SlideShare a Scribd company logo

Developers Focus on Security-Minded Tooling - Quintis Venter

Thoughtworks
Thoughtworks

The document discusses security best practices for developers, including server hardening techniques like encrypting communications, keeping software updated, using strong passwords, and minimizing open ports. It also recommends security-minded tooling like Linux security modules (SELinux, AppArmor), encryption tools for source code repositories (Blackbox), two-factor authentication (TOTP), and open identity standards (OpenID Connect). The parting thought is that security is a process rather than a single product.

Technology
1 of 19
Download to read offline
DEVELOPERS FOCUS ON SECURITY-MINDED TOOLING Q u i n t i s Ve n t e r | @ c u e v e e
DATA  LEAKS  AND  BREACHES:   A  YEAR  TO  REMEMBER  
3  
COST  TO  BUSINESS   4  
SECURITY-­‐MINDED?   YOU  MUST  HAVE  ME  CONFUSED  WITH  THE  SYS  ADMIN  
WHOSE  RESPONSIBILITY  IS  IT?   6  
CULTURE   7  
SERVER  HARDENING   8   •  Use Data Encryption for your Communications •  Avoid using insecure protocols that send your information or passwords in plain text. •  Minimize unnecessary software on your servers. •  Disable Unwanted SUID and SGID Binaries •  Keep your operating system up to date, especially security patches. •  Using security extensions is a plus. •  When using Linux, SELinux should be considered. Linux server hardening is a primary focus for the web hosting industry, however in web hosting SELinux is probably not a good option as it often causes issues when the server is used for web hosting purposes. •  User Accounts should have very strong passwords •  Change passwords on a regular basis and do not reuse them •  Lock accounts after too many login failures. Often these login failures are illegitimate attempts to gain access to your system.
SERVER  HARDENING   9   •  Do not permit empty passwords. •  SSH Hardening •  Change the port from default to a non standard one •  Disable direct root logins. Switch to root from a lower level account only when necessary. •  Unnecessary services should be disabled. Disable all instances of IRC - BitchX, bnc, eggdrop, generic-sniffers, guardservices, ircd, psyBNC, ptlink. •  Securing /tmp /var/tmp /dev/shm •  Hide BIND DNS Sever Version and Apache version •  Hardening sysctl.conf •  Server hardenining by installing Root Kit Hunter and ChrootKit hunter. •  Minimize open network ports to be only what is needed for your specific circumstances. •  Configure the system firewall (Iptables) or get a software installed like CSF or APF. Proper setup of a firewall itself can prevent many attacks.
SERVER  HARDENING   10   •  Consider also using a hardware firewall •  Separate partitions in ways that make your system more secure. •  Disable unwanted binaries •  Maintain server logs; mirror logs to a separate log server •  Install Logwatch and review logwatch emails daily. Investigate any suspicious activity on your server. •  Use brute force and intrusion detection systems •  Install Linux Socket Monitor - Detects/alerts when new sockets are created on your system, often revealing hacker activity •  Install Mod_security as Webserver Hardening •  Hardening the Php installation •  Limit user accounts to accessing only what they need. Increased access should only be on an as-needed basis. •  Maintain proper backups •  Don't forget about physical server security
SECURITY-­‐MINDED  TOOLING   11  
LINUX  SECURITY  MODULES   12   SELinux AppArmor Smackgrsecurity
BLACKBOX   13   Encrypting files at rest in your repo For git, hg, svn
14   Collaboration
TOTP:  TIME-­‐BASED  OTP   15   Cornerstone of OAUTH Two-factor authentication
OPENID  CONNECT   16   Simple identity layer on top of OAUTH 2.0
PARTING  THOUGHT   17   Security is a process, not a product
MORE  INFO  &  QUESTIONS   18   https://github.com/StackExchange/blackbox http://en.wikipedia.org/wiki/Time-based_One- time_Password_Algorithm http://openid.net/connect/
THANK  YOU   For questions or suggestions: Quintis Venter | @cuevee

Recommended

Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
MehtabRohela
 
Cisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric VanderburgCisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric Vanderburg
Eric Vanderburg
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
Bryley Systems Inc.
 
