SlideShare a Scribd company logo

Tecnologias Open Source para Alta Disponibilidade e Segurança de Aplicações Web

Alexandro Silva
Alexandro Silva

Mitigar vulnerabilidades levando em conta a peculiaridade do sistema hospedado, falta de acesso administrativo, limitações técnicas e ativos de proteção de borda que não contribuem efetivamente com esta tarefa é um dos grandes desafios em segurança de aplicações. Nesta palestra apresentarei como implantar uma camada de segurança em alta disponibilidade a qual contribui na prevenção proativa contra ataques direcionados a aplicações web.

Technology
1 of 52
Download to read offline
Tecnologias Open Source para Alta Disponibilidade e Segurança de Aplicações Web Alexandro Silva alexos@alexos.org http://alexos.org Jun/16
Desafios
Disponibilidade
Performance
Segurança
O que proteger?
Solução
Proxy Reverso
Vantagens
● Redução no consumo – Banda – Recursos backend ● Alta disponibilidade ● Caching ● Gerenciamento centralizado
● Desenvolvido por Igor Sysoev ● Usado por 27% dos sites mais acessados Fonte: Netcraft - http://news.netcraft.com/archives/2016/06/22/june-2016-web-server-survey.html
proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my-cache:8m max_size=1000m inactive=600m; proxy_temp_path /var/cache/tmp; proxy_max_temp_file_size 0; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_cache_methods GET HEAD POST; nginx.conf
Hardening
# Protecao contra DoS client_body_buffer_size 1K; client_header_buffer_size 1k; client_max_body_size 2M; large_client_header_buffers 2 1k; client_body_timeout 10; client_header_timeout 10; keepalive_timeout 5 5; send_timeout 10; # Remove Banner server_tokens off; # Limita o maximo de conexoes concorrentes por IP limit_conn_zone $binary_remote_addr zone=addr:10m; limit_conn addr 10; # Headers add_header X-Content-Type-Options nosniff; add_header Strict-Transport-Security max-age=31536000; add_header X-Frame-Options SAMEORIGIN; add_header X-XSS-Protection "1; mode=block"; add_header X-WebKit-CSP "default-src 'none'; script-src 'self'; connect-src: 'self'; img- src: 'self'; style-src: 'self'"; add_header Access-Control-Allow-Origin "'*'"; add_header X-Download-Options "noopen"; add_header X-Content-Security-Policy default-src 'none'; script-src 'self'; connect-src: 'self'; img-src: 'self'; style-src: 'self';
Cluster e Failover
upstream acme { ip_hash; server 192.168.0.2; server 192.168.0.3; server 192.168.0.4; } vhost
upstream acme { ip_hash; server 192.168.0.2 weight=1; server 192.168.0.3 weight=2; server 192.168.0.4 weight=3; } vhost
upstream acme { ip_hash; server 192.168.0.2 max_fails=3 fail_timeout=30s; server 192.168.0.3; server 192.168.0.4 down; server 192.168.0.5 } vhost
Heartbeat
logfile /var/log/ha-log keepalive 1 deadtime 5 udpport 694 ucast eth0 192.168.0.1 lauto_failback on node wafmaster node wafbackup ha.conf
wafmaster IPaddr::192.168.0.3/24/eth0:0
Segurança
● Desenvolvido por Thibault Koechlin ● Desenvolvido para o Nginx ● Não usa assinaturas para detectar e bloquear ataques. ● Identifica caracteres arbitrários em requisições HTTP. ● Faz um score de caracteres arbitrários,como um antispam. ● Virtual Patching
# Naxsi WAF include /etc/nginx/naxsi_core.rules; nginx.conf
include /usr/local/etc/nginx/naxsi.rules; error_page 500 http://acme; error_page 403 http://acme; error_page 404 http://acme; #Naxsi Learning Mode location /RequestDenied { return 500; } vhost
naxsi_rules
LearningMode; #Enables learning mode SecRulesEnabled; #SecRulesDisabled; DeniedUrl "/RequestDenied"; ## check rules CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$EVADE >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; naxsi_rules
2013/11/26 08:24:09 [error] 661#0: *8362 NAXSI_FMT: ip=192.168.0.5&server=acme&uri=/&learning=1&total_processed= 1843&total_blocked=184, client: 192.168.0.5, server: acme, request: "GET /? action=learn&paper=http://milw0rm.com/papers/173&type=SQLi'% 20or%20(sleep(2)%2b1)%20limit%201%20--%20 HTTP/1.1", host: "acme", referrer: "http://acme:80/" log
nx_util
$ nx_util -d acme -o ########### Optimized Rules Suggestion ################## # total_count:28 (8.24%), peer_count:1 (100.0%) | ], possible js BasicRule wl:1311 "mz:$ARGS_VAR:fltr[]|NAME"; # total_count:28 (8.24%), peer_count:1 (100.0%) | [, possible js BasicRule wl:1310 "mz:$ARGS_VAR:fltr[]|NAME"; # total_count:28 (8.24%), peer_count:1 (100.0%) | html close tag BasicRule wl:1303 "mz:$ARGS_VAR:fltr[]"; # total_count:28 (8.24%), peer_count:1 (100.0%) | ; in stuff BasicRule wl:1008 "mz:$ARGS_VAR:fltr[]"; # total_count:28 (8.24%), peer_count:1 (100.0%) | mysql keyword (|) BasicRule wl:1005 "mz:$ARGS_VAR:fltr[]"; # total_count:27 (7.94%), peer_count:1 (100.0%) | double dot BasicRule wl:1202 "mz:$URL:/..Á..Á..Á..Á..Á..Á..Á..Á/etc/passwd|URL"; # total_count:1 (0.29%), peer_count:1 (100.0%) | 0x, possible hex encoding BasicRule wl:1002 "mz: $URL:/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini|URL"; # total_count:1 (0.29%), peer_count:1 (100.0%) | 0x, possible hex encoding BasicRule wl:1002 "mz:$URL:/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cetc/passwd| URL"; # total_count:1 (0.29%), peer_count:1 (100.0%) | obvious probe BasicRule wl:1202 "mz:$URL:/.../.../.../.../.../.../.../.../etc/passwd|URL"; # total_count:1 (0.29%), peer_count:1 (100.0%) | obvious probe BasicRule wl:1202 "mz:$URL:/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c.. %c1%9c..%c1%9c/etc/passwd|URL"; # total_count:1 (0.29%), peer_count:1 (100.0%) | obvious probe
Próximos Passos
Whitelist usando Data Mining
Considerações ● Replicação: – Banco de dados – Arquivos ● Performance Tuning ● Banda disponível ● Evitar elementos que possam gerar gargalo ● Monitoramento – Munin – Zabbix
Links ✔ Nginx - http://nginx.org/ ✔ Naxsi - https://github.com/nbs-system/naxsi/ ✔ Heartbeat – http://linux-ha.org/wiki/Heartbeat ✔ Munin – http://munin-monitoring.org/ ✔ Zabbix – http://www.zabbix.com/ ✔ Alexos Core Labs – http://alexos.org
Alexandro Silva alexos@alexos.org http://alexos.org

