Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Code Review and Security 
Audit in Private Cloud 
@karfianto 
UKP4
About Me 
• UPN alumnus 
• civil cervant 
• sysadmin 
• system analyst 
• app tester
Things I Like 
• foss 
• website optimization 
• system security 
• wireframing
Managed Projects 
data.id
Problems in App Development 
• design 
• functionality test 
• security test 
• maintenance
Problem: Maintenance 
From: sysadmin 
Hi Developers, 
There’s a bug in your app 
From: postmaster 
Error 
User not found d...
Security Test 
• Blackbox 
• Greybox 
• Whitebox (Code Review)
Problem: Access to Source 
Code 
From: Developers 
Hi sysadmin, 
We found some bugs in the 
app, we will patch soon 
From:...
Problem: No Changes History 
From: Developers 
Hi sysadmin, 
We found some bugs in the 
app, we will patch soon 
From: Sys...
500 Internal Server Error 
From: Sysadmin 
Hi developer, 
There’s another error after 
patching. Please roll them 
back .....
Let’s Make Our Job Easier 
• Create source code repository 
• Use versioning 
• Control user access to the code 
• No acce...
Free Source Code Hosting
Make It Private 
• security 
• availability 
• policy compliance (e.g. iso27001)
...and Flexible 
Using Cloud Infrastructure 
• Flexible Resource 
• Cloning 
• High Availability 
• Snapshot and Restore
Model
How These Stuffs Work 
• VPN Tunneling
Related Tools 
• Git : a version control system 
• Gitweb : the git web interface 
• Gitosis : repository access control 
...
Creating a Repository 
root@revision-control ~# ./addrepo.sh 
Please enter repository name and description 
Name :sample-a...
Gitosis Config 
Copy the public key to server 
Then edit gitosis.conf.. 
[group sample-app2] 
writable = sample-app2 
memb...
Clone and Review
Thank You
Upcoming SlideShare
Loading in …5
×

Code review and security audit in private cloud - Arief Karfianto

1,145 views

Published on

Code review and security audit in private cloud

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Code review and security audit in private cloud - Arief Karfianto

  1. 1. Code Review and Security Audit in Private Cloud @karfianto UKP4
  2. 2. About Me • UPN alumnus • civil cervant • sysadmin • system analyst • app tester
  3. 3. Things I Like • foss • website optimization • system security • wireframing
  4. 4. Managed Projects data.id
  5. 5. Problems in App Development • design • functionality test • security test • maintenance
  6. 6. Problem: Maintenance From: sysadmin Hi Developers, There’s a bug in your app From: postmaster Error User not found dude@expert.com
  7. 7. Security Test • Blackbox • Greybox • Whitebox (Code Review)
  8. 8. Problem: Access to Source Code From: Developers Hi sysadmin, We found some bugs in the app, we will patch soon From: Sysadmin Hi developer, Username: root Password: 123456
  9. 9. Problem: No Changes History From: Developers Hi sysadmin, We found some bugs in the app, we will patch soon From: Sysadmin Hi developer, Please send me the changed php files..
  10. 10. 500 Internal Server Error From: Sysadmin Hi developer, There’s another error after patching. Please roll them back ..!!
  11. 11. Let’s Make Our Job Easier • Create source code repository • Use versioning • Control user access to the code • No access to production servers
  12. 12. Free Source Code Hosting
  13. 13. Make It Private • security • availability • policy compliance (e.g. iso27001)
  14. 14. ...and Flexible Using Cloud Infrastructure • Flexible Resource • Cloning • High Availability • Snapshot and Restore
  15. 15. Model
  16. 16. How These Stuffs Work • VPN Tunneling
  17. 17. Related Tools • Git : a version control system • Gitweb : the git web interface • Gitosis : repository access control • VPN & SSH : tunneled access
  18. 18. Creating a Repository root@revision-control ~# ./addrepo.sh Please enter repository name and description Name :sample-app2 Description :Sample application 2.0 Creating a repository... Initialized empty Git repository in /srv/repos/git/sample-app2/.git/ # On branch master # # Initial commit # nothing to commit (create/copy files and use "git add" to track) Cloning into bare repository repositories/sample-app2.git... done. warning: You appear to have cloned an empty repository. [Done]
  19. 19. Gitosis Config Copy the public key to server Then edit gitosis.conf.. [group sample-app2] writable = sample-app2 members = intruder@LENOVOY460 John@Doe.PC
  20. 20. Clone and Review
  21. 21. Thank You

×