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
Pranav Gontalwar
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02
devidas shinde
 
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
MehtabRohela
 
nessus
nessusnessus
nessus
Muhammad Yasin
 

Recommended

Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
MehtabRohela
 
Cisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric VanderburgCisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric Vanderburg
Eric Vanderburg
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
Bryley Systems Inc.
 
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
Pranav Gontalwar
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02
devidas shinde
 
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
MehtabRohela
 
nessus
nessusnessus
nessus
Muhammad Yasin
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
edavid2685
 
Firewall
FirewallFirewall
Firewall
Mohanasundaram Nattudurai
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
Ajit Dadresa
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
Romansh Yadav
 
Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?
DevOps.com
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
Megha Sahu
 
Mod security
Mod securityMod security
Mod security
Shruthi Kamath
 
Protect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS ProtectionProtect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS Protection
Imperva Incapsula
 
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate PerformanceIncapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Imperva Incapsula
 
Migrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowMigrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to Know
Imperva Incapsula
 
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPSBreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
Ixia
 
Lession 8
Lession 8Lession 8
Lession 8
Vietfreelancer Expert
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1
Frank Avila Zapata
 
Firewall intro
Firewall introFirewall intro
Firewall introamar_panchal
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShell
kieranjacobsen
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
Imperva Incapsula
 
Cci Welcome
Cci WelcomeCci Welcome
Cci Welcome
SoftLayer Technologies
 
Web Server Hardening
Web Server HardeningWeb Server Hardening
Web Server Hardening
n|u - The Open Security Community
 
Activity stream - How to feed the Beast
Activity stream - How to feed the BeastActivity stream - How to feed the Beast
Activity stream - How to feed the Beast
Andreas Artner
 
DNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS ProtectionDNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS Protection
Imperva Incapsula
 
Learnings from Mobile Application Testing
Learnings from Mobile Application TestingLearnings from Mobile Application Testing
Learnings from Mobile Application Testing
Thoughtworks
 
Mobile - More than just an app
Mobile - More than just an appMobile - More than just an app
Mobile - More than just an app
Thoughtworks
 

More Related Content

What's hot

System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
edavid2685
 
Firewall
FirewallFirewall
Firewall
Mohanasundaram Nattudurai
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
Ajit Dadresa
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
Romansh Yadav
 
Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?
DevOps.com
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
Megha Sahu
 
Mod security
Mod securityMod security
Mod security
Shruthi Kamath
 
Protect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS ProtectionProtect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS Protection
Imperva Incapsula
 
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate PerformanceIncapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Imperva Incapsula
 
Migrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowMigrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to Know
Imperva Incapsula
 
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPSBreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
Ixia
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1
Frank Avila Zapata
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShell
kieranjacobsen
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
Imperva Incapsula
 
Cci Welcome
Cci WelcomeCci Welcome
Cci Welcome
SoftLayer Technologies
 
Web Server Hardening
Web Server HardeningWeb Server Hardening
Web Server Hardening
n|u - The Open Security Community
 
Activity stream - How to feed the Beast
Activity stream - How to feed the BeastActivity stream - How to feed the Beast
Activity stream - How to feed the Beast
Andreas Artner
 
DNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS ProtectionDNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS Protection
Imperva Incapsula
 

What's hot (20)

System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 
Firewall
FirewallFirewall
Firewall
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
 
Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
 
Mod security
Mod securityMod security
Mod security
 
Protect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS ProtectionProtect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS Protection
 
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate PerformanceIncapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
 
Migrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowMigrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to Know
 
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPSBreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
 
Lession 8
Lession 8Lession 8
Lession 8
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1
 
Firewall intro
Firewall introFirewall intro
Firewall intro
 
Lateral Movement with PowerShell
Lateral Movement with PowerShellLateral Movement with PowerShell
Lateral Movement with PowerShell
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
 
Cci Welcome
Cci WelcomeCci Welcome
Cci Welcome
 
Web Server Hardening
Web Server HardeningWeb Server Hardening
Web Server Hardening
 
Activity stream - How to feed the Beast
Activity stream - How to feed the BeastActivity stream - How to feed the Beast
Activity stream - How to feed the Beast
 
DNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS ProtectionDNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS Protection
 

Viewers also liked

Learnings from Mobile Application Testing
Learnings from Mobile Application TestingLearnings from Mobile Application Testing
Learnings from Mobile Application Testing
Thoughtworks
 
