Old Problems,     New ToolsKeeping It Realtime // 2011 // Adam Baldwin
Hi. I’m AdamKeeping it Realtime   //   @adam_baldwin
Keeping it Realtime   //   @adam_baldwin
Introduction         Co-Founder of nGenuity              Penetration Tester                 evilpacket.netKeeping it Realt...
Keeping it Realtime   //   @adam_baldwin
State of ThingsKeeping it Realtime   //   @adam_baldwin
secure DefaultsKeeping it Realtime   //   @adam_baldwin
A security lesson: instead ofaction and safe_action,your API should be actionand unsafe_action.Safe should be the default ...
Better Examples(docs that donʼt suck)Keeping it Realtime   //   @adam_baldwin
Socket.ioKeeping it Realtime   //   @adam_baldwin
Set Origins by DefaultLog WarningsBetter Examples     Keeping it Realtime   //   @adam_baldwin
Express, et alKeeping it Realtime   //   @adam_baldwin
CSRF Protection by DefaultBetter Examples / Improved BoilerplateAnti-Evil Headers™ on by Default     Keeping it Realtime  ...
Magical headers are magical.X-FRAME-OPTIONSContent Security Policy (CSP)     Keeping it Realtime   //   @adam_baldwin
Jade, et alKeeping it Realtime   //   @adam_baldwin
&<>‘“Keeping it Realtime   //   @adam_baldwin
If you fell asleep;-Set socket.io origins-Properly authorize sockets-Use CSRF tokens-Contextual Output encoding-Do all thi...
Keeping it Realtime   //   @adam_baldwin
Questions?adam@ngenuity-is.com // @adam_baldwin
Upcoming SlideShare
Loading in …5
×

Security of realtime Systems; old attacks, new tools

784 views

Published on

node.js, socket.io, express and other technologies are simply awesome for the real time web. They are enabling front end javascript developers to take their skills to the server. This does not come without a price. Adam will discuss his experiences and thoughts on securing real time systems built on some of these technologies, the talk hopes to promote positive discussion not finger pointing of how we as a community can avoid the pitfalls of the past and make the realtime web a safer place.

Adam is the co-founder of nGenuity where he focuses on helping developers ship secure code.

Published in: Technology, Economy & Finance
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
784
On SlideShare
0
From Embeds
0
Number of Embeds
52
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Security of realtime Systems; old attacks, new tools

    1. 1. Old Problems, New ToolsKeeping It Realtime // 2011 // Adam Baldwin
    2. 2. Hi. I’m AdamKeeping it Realtime // @adam_baldwin
    3. 3. Keeping it Realtime // @adam_baldwin
    4. 4. Introduction Co-Founder of nGenuity Penetration Tester evilpacket.netKeeping it Realtime // @adam_baldwin
    5. 5. Keeping it Realtime // @adam_baldwin
    6. 6. State of ThingsKeeping it Realtime // @adam_baldwin
    7. 7. secure DefaultsKeeping it Realtime // @adam_baldwin
    8. 8. A security lesson: instead ofaction and safe_action,your API should be actionand unsafe_action.Safe should be the default / via @jezdez Keeping it Realtime // @adam_baldwin
    9. 9. Better Examples(docs that donʼt suck)Keeping it Realtime // @adam_baldwin
    10. 10. Socket.ioKeeping it Realtime // @adam_baldwin
    11. 11. Set Origins by DefaultLog WarningsBetter Examples Keeping it Realtime // @adam_baldwin
    12. 12. Express, et alKeeping it Realtime // @adam_baldwin
    13. 13. CSRF Protection by DefaultBetter Examples / Improved BoilerplateAnti-Evil Headers™ on by Default Keeping it Realtime // @adam_baldwin
    14. 14. Magical headers are magical.X-FRAME-OPTIONSContent Security Policy (CSP) Keeping it Realtime // @adam_baldwin
    15. 15. Jade, et alKeeping it Realtime // @adam_baldwin
    16. 16. &<>‘“Keeping it Realtime // @adam_baldwin
    17. 17. If you fell asleep;-Set socket.io origins-Properly authorize sockets-Use CSRF tokens-Contextual Output encoding-Do all this by default-Write better docs Keeping it Realtime // @adam_baldwin
    18. 18. Keeping it Realtime // @adam_baldwin
    19. 19. Questions?adam@ngenuity-is.com // @adam_baldwin

    ×