Recommended

URL to HTML
URL to HTMLURL to HTML
URL to HTMLFrancois Marier
 
Bünyamin Demir - Secure YourApp
Bünyamin Demir - Secure YourAppBünyamin Demir - Secure YourApp
Bünyamin Demir - Secure YourAppCypSec - Siber Güvenlik Konferansı
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
Bünyamin Demir - 10 Adımda Yazılım Güvenliği
Bünyamin Demir - 10 Adımda Yazılım GüvenliğiBünyamin Demir - 10 Adımda Yazılım Güvenliği
Bünyamin Demir - 10 Adımda Yazılım GüvenliğiCypSec - Siber Güvenlik Konferansı
 
Two scoops of Django - Security Best Practices
Two scoops of Django - Security Best PracticesTwo scoops of Django - Security Best Practices
Two scoops of Django - Security Best PracticesSpin Lai
 
Subresource Integrity
Subresource IntegritySubresource Integrity
Subresource IntegrityPhilippe De Ryck
 
Deployment Patterns of WSO2 Identity Server
Deployment Patterns of WSO2 Identity ServerDeployment Patterns of WSO2 Identity Server
Deployment Patterns of WSO2 Identity ServerMifrazMurthaja
 

Recommended

URL to HTML
URL to HTMLURL to HTML
URL to HTMLFrancois Marier
 
Bünyamin Demir - Secure YourApp
Bünyamin Demir - Secure YourAppBünyamin Demir - Secure YourApp
Bünyamin Demir - Secure YourAppCypSec - Siber Güvenlik Konferansı
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
Bünyamin Demir - 10 Adımda Yazılım Güvenliği
Bünyamin Demir - 10 Adımda Yazılım GüvenliğiBünyamin Demir - 10 Adımda Yazılım Güvenliği
Bünyamin Demir - 10 Adımda Yazılım GüvenliğiCypSec - Siber Güvenlik Konferansı
 
Two scoops of Django - Security Best Practices
Two scoops of Django - Security Best PracticesTwo scoops of Django - Security Best Practices
Two scoops of Django - Security Best PracticesSpin Lai
 
Subresource Integrity
Subresource IntegritySubresource Integrity
Subresource IntegrityPhilippe De Ryck
 
Deployment Patterns of WSO2 Identity Server
Deployment Patterns of WSO2 Identity ServerDeployment Patterns of WSO2 Identity Server
Deployment Patterns of WSO2 Identity ServerMifrazMurthaja
 