Mobile - More than just an app
Mobile - More than just an appMobile - More than just an app
Mobile - More than just an app
Thoughtworks
 
Distributed agile testing for enterprises
Distributed agile testing for enterprisesDistributed agile testing for enterprises
Distributed agile testing for enterprises
Thoughtworks
 
How do you accelerate your enterprise agility?
How do you accelerate your enterprise agility?How do you accelerate your enterprise agility?
How do you accelerate your enterprise agility?
Thoughtworks
 
Cafe agil em Recife - Agile and Design
Cafe agil em Recife - Agile and DesignCafe agil em Recife - Agile and Design
Cafe agil em Recife - Agile and DesignThoughtworks
 
Automating the Polymer Way
Automating the Polymer WayAutomating the Polymer Way
Automating the Polymer Way
Thoughtworks
 
What can possibly get from the 11.11 - 2014ThoughtWorks Live China
What can possibly get from the 11.11 - 2014ThoughtWorks Live ChinaWhat can possibly get from the 11.11 - 2014ThoughtWorks Live China
What can possibly get from the 11.11 - 2014ThoughtWorks Live China
Thoughtworks
 

Viewers also liked (7)

Learnings from Mobile Application Testing
Learnings from Mobile Application TestingLearnings from Mobile Application Testing
Learnings from Mobile Application Testing
 
Mobile - More than just an app
Mobile - More than just an appMobile - More than just an app
Mobile - More than just an app
 
Distributed agile testing for enterprises
Distributed agile testing for enterprisesDistributed agile testing for enterprises
Distributed agile testing for enterprises
 
How do you accelerate your enterprise agility?
How do you accelerate your enterprise agility?How do you accelerate your enterprise agility?
How do you accelerate your enterprise agility?
 
Cafe agil em Recife - Agile and Design
Cafe agil em Recife - Agile and DesignCafe agil em Recife - Agile and Design
Cafe agil em Recife - Agile and Design
 
Automating the Polymer Way
Automating the Polymer WayAutomating the Polymer Way
Automating the Polymer Way
 
What can possibly get from the 11.11 - 2014ThoughtWorks Live China
What can possibly get from the 11.11 - 2014ThoughtWorks Live ChinaWhat can possibly get from the 11.11 - 2014ThoughtWorks Live China
What can possibly get from the 11.11 - 2014ThoughtWorks Live China
 

Similar to Developers Focus on Security-Minded Tooling - Quintis Venter

Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
Sam Bowne
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS Vulnerabilites
Sam Bowne
 
Chapter08
Chapter08Chapter08
Chapter08
Muhammad Ahad
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hackingDesmond Devendran
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
Waqas Ahmed Nawaz
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdf
ThangDang53
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Andrejs Prokopjevs
 
Systems administration for coders presentation
Systems administration for coders presentationSystems administration for coders presentation
Systems administration for coders presentation
Matt Willsher
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
Inductive Automation
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
Inductive Automation
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the application
Matthew Saltzman
 
OWASP Top 10 2017
OWASP Top 10 2017OWASP Top 10 2017
OWASP Top 10 2017
Siddharth Phatarphod
 
CNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesCNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS Vulnerabilities
Sam Bowne
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtube
Dhruv Sharma
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
Volodymyr Shynkar
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
ibrahimumer2
 
12-Factor Apps
12-Factor Apps12-Factor Apps
12-Factor Apps
Siva Rama Krishna Chunduru
 
How To Protect Your Network with Firewall Security?
How To Protect Your Network with Firewall Security?How To Protect Your Network with Firewall Security?
How To Protect Your Network with Firewall Security?
IT AMC Support Dubai - Techno Edge Systems LLC
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
Sam Bowne
 
linux - Google Docs.pdf
linux - Google Docs.pdflinux - Google Docs.pdf
linux - Google Docs.pdf
AkankshaSingh702
 

Similar to Developers Focus on Security-Minded Tooling - Quintis Venter (20)

Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS Vulnerabilites
 
Chapter08
Chapter08Chapter08
Chapter08
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdf
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
 
Systems administration for coders presentation
Systems administration for coders presentationSystems administration for coders presentation
Systems administration for coders presentation
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the application
 
