"Have you been tasked to build the most powerful weapon in the universe? No? How about an enterprise website which both consumes external and provides its own APIs?
Whatever your task is, secure architecture is key. And while putting an exhaust port on the reactor core seems like a good idea, trust me when I say it'll blow up in your face later.
Web development is no different. What seems like a simple decision at the outset, or an overlooked detail may turn out to cause severe issues later on.
During this session we’ll take a look at how to architect for success and security when building a website which connects to external systems and while providing access to data. By building security in from the beginning you can help prevent a young Jedi shooting a proton torpedo through a hole the size of a wamp rat and destroying your hard work.
We’ll cover:
• Overview of common API authentication and security methods
• Using capabilities instead of roles to define security
• How to store and access keys and tokens in your website
• Providing an API to access your website data
• Common mistakes developers make when creating APIs
A session for developers of all skills and abilities, this will be an interactive time filled with lessons learned and examples from the real world, including some recent examples of how a single exposed API can prove catastrophic. Just promise that afterwards you’ll use what you learn for the good of the galaxy and that you won't go build a planet sized weapon of mass destruction."
3. Who Is This Guy?
• Chris Teitzel
– Founder / CEO
• Lockr / Cellar Door Media
– Drupal for 8 years
– F100, e-commerce,
Startups
– 3rd Generation Tech Nerd
@technerdteitzel
4. You have ambitions to build a product or service that will conquer the galaxy
9. … they are able to take down everything you built.
10. Don’t Build a Death Star
A Post-Mortem Look at the Empire’s Failings
11. Perimeter
Defenses
“The battle station is heavily shielded and carries
a firepower greater than half the star fleet. It's
defenses are designed around a direct
large-scale assault. A small one-man fighter
should be able to penetrate the outer defense.”
13. Perimeter Defenses
• Create specific rules for your application
– ex. “Don’t allow any x-wings in meridian trench”
• Protects against generalized threats and even
zero-days
14. Authentication
“There's a planet-wide defensive shield with a
single main entry gate. This shuttle should be
equipped with an access code that allows us
through.”
15. Authentication
• Authentication before
application
– Do initial authentication
at the web server
– ex. Lockr uses x.509
certificates to not only
secure the request but
authenticate as well
Apache
with
SAML
Application
Software
16. Authentication
• Keys and Tokens
– Don’t just let anyone through the front door
– Show it to a user once and only once
– If using user-generated passwords - hash or stretch!
• API Consumers - Protect your API keys!
– Treat as if it’s an encryption key (it just might be)
19. Ambient Authority
Set a course for
Alderaan.
Governor Tarkin
How it’s
supposed
to work:
Setting course,
Governor.
Helm/Weapons
How it can
fail: Set a course for
Coruscant.
Imposter Tarkin
Setting course,
Governor.
Helm/Weapons
20. Mandatory Access Control
Set a course for
Alderaan.
Governor Tarkin
How it’s
supposed
to work:
Setting course,
Governor.
Helm/Weapons
May
target
Rebel
Set a course for
Coruscant.
Imposter Tarkin
Setting course,
Governor.
Helm/Weapons
May
target
Rebel
Attempted
hack:
21. Capability Based Security
Set a course for
ef28bc28 (signed
token for Alderaan).
Governor Tarkin
How it’s
supposed
to work:
Setting course,
Governor.
Helm/Weapons
Attempted
hack:
Code
validation
Set a course for, um,
3a2eb45a
(invalid token).
Imposter Tarkin
Sorry, that code isn’t
working in my helm
system, Governor.
Helm/Weapons
Code
validation
22. Keep your
secrets… Secret
“It is a period of civil war. Rebel spaceships,
striking from a hidden base, have won their first
victory against the evil Galactic Empire.
During the battle, Rebel spies managed to steal
secret plans to the Empire's ultimate weapon,
the DEATH STAR, an armored space station
with enough power to destroy an entire planet”
23. Secrets Storage
“It's a small thermal exhaust
port, right below the main port.
The shaft leads directly to the
reactor system. A precise hit will
start a chain reaction which
should destroy the station.”
26. Separate Your Secrets
• Store outside your codebase / databases
• Inject as environment variables at creation of
service with automation tools
• Use software such as Lockr, Vault, AWS KMS,
Azure Key Vault etc.
27. Prevent a Breach
from Spreading
“Uh, we had a slight weapons malfunction, but
uh... everything's perfectly all right now. We're
fine. We're all fine here now, thank you. How are
you?”
28. Systems Isolation
Web-Facing Systems Intranet Systems
Load
Balancer
Application
Server
Database
Server
Cache
Server
Active
Directory
Exchange
File
Shares
HR
Records
30. Public Key Infrastructure
Admin
Firewall
MariaDBCDN nginxHTTPS
Client
Certificate
Server
Certificate
PHP-FPM
+ Drupal
MySQL
Solr
HTTPS
File
System
NFS
or Sim
ilar
Client
Certificate
Server
Certificate
Client
Certificate
Server
Certificate
Server
Certificate
Client
Certificate
SSH Jump or VPNTunnel
Server
Key
SSH
Key
User HTTPS
Server
Certificate
32. Act Like Everyone Is Out To Get You
• Security by design
• Build redundancy
• Defense-in-Depth
• Never trust your users
• Only handle data you
absolutely have to
• Encrypt all the things!
33. When The Sh*t Hits the Fan
• Have a plan in place
• Breath, Backup, Fix
• Build Again
– Post Mortem
– Document your
mistakes
– Don’t blame… learn