Practical django secuirty
Practical django secuirtyPractical django secuirty
Practical django secuirtyAndy Dai
 
HTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionHTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionXavier Mertens
 
Demystifying REST
Demystifying RESTDemystifying REST
Demystifying RESTKirsten Hunter
 
HTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must KnowHTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must KnowAyoma Wijethunga
 
Sinn und Unsinn von SSL
Sinn und Unsinn von SSLSinn und Unsinn von SSL
Sinn und Unsinn von SSLWalter Ebert
 
Shellshock
ShellshockShellshock
ShellshockOnur Alanbel
 
Configuring SSL on NGNINX and less tricky servers
Configuring SSL on NGNINX and less tricky serversConfiguring SSL on NGNINX and less tricky servers
Configuring SSL on NGNINX and less tricky serversAxilis
 
Php security
Php securityPhp security
Php securityssrajsathya
 
Token Based Authentication Systems
Token Based Authentication SystemsToken Based Authentication Systems
Token Based Authentication SystemsHüseyin BABAL
 
Nginx - The webserver you might actually like
Nginx - The webserver you might actually likeNginx - The webserver you might actually like
Nginx - The webserver you might actually likeEdorian
 
Ruby Postgres
Ruby PostgresRuby Postgres
Ruby PostgresAkio Ishida
 
Site Security Policy - Yahoo! Security Week
Site Security Policy - Yahoo! Security WeekSite Security Policy - Yahoo! Security Week
Site Security Policy - Yahoo! Security Weekguest9663eb
 
C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood
C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les HazlewoodC* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood
C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les HazlewoodDataStax Academy
 
資工也該懂些資安吧
資工也該懂些資安吧資工也該懂些資安吧
資工也該懂些資安吧明旋 簡
 
Ajax basics
Ajax basicsAjax basics
Ajax basicsHernán Garzón de la Roza
 
Java EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFishJava EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFishMarkus Eisele
 
Defeating Cross-Site Scripting with Content Security Policy (updated)
Defeating Cross-Site Scripting with Content Security Policy (updated)Defeating Cross-Site Scripting with Content Security Policy (updated)
Defeating Cross-Site Scripting with Content Security Policy (updated)Francois Marier
 
Content Security Policy - The application security Swiss Army Knife
Content Security Policy - The application security Swiss Army KnifeContent Security Policy - The application security Swiss Army Knife
Content Security Policy - The application security Swiss Army KnifeScott Helme
 
IstSec'14 - Onur ALANBEL - ShellShock
IstSec'14 - Onur ALANBEL - ShellShockIstSec'14 - Onur ALANBEL - ShellShock
IstSec'14 - Onur ALANBEL - ShellShockBGA Cyber Security
 
Content Security Policy
Content Security PolicyContent Security Policy
Content Security PolicyRyan LaBouve
 
Nunca digas nunca: La nube y algunos principios que no pensabas que llegaría...
Nunca digas nunca: La nube y algunos principios que no pensabas que llegaría...Nunca digas nunca: La nube y algunos principios que no pensabas que llegaría...
Nunca digas nunca: La nube y algunos principios que no pensabas que llegaría...GeneXus
 
SOESTES RESUME
SOESTES RESUMESOESTES RESUME
SOESTES RESUMESally O. Estes
 

More Related Content

What's hot

Practical django secuirty
Practical django secuirtyPractical django secuirty
Practical django secuirtyAndy Dai
 
HTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionHTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionXavier Mertens
 
HTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must KnowHTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must KnowAyoma Wijethunga
 
Sinn und Unsinn von SSL
Sinn und Unsinn von SSLSinn und Unsinn von SSL
Sinn und Unsinn von SSLWalter Ebert
 
Configuring SSL on NGNINX and less tricky servers
Configuring SSL on NGNINX and less tricky serversConfiguring SSL on NGNINX and less tricky servers
Configuring SSL on NGNINX and less tricky serversAxilis
 
Token Based Authentication Systems
Token Based Authentication SystemsToken Based Authentication Systems
Token Based Authentication SystemsHüseyin BABAL
 
Nginx - The webserver you might actually like
Nginx - The webserver you might actually likeNginx - The webserver you might actually like
Nginx - The webserver you might actually likeEdorian
 
Site Security Policy - Yahoo! Security Week
Site Security Policy - Yahoo! Security WeekSite Security Policy - Yahoo! Security Week
Site Security Policy - Yahoo! Security Weekguest9663eb
 
C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood
C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les HazlewoodC* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood
C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les HazlewoodDataStax Academy
 
資工也該懂些資安吧
資工也該懂些資安吧資工也該懂些資安吧
資工也該懂些資安吧明旋 簡
 
Java EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFishJava EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFishMarkus Eisele
 