OWASP Top 10 2017
OWASP Top 10 2017OWASP Top 10 2017
OWASP Top 10 2017
 
CNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesCNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS Vulnerabilities
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtube
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
 
12-Factor Apps
12-Factor Apps12-Factor Apps
12-Factor Apps
 
How To Protect Your Network with Firewall Security?
How To Protect Your Network with Firewall Security?How To Protect Your Network with Firewall Security?
How To Protect Your Network with Firewall Security?
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
 
linux - Google Docs.pdf
linux - Google Docs.pdflinux - Google Docs.pdf
linux - Google Docs.pdf
 

More from Thoughtworks

Design System as a Product
Design System as a ProductDesign System as a Product
Design System as a Product
Thoughtworks
 
Designers, Developers & Dogs
Designers, Developers & DogsDesigners, Developers & Dogs
Designers, Developers & Dogs
Thoughtworks
 
Cloud-first for fast innovation
Cloud-first for fast innovationCloud-first for fast innovation
Cloud-first for fast innovation
Thoughtworks
 
More impact with flexible teams
More impact with flexible teamsMore impact with flexible teams
More impact with flexible teams
Thoughtworks
 
Culture of Innovation
Culture of InnovationCulture of Innovation
Culture of Innovation
Thoughtworks
 
Dual-Track Agile
Dual-Track AgileDual-Track Agile
Dual-Track Agile
Thoughtworks
 
Developer Experience
Developer ExperienceDeveloper Experience
Developer Experience
Thoughtworks
 
When we design together
When we design togetherWhen we design together
When we design together
Thoughtworks
 
Hardware is hard(er)
Hardware is hard(er)Hardware is hard(er)
Hardware is hard(er)
Thoughtworks
 
Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloud Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloud
Thoughtworks
 
Amazon's Culture of Innovation
Amazon's Culture of InnovationAmazon's Culture of Innovation
Amazon's Culture of Innovation
Thoughtworks
 
When in doubt, go live
When in doubt, go liveWhen in doubt, go live
When in doubt, go live
Thoughtworks
 
Don't cross the Rubicon
Don't cross the RubiconDon't cross the Rubicon
Don't cross the Rubicon
Thoughtworks
 
Error handling
Error handlingError handling
Error handling
Thoughtworks
 
Your test coverage is a lie!
Your test coverage is a lie!Your test coverage is a lie!
Your test coverage is a lie!
Thoughtworks
 
Docker container security
Docker container securityDocker container security
Docker container security
Thoughtworks
 
Redefining the unit
Redefining the unitRedefining the unit
Redefining the unit
Thoughtworks
 
Technology Radar Webinar UK - Vol. 22
Technology Radar Webinar UK - Vol. 22Technology Radar Webinar UK - Vol. 22
Technology Radar Webinar UK - Vol. 22
Thoughtworks
 
A Tribute to Turing
A Tribute to TuringA Tribute to Turing
A Tribute to Turing
Thoughtworks
 
Rsa maths worked out
Rsa maths worked outRsa maths worked out
Rsa maths worked out
Thoughtworks
 

More from Thoughtworks (20)

Design System as a Product
Design System as a ProductDesign System as a Product
Design System as a Product
 
Designers, Developers & Dogs
Designers, Developers & DogsDesigners, Developers & Dogs
Designers, Developers & Dogs
 
Cloud-first for fast innovation
Cloud-first for fast innovationCloud-first for fast innovation
Cloud-first for fast innovation
 
More impact with flexible teams
More impact with flexible teamsMore impact with flexible teams
More impact with flexible teams
 
Culture of Innovation
Culture of InnovationCulture of Innovation
Culture of Innovation
 
Dual-Track Agile
Dual-Track AgileDual-Track Agile
Dual-Track Agile
 
Developer Experience
Developer ExperienceDeveloper Experience
Developer Experience
 
When we design together
When we design togetherWhen we design together
When we design together
 
Hardware is hard(er)
Hardware is hard(er)Hardware is hard(er)
Hardware is hard(er)
 
Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloud Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloud
 
Amazon's Culture of Innovation
Amazon's Culture of InnovationAmazon's Culture of Innovation
Amazon's Culture of Innovation
 
When in doubt, go live
When in doubt, go liveWhen in doubt, go live
When in doubt, go live
 
Don't cross the Rubicon
Don't cross the RubiconDon't cross the Rubicon
Don't cross the Rubicon
 
Error handling
Error handlingError handling
Error handling
 
Your test coverage is a lie!
Your test coverage is a lie!Your test coverage is a lie!
Your test coverage is a lie!
 
