Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Web Application Security
From reactive to proactive
Eugenij Safonov
WebOps Engineer / Scrum Master / Kainos Smart
18 May 2...
5/24/16 2●
Health
5/24/16 3●
InfoSec
Informati
on
Security
Pricedaily=
Risk yearly∗Costbreach
365
5/24/16 4●
InfoSec
Confidentiality
●
Access Control Systems
●
Encryption
●
Obscurity
Integrity
●
Access Logs
●
Hashing
Ava...
Best practices
5/24/16 5●
Best practices
Obscurity
●
SSH ports
●
Random
usernames
●
Non-default
settings
Layering
●
MFA
●
...
Security
habit loop
5/24/16 6●
Habit loop
Learn
Communicate
Celebrate
Probe
Automate
Habit
●
Three 'R's of habit formation
●
Support group
●
Start small
Security basics
●
CIA Triad
●
Best Practices
Compromis...
Atmosphere 2016 - Eugenij Safanov - Web Application Security: from reactive to proactive
Upcoming SlideShare
Loading in …5
×

Atmosphere 2016 - Eugenij Safanov - Web Application Security: from reactive to proactive

136 views

Published on



Security on the Web is gaining more and more attention from both sides of the fence these days. Intruders become more skillful and well equipped and enterprises try their best to be at least one step ahead. Both sides craft more sophisticated and powerful tools in a an endless arms race. How to keep up and not overwhelm yourself?

Here in Kainos Smart we believe we've got an answer.

This talk is both a reminder of some of the basic principles of Web application security, best practices and a tale of our journey to becoming SOC2 certified. Main focus here is how to adapt to a massive changes from a WebOps perspective.

Published in: Technology
  • Be the first to comment

Atmosphere 2016 - Eugenij Safanov - Web Application Security: from reactive to proactive

  1. 1. Web Application Security From reactive to proactive Eugenij Safonov WebOps Engineer / Scrum Master / Kainos Smart 18 May 2016
  2. 2. 5/24/16 2● Health
  3. 3. 5/24/16 3● InfoSec Informati on Security Pricedaily= Risk yearly∗Costbreach 365
  4. 4. 5/24/16 4● InfoSec Confidentiality ● Access Control Systems ● Encryption ● Obscurity Integrity ● Access Logs ● Hashing Availability ● Fault-tolerance ● Redundancy ● Disaster recovery C A I
  5. 5. Best practices 5/24/16 5● Best practices Obscurity ● SSH ports ● Random usernames ● Non-default settings Layering ● MFA ● Network → TrueCrypt → SSH Key → OTP → sudo pass Least privilege ● Deny by default ● Disable root ● Named accounts Separation of duties ● Code reviews ● Deployment approvals ● Operations audit
  6. 6. Security habit loop 5/24/16 6● Habit loop Learn Communicate Celebrate Probe Automate
  7. 7. Habit ● Three 'R's of habit formation ● Support group ● Start small Security basics ● CIA Triad ● Best Practices Compromise ● Security vs Usability 5/24/165/24/16 77● Conclusion● Conclusion Be healthy Be secure

×