Defeating Cross-Site Scripting with Content Security Policy (updated)
Defeating Cross-Site Scripting with Content Security Policy (updated)Defeating Cross-Site Scripting with Content Security Policy (updated)
Defeating Cross-Site Scripting with Content Security Policy (updated)Francois Marier
 
Content Security Policy - The application security Swiss Army Knife
Content Security Policy - The application security Swiss Army KnifeContent Security Policy - The application security Swiss Army Knife
Content Security Policy - The application security Swiss Army KnifeScott Helme
 
IstSec'14 - Onur ALANBEL - ShellShock
IstSec'14 - Onur ALANBEL - ShellShockIstSec'14 - Onur ALANBEL - ShellShock
IstSec'14 - Onur ALANBEL - ShellShockBGA Cyber Security
 
Content Security Policy
Content Security PolicyContent Security Policy
Content Security PolicyRyan LaBouve
 

What's hot (20)

Practical django secuirty
Practical django secuirtyPractical django secuirty
Practical django secuirty
 
HTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionHTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC Edition
 
Demystifying REST
Demystifying RESTDemystifying REST
Demystifying REST
 
HTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must KnowHTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must Know
 
Sinn und Unsinn von SSL
Sinn und Unsinn von SSLSinn und Unsinn von SSL
Sinn und Unsinn von SSL
 
Shellshock
ShellshockShellshock
Shellshock
 
Configuring SSL on NGNINX and less tricky servers
Configuring SSL on NGNINX and less tricky serversConfiguring SSL on NGNINX and less tricky servers
Configuring SSL on NGNINX and less tricky servers
 
Php security
Php securityPhp security
Php security
 
Token Based Authentication Systems
Token Based Authentication SystemsToken Based Authentication Systems
Token Based Authentication Systems
 
Nginx - The webserver you might actually like
Nginx - The webserver you might actually likeNginx - The webserver you might actually like
Nginx - The webserver you might actually like
 
Ruby Postgres
Ruby PostgresRuby Postgres
Ruby Postgres
 
Site Security Policy - Yahoo! Security Week
Site Security Policy - Yahoo! Security WeekSite Security Policy - Yahoo! Security Week
Site Security Policy - Yahoo! Security Week
 
C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood
C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les HazlewoodC* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood
C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood
 
資工也該懂些資安吧
資工也該懂些資安吧資工也該懂些資安吧
資工也該懂些資安吧
 
Ajax basics
Ajax basicsAjax basics
Ajax basics
 
Java EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFishJava EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFish
 
Defeating Cross-Site Scripting with Content Security Policy (updated)
Defeating Cross-Site Scripting with Content Security Policy (updated)Defeating Cross-Site Scripting with Content Security Policy (updated)
Defeating Cross-Site Scripting with Content Security Policy (updated)
 
Content Security Policy - The application security Swiss Army Knife
Content Security Policy - The application security Swiss Army KnifeContent Security Policy - The application security Swiss Army Knife
Content Security Policy - The application security Swiss Army Knife
 
IstSec'14 - Onur ALANBEL - ShellShock
IstSec'14 - Onur ALANBEL - ShellShockIstSec'14 - Onur ALANBEL - ShellShock
IstSec'14 - Onur ALANBEL - ShellShock
 
Content Security Policy
Content Security PolicyContent Security Policy
Content Security Policy
 

Viewers also liked

Nunca digas nunca: La nube y algunos principios que no pensabas que llegaría...
Nunca digas nunca: La nube y algunos principios que no pensabas que llegaría...Nunca digas nunca: La nube y algunos principios que no pensabas que llegaría...
Nunca digas nunca: La nube y algunos principios que no pensabas que llegaría...GeneXus
 
Niet Langer Leven in de Wachtkamer
Niet Langer Leven in de WachtkamerNiet Langer Leven in de Wachtkamer
Niet Langer Leven in de WachtkamerMartine Steen
 
Panorama des Chatbots et Assistants Virtuels - Novembre 2016
Panorama des Chatbots et Assistants Virtuels - Novembre 2016Panorama des Chatbots et Assistants Virtuels - Novembre 2016
Panorama des Chatbots et Assistants Virtuels - Novembre 2016Daniel Jarjoura
 
Ejecucion de gastos a junio 2016
Ejecucion de gastos a junio 2016Ejecucion de gastos a junio 2016
Ejecucion de gastos a junio 2016German Rodriguez
 
AWS Customer Presentation - Thomson Reuters - Delivering on the Promise of Di...
AWS Customer Presentation - Thomson Reuters - Delivering on the Promise of Di...AWS Customer Presentation - Thomson Reuters - Delivering on the Promise of Di...
AWS Customer Presentation - Thomson Reuters - Delivering on the Promise of Di...Amazon Web Services
 
