)
Hardware is hard(er)Hardware is hard(er)
Hardware is hard(er)
 
Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloud Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloud
 
Amazon's Culture of Innovation
Amazon's Culture of InnovationAmazon's Culture of Innovation
Amazon's Culture of Innovation
 
When in doubt, go live
When in doubt, go liveWhen in doubt, go live
When in doubt, go live
 
Don't cross the Rubicon
Don't cross the RubiconDon't cross the Rubicon
Don't cross the Rubicon
 
Error handling
Error handlingError handling
Error handling
 
Your test coverage is a lie!
Your test coverage is a lie!Your test coverage is a lie!
Your test coverage is a lie!
 
Docker container security
Docker container securityDocker container security
Docker container security
 
Redefining the unit
Redefining the unitRedefining the unit
Redefining the unit
 
Technology Radar Webinar UK - Vol. 22
Technology Radar Webinar UK - Vol. 22Technology Radar Webinar UK - Vol. 22
Technology Radar Webinar UK - Vol. 22
 
A Tribute to Turing
A Tribute to TuringA Tribute to Turing
A Tribute to Turing
 
Rsa maths worked out
Rsa maths worked outRsa maths worked out
Rsa maths worked out
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Recently uploaded (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 

Developers Focus on Security-Minded Tooling - Quintis Venter

  • 1. DEVELOPERS FOCUS ON SECURITY-MINDED TOOLING Q u i n t i s Ve n t e r | @ c u e v e e
  • 2. DATA  LEAKS  AND  BREACHES:   A  YEAR  TO  REMEMBER  
  • 5. SECURITY-­‐MINDED?   YOU  MUST  HAVE  ME  CONFUSED  WITH  THE  SYS  ADMIN  
  • 8. SERVER  HARDENING   8   •  Use Data Encryption for your Communications •  Avoid using insecure protocols that send your information or passwords in plain text. •  Minimize unnecessary software on your servers. •  Disable Unwanted SUID and SGID Binaries •  Keep your operating system up to date, especially security patches. •  Using security extensions is a plus. •  When using Linux, SELinux should be considered. Linux server hardening is a primary focus for the web hosting industry, however in web hosting SELinux is probably not a good option as it often causes issues when the server is used for web hosting purposes. •  User Accounts should have very strong passwords •  Change passwords on a regular basis and do not reuse them •  Lock accounts after too many login failures. Often these login failures are illegitimate attempts to gain access to your system.
  • 9. SERVER  HARDENING   9   •  Do not permit empty passwords. •  SSH Hardening •  Change the port from default to a non standard one •  Disable direct root logins. Switch to root from a lower level account only when necessary. •  Unnecessary services should be disabled. Disable all instances of IRC - BitchX, bnc, eggdrop, generic-sniffers, guardservices, ircd, psyBNC, ptlink. •  Securing /tmp /var/tmp /dev/shm •  Hide BIND DNS Sever Version and Apache version •  Hardening sysctl.conf •  Server hardenining by installing Root Kit Hunter and ChrootKit hunter. •  Minimize open network ports to be only what is needed for your specific circumstances. •  Configure the system firewall (Iptables) or get a software installed like CSF or APF. Proper setup of a firewall itself can prevent many attacks.
  • 10. SERVER  HARDENING   10   •  Consider also using a hardware firewall •  Separate partitions in ways that make your system more secure. •  Disable unwanted binaries •  Maintain server logs; mirror logs to a separate log server •  Install Logwatch and review logwatch emails daily. Investigate any suspicious activity on your server. •  Use brute force and intrusion detection systems •  Install Linux Socket Monitor - Detects/alerts when new sockets are created on your system, often revealing hacker activity •  Install Mod_security as Webserver Hardening •  Hardening the Php installation •  Limit user accounts to accessing only what they need. Increased access should only be on an as-needed basis. •  Maintain proper backups •  Don't forget about physical server security
  • 12. LINUX  SECURITY  MODULES   12   SELinux AppArmor Smackgrsecurity
  • 13. BLACKBOX   13   Encrypting files at rest in your repo For git, hg, svn
  • 15. TOTP:  TIME-­‐BASED  OTP   15   Cornerstone of OAUTH Two-factor authentication
  • 16. OPENID  CONNECT   16   Simple identity layer on top of OAUTH 2.0
  • 17. PARTING  THOUGHT   17   Security is a process, not a product
  • 18. MORE  INFO  &  QUESTIONS   18   https://github.com/StackExchange/blackbox http://en.wikipedia.org/wiki/Time-based_One- time_Password_Algorithm http://openid.net/connect/
  • 19. THANK  YOU   For questions or suggestions: Quintis Venter | @cuevee