Docker container security
Docker container securityDocker container security
Docker container security
 
Redefining the unit
Redefining the unitRedefining the unit
Redefining the unit
 
Technology Radar Webinar UK - Vol. 22
Technology Radar Webinar UK - Vol. 22Technology Radar Webinar UK - Vol. 22
Technology Radar Webinar UK - Vol. 22
 
A Tribute to Turing
A Tribute to TuringA Tribute to Turing
A Tribute to Turing
 
Rsa maths worked out
Rsa maths worked outRsa maths worked out
Rsa maths worked out
 

Recently uploaded

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 

Recently uploaded (20)

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 

Developers Focus on Security-Minded Tooling - Quintis Venter

  • 1. DEVELOPERS FOCUS ON SECURITY-MINDED TOOLING Q u i n t i s Ve n t e r | @ c u e v e e
  • 2. DATA  LEAKS  AND  BREACHES:   A  YEAR  TO  REMEMBER  
  • 5. SECURITY-­‐MINDED?   YOU  MUST  HAVE  ME  CONFUSED  WITH  THE  SYS  ADMIN  
  • 8. SERVER  HARDENING   8   •  Use Data Encryption for your Communications •  Avoid using insecure protocols that send your information or passwords in plain text. •  Minimize unnecessary software on your servers. •  Disable Unwanted SUID and SGID Binaries •  Keep your operating system up to date, especially security patches. •  Using security extensions is a plus. •  When using Linux, SELinux should be considered. Linux server hardening is a primary focus for the web hosting industry, however in web hosting SELinux is probably not a good option as it often causes issues when the server is used for web hosting purposes. •  User Accounts should have very strong passwords •  Change passwords on a regular basis and do not reuse them •  Lock accounts after too many login failures. Often these login failures are illegitimate attempts to gain access to your system.
  • 9. SERVER  HARDENING   9   •  Do not permit empty passwords. •  SSH Hardening •  Change the port from default to a non standard one •  Disable direct root logins. Switch to root from a lower level account only when necessary. •  Unnecessary services should be disabled. Disable all instances of IRC - BitchX, bnc, eggdrop, generic-sniffers, guardservices, ircd, psyBNC, ptlink. •  Securing /tmp /var/tmp /dev/shm •  Hide BIND DNS Sever Version and Apache version •  Hardening sysctl.conf •  Server hardenining by installing Root Kit Hunter and ChrootKit hunter. •  Minimize open network ports to be only what is needed for your specific circumstances. •  Configure the system firewall (Iptables) or get a software installed like CSF or APF. Proper setup of a firewall itself can prevent many attacks.
  • 10. SERVER  HARDENING   10   •  Consider also using a hardware firewall •  Separate partitions in ways that make your system more secure. •  Disable unwanted binaries •  Maintain server logs; mirror logs to a separate log server •  Install Logwatch and review logwatch emails daily. Investigate any suspicious activity on your server. •  Use brute force and intrusion detection systems •  Install Linux Socket Monitor - Detects/alerts when new sockets are created on your system, often revealing hacker activity •  Install Mod_security as Webserver Hardening •  Hardening the Php installation •  Limit user accounts to accessing only what they need. Increased access should only be on an as-needed basis. •  Maintain proper backups •  Don't forget about physical server security
  • 12. LINUX  SECURITY  MODULES   12   SELinux AppArmor Smackgrsecurity
  • 13. BLACKBOX   13   Encrypting files at rest in your repo For git, hg, svn
  • 15. TOTP:  TIME-­‐BASED  OTP   15   Cornerstone of OAUTH Two-factor authentication
  • 16. OPENID  CONNECT   16   Simple identity layer on top of OAUTH 2.0
  • 17. PARTING  THOUGHT   17   Security is a process, not a product
  • 18. MORE  INFO  &  QUESTIONS   18   https://github.com/StackExchange/blackbox http://en.wikipedia.org/wiki/Time-based_One- time_Password_Algorithm http://openid.net/connect/
  • 19. THANK  YOU   For questions or suggestions: Quintis Venter | @cuevee