Information Technology Infrastructure Library
Information Technology Infrastructure LibraryInformation Technology Infrastructure Library
Information Technology Infrastructure LibraryYatish Bathla
 
Catalog de prezentare opel insignia model 2009
Catalog de prezentare opel insignia model 2009Catalog de prezentare opel insignia model 2009
Catalog de prezentare opel insignia model 2009Ionescu Octavian
 
Top signs of an electrical fault in your (1)
Top signs of an electrical fault in your (1)Top signs of an electrical fault in your (1)
Top signs of an electrical fault in your (1)Rebekah1990
 
Mc makin resume cover references metrics current
Mc makin resume cover references metrics currentMc makin resume cover references metrics current
Mc makin resume cover references metrics currentMatt McMakin
 

Viewers also liked (15)

Nunca digas nunca: La nube y algunos principios que no pensabas que llegaría...
Nunca digas nunca: La nube y algunos principios que no pensabas que llegaría...Nunca digas nunca: La nube y algunos principios que no pensabas que llegaría...
Nunca digas nunca: La nube y algunos principios que no pensabas que llegaría...
 
SOESTES RESUME
SOESTES RESUMESOESTES RESUME
SOESTES RESUME
 
Niet Langer Leven in de Wachtkamer
Niet Langer Leven in de WachtkamerNiet Langer Leven in de Wachtkamer
Niet Langer Leven in de Wachtkamer
 
PREVENÇÃO VS RESPOSTA À INCIDENTES: O FOCO MUDOU
PREVENÇÃO VS RESPOSTA À INCIDENTES: O FOCO MUDOUPREVENÇÃO VS RESPOSTA À INCIDENTES: O FOCO MUDOU
PREVENÇÃO VS RESPOSTA À INCIDENTES: O FOCO MUDOU
 
Panorama des Chatbots et Assistants Virtuels - Novembre 2016
Panorama des Chatbots et Assistants Virtuels - Novembre 2016Panorama des Chatbots et Assistants Virtuels - Novembre 2016
Panorama des Chatbots et Assistants Virtuels - Novembre 2016
 
Ejecucion de gastos a junio 2016
Ejecucion de gastos a junio 2016Ejecucion de gastos a junio 2016
Ejecucion de gastos a junio 2016
 
AWS Customer Presentation - Thomson Reuters - Delivering on the Promise of Di...
AWS Customer Presentation - Thomson Reuters - Delivering on the Promise of Di...AWS Customer Presentation - Thomson Reuters - Delivering on the Promise of Di...
AWS Customer Presentation - Thomson Reuters - Delivering on the Promise of Di...
 
Electrical tools
Electrical toolsElectrical tools
Electrical tools
 
Information Technology Infrastructure Library
Information Technology Infrastructure LibraryInformation Technology Infrastructure Library
Information Technology Infrastructure Library
 
Catalog de prezentare opel insignia model 2009
Catalog de prezentare opel insignia model 2009Catalog de prezentare opel insignia model 2009
Catalog de prezentare opel insignia model 2009
 
Top signs of an electrical fault in your (1)
Top signs of an electrical fault in your (1)Top signs of an electrical fault in your (1)
Top signs of an electrical fault in your (1)
 
Agila jan2008
Agila jan2008Agila jan2008
Agila jan2008
 
C
CC
C
 
Mc makin resume cover references metrics current
Mc makin resume cover references metrics currentMc makin resume cover references metrics current
Mc makin resume cover references metrics current
 
Electrical Tools and Equipment
Electrical Tools and EquipmentElectrical Tools and Equipment
Electrical Tools and Equipment
 

Similar to Tecnologias Open Source para Alta Disponibilidade e Segurança de Aplicações Web

How to build a High Performance PSGI/Plack Server
How to build a High Performance PSGI/Plack Server How to build a High Performance PSGI/Plack Server
How to build a High Performance PSGI/Plack Server Masahiro Nagano
 
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...Amazon Web Services
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINXKevin Jones
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINXNGINX, Inc.
 
Kong API Gateway
Kong API Gateway Kong API Gateway
Kong API Gateway Chris Mague
 
Facebook的缓存系统
Facebook的缓存系统Facebook的缓存系统
Facebook的缓存系统yiditushe
 
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...Aman Kohli
 
4069180 Caching Performance Lessons From Facebook
4069180 Caching Performance Lessons From Facebook4069180 Caching Performance Lessons From Facebook
4069180 Caching Performance Lessons From Facebookguoqing75
 
WebCamp: Developer Day: Web Security: Cookies, Domains and CORS - Юрий Чайков...
WebCamp: Developer Day: Web Security: Cookies, Domains and CORS - Юрий Чайков...WebCamp: Developer Day: Web Security: Cookies, Domains and CORS - Юрий Чайков...
WebCamp: Developer Day: Web Security: Cookies, Domains and CORS - Юрий Чайков...GeeksLab Odessa
 
PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...
PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...
PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...Puppet
 
Proxysql sharding
Proxysql shardingProxysql sharding
Proxysql shardingMarco Tusa
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Anna Klepacka
 
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processguest3379bd
 
cephfs with openstack manila based on bluestore and erasure code
cephfs with openstack manila based on bluestore and erasure codecephfs with openstack manila based on bluestore and erasure code
cephfs with openstack manila based on bluestore and erasure codeJangseon Ryu
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxFernandoVizer
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing ReportAman Srivastava
 
WordPress + NGINX Best Practices with EasyEngine
WordPress + NGINX Best Practices with EasyEngineWordPress + NGINX Best Practices with EasyEngine
WordPress + NGINX Best Practices with EasyEngineNGINX, Inc.
 
Mitigate Maliciousness -- jQuery Europe 2013
Mitigate Maliciousness -- jQuery Europe 2013Mitigate Maliciousness -- jQuery Europe 2013
Mitigate Maliciousness -- jQuery Europe 2013Mike West
 

Similar to Tecnologias Open Source para Alta Disponibilidade e Segurança de Aplicações Web (20)

Nginx + PHP
Nginx + PHPNginx + PHP
Nginx + PHP
 
How to build a High Performance PSGI/Plack Server
How to build a High Performance PSGI/Plack Server How to build a High Performance PSGI/Plack Server
How to build a High Performance PSGI/Plack Server
 
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINX
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINX
 
Kong API Gateway
Kong API Gateway Kong API Gateway
Kong API Gateway
 
Monkey man
Monkey manMonkey man
Monkey man
 
Facebook的缓存系统
Facebook的缓存系统Facebook的缓存系统
Facebook的缓存系统
 
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
 
4069180 Caching Performance Lessons From Facebook
4069180 Caching Performance Lessons From Facebook4069180 Caching Performance Lessons From Facebook
4069180 Caching Performance Lessons From Facebook
 
WebCamp: Developer Day: Web Security: Cookies, Domains and CORS - Юрий Чайков...
WebCamp: Developer Day: Web Security: Cookies, Domains and CORS - Юрий Чайков...WebCamp: Developer Day: Web Security: Cookies, Domains and CORS - Юрий Чайков...
WebCamp: Developer Day: Web Security: Cookies, Domains and CORS - Юрий Чайков...
 
PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...
PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...
PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...
 
Proxysql sharding
Proxysql shardingProxysql sharding
Proxysql sharding
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
 
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
 
cephfs with openstack manila based on bluestore and erasure code
cephfs with openstack manila based on bluestore and erasure codecephfs with openstack manila based on bluestore and erasure code
cephfs with openstack manila based on bluestore and erasure code
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing Report
 
WordPress + NGINX Best Practices with EasyEngine
WordPress + NGINX Best Practices with EasyEngineWordPress + NGINX Best Practices with EasyEngine
WordPress + NGINX Best Practices with EasyEngine
 
Mitigate Maliciousness -- jQuery Europe 2013
Mitigate Maliciousness -- jQuery Europe 2013Mitigate Maliciousness -- jQuery Europe 2013
Mitigate Maliciousness -- jQuery Europe 2013
 

More from Alexandro Silva

Usando Ansible para Orquestração de Segurança e Conformidade
Usando Ansible para Orquestração de Segurança e ConformidadeUsando Ansible para Orquestração de Segurança e Conformidade
Usando Ansible para Orquestração de Segurança e ConformidadeAlexandro Silva
 
TOR - Navegando na internet sem ser rastreado
TOR - Navegando na internet sem ser rastreadoTOR - Navegando na internet sem ser rastreado
TOR - Navegando na internet sem ser rastreadoAlexandro Silva
 
Criando um appliance Open Source para mitigar vulnerabilidades de serviços e ...
Criando um appliance Open Source para mitigar vulnerabilidades de serviços e ...Criando um appliance Open Source para mitigar vulnerabilidades de serviços e ...
Criando um appliance Open Source para mitigar vulnerabilidades de serviços e ...Alexandro Silva
 
Mantendo o queijo-suíco seguro dos ratos através de virtual patching.
Mantendo o queijo-suíco seguro dos ratos através de virtual patching.Mantendo o queijo-suíco seguro dos ratos através de virtual patching.
Mantendo o queijo-suíco seguro dos ratos através de virtual patching.Alexandro Silva
 
De volta as origens... Um overview sobre a relação entre o Debian e o Ubuntu
De volta as origens... Um overview sobre a relação entre o Debian e o UbuntuDe volta as origens... Um overview sobre a relação entre o Debian e o Ubuntu
De volta as origens... Um overview sobre a relação entre o Debian e o UbuntuAlexandro Silva
 
Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas ( Versão Segi...
Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas ( Versão Segi... Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas ( Versão Segi...
Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas ( Versão Segi...Alexandro Silva
 
Cloud Computing - Security in the Cloud
Cloud Computing - Security in the CloudCloud Computing - Security in the Cloud
Cloud Computing - Security in the CloudAlexandro Silva
 
Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas
Proteja sua Hovercraft: Mantendo sua nave livre dos SentinelasProteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas
Proteja sua Hovercraft: Mantendo sua nave livre dos SentinelasAlexandro Silva
 

More from Alexandro Silva (9)

Usando Ansible para Orquestração de Segurança e Conformidade
Usando Ansible para Orquestração de Segurança e ConformidadeUsando Ansible para Orquestração de Segurança e Conformidade
Usando Ansible para Orquestração de Segurança e Conformidade
 
TOR - Navegando na internet sem ser rastreado
TOR - Navegando na internet sem ser rastreadoTOR - Navegando na internet sem ser rastreado
TOR - Navegando na internet sem ser rastreado
 
Criando um appliance Open Source para mitigar vulnerabilidades de serviços e ...
Criando um appliance Open Source para mitigar vulnerabilidades de serviços e ...Criando um appliance Open Source para mitigar vulnerabilidades de serviços e ...
Criando um appliance Open Source para mitigar vulnerabilidades de serviços e ...
 
Mantendo o queijo-suíco seguro dos ratos através de virtual patching.
Mantendo o queijo-suíco seguro dos ratos através de virtual patching.Mantendo o queijo-suíco seguro dos ratos através de virtual patching.
Mantendo o queijo-suíco seguro dos ratos através de virtual patching.
 
De volta as origens... Um overview sobre a relação entre o Debian e o Ubuntu
De volta as origens... Um overview sobre a relação entre o Debian e o UbuntuDe volta as origens... Um overview sobre a relação entre o Debian e o Ubuntu
De volta as origens... Um overview sobre a relação entre o Debian e o Ubuntu
 
F*cking JBoss Pwned
F*cking JBoss PwnedF*cking JBoss Pwned
F*cking JBoss Pwned
 
Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas ( Versão Segi...
Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas ( Versão Segi... Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas ( Versão Segi...
Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas ( Versão Segi...
 
Cloud Computing - Security in the Cloud
Cloud Computing - Security in the CloudCloud Computing - Security in the Cloud
Cloud Computing - Security in the Cloud
 
Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas
Proteja sua Hovercraft: Mantendo sua nave livre dos SentinelasProteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas
Proteja sua Hovercraft: Mantendo sua nave livre dos Sentinelas
 

Recently uploaded

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Recently uploaded (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Tecnologias Open Source para Alta Disponibilidade e Segurança de Aplicações Web

  • 1. Tecnologias Open Source para Alta Disponibilidade e Segurança de Aplicações Web Alexandro Silva alexos@alexos.org http://alexos.org Jun/16
  • 2.
  • 3.
  • 6.
  • 10.
  • 11.
  • 12.
  • 13.
  • 15.
  • 17.
  • 19. ● Redução no consumo – Banda – Recursos backend ● Alta disponibilidade ● Caching ● Gerenciamento centralizado
  • 20.
  • 21. ● Desenvolvido por Igor Sysoev ● Usado por 27% dos sites mais acessados Fonte: Netcraft - http://news.netcraft.com/archives/2016/06/22/june-2016-web-server-survey.html
  • 22. proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my-cache:8m max_size=1000m inactive=600m; proxy_temp_path /var/cache/tmp; proxy_max_temp_file_size 0; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_cache_methods GET HEAD POST; nginx.conf
  • 24. # Protecao contra DoS client_body_buffer_size 1K; client_header_buffer_size 1k; client_max_body_size 2M; large_client_header_buffers 2 1k; client_body_timeout 10; client_header_timeout 10; keepalive_timeout 5 5; send_timeout 10; # Remove Banner server_tokens off; # Limita o maximo de conexoes concorrentes por IP limit_conn_zone $binary_remote_addr zone=addr:10m; limit_conn addr 10; # Headers add_header X-Content-Type-Options nosniff; add_header Strict-Transport-Security max-age=31536000; add_header X-Frame-Options SAMEORIGIN; add_header X-XSS-Protection "1; mode=block"; add_header X-WebKit-CSP "default-src 'none'; script-src 'self'; connect-src: 'self'; img- src: 'self'; style-src: 'self'"; add_header Access-Control-Allow-Origin "'*'"; add_header X-Download-Options "noopen"; add_header X-Content-Security-Policy default-src 'none'; script-src 'self'; connect-src: 'self'; img-src: 'self'; style-src: 'self';
  • 25.
  • 27. upstream acme { ip_hash; server 192.168.0.2; server 192.168.0.3; server 192.168.0.4; } vhost
  • 28. upstream acme { ip_hash; server 192.168.0.2 weight=1; server 192.168.0.3 weight=2; server 192.168.0.4 weight=3; } vhost
  • 29. upstream acme { ip_hash; server 192.168.0.2 max_fails=3 fail_timeout=30s; server 192.168.0.3; server 192.168.0.4 down; server 192.168.0.5 } vhost
  • 30.
  • 31.
  • 33. logfile /var/log/ha-log keepalive 1 deadtime 5 udpport 694 ucast eth0 192.168.0.1 lauto_failback on node wafmaster node wafbackup ha.conf
  • 35.
  • 37.
  • 38. ● Desenvolvido por Thibault Koechlin ● Desenvolvido para o Nginx ● Não usa assinaturas para detectar e bloquear ataques. ● Identifica caracteres arbitrários em requisições HTTP. ● Faz um score de caracteres arbitrários,como um antispam. ● Virtual Patching
  • 39. # Naxsi WAF include /etc/nginx/naxsi_core.rules; nginx.conf
  • 40. include /usr/local/etc/nginx/naxsi.rules; error_page 500 http://acme; error_page 403 http://acme; error_page 404 http://acme; #Naxsi Learning Mode location /RequestDenied { return 500; } vhost
  • 42. LearningMode; #Enables learning mode SecRulesEnabled; #SecRulesDisabled; DeniedUrl "/RequestDenied"; ## check rules CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$EVADE >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; naxsi_rules
  • 43. 2013/11/26 08:24:09 [error] 661#0: *8362 NAXSI_FMT: ip=192.168.0.5&server=acme&uri=/&learning=1&total_processed= 1843&total_blocked=184, client: 192.168.0.5, server: acme, request: "GET /? action=learn&paper=http://milw0rm.com/papers/173&type=SQLi'% 20or%20(sleep(2)%2b1)%20limit%201%20--%20 HTTP/1.1", host: "acme", referrer: "http://acme:80/" log
  • 45. $ nx_util -d acme -o ########### Optimized Rules Suggestion ################## # total_count:28 (8.24%), peer_count:1 (100.0%) | ], possible js BasicRule wl:1311 "mz:$ARGS_VAR:fltr[]|NAME"; # total_count:28 (8.24%), peer_count:1 (100.0%) | [, possible js BasicRule wl:1310 "mz:$ARGS_VAR:fltr[]|NAME"; # total_count:28 (8.24%), peer_count:1 (100.0%) | html close tag BasicRule wl:1303 "mz:$ARGS_VAR:fltr[]"; # total_count:28 (8.24%), peer_count:1 (100.0%) | ; in stuff BasicRule wl:1008 "mz:$ARGS_VAR:fltr[]"; # total_count:28 (8.24%), peer_count:1 (100.0%) | mysql keyword (|) BasicRule wl:1005 "mz:$ARGS_VAR:fltr[]"; # total_count:27 (7.94%), peer_count:1 (100.0%) | double dot BasicRule wl:1202 "mz:$URL:/..Á..Á..Á..Á..Á..Á..Á..Á/etc/passwd|URL"; # total_count:1 (0.29%), peer_count:1 (100.0%) | 0x, possible hex encoding BasicRule wl:1002 "mz: $URL:/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini|URL"; # total_count:1 (0.29%), peer_count:1 (100.0%) | 0x, possible hex encoding BasicRule wl:1002 "mz:$URL:/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cetc/passwd| URL"; # total_count:1 (0.29%), peer_count:1 (100.0%) | obvious probe BasicRule wl:1202 "mz:$URL:/.../.../.../.../.../.../.../.../etc/passwd|URL"; # total_count:1 (0.29%), peer_count:1 (100.0%) | obvious probe BasicRule wl:1202 "mz:$URL:/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c.. %c1%9c..%c1%9c/etc/passwd|URL"; # total_count:1 (0.29%), peer_count:1 (100.0%) | obvious probe
  • 46.
  • 47.
  • 50. Considerações ● Replicação: – Banco de dados – Arquivos ● Performance Tuning ● Banda disponível ● Evitar elementos que possam gerar gargalo ● Monitoramento – Munin – Zabbix
  • 51. Links ✔ Nginx - http://nginx.org/ ✔ Naxsi - https://github.com/nbs-system/naxsi/ ✔ Heartbeat – http://linux-ha.org/wiki/Heartbeat ✔ Munin – http://munin-monitoring.org/ ✔ Zabbix – http://www.zabbix.com/ ✔ Alexos Core Labs – http://alexos.org