Upload
dinhcong
View
239
Download
1
Embed Size (px)
Citation preview
Laura BellFounder and Lead Consultant - SafeStack@lady_nerd [email protected] http://safestack.io
Practical Microservice
security
InthistalkSecurityFundamentals
Someimportantpointsthatareworthrefreshing
PreventionAvoidcommonvulnerabilities andavoidmistakes
DetectionPrepare forsurvivalandresponse
Forstoringpasswordsinadatabase,MD5is acceptable,supposedyou salt itproperly.Forthisusage,theknownattackisentirelyunimportant.Ifyouareinparanoiamode,youcanuseamorecomplicatedschemelikebcrypt too,butformostpeople,storingasaltedpasswordisjustgoodenough.Itpreventstheeasiest,mostobviousattack,iseasytoimplement,hardtodowrong,andhaslowoverhead.
<quote>protectyourAPIsfromOWASPTop10threatssuchasSQLInjection,XSSandapplicationDDoS,andadaptivethreatssuchasbadbots.</quote>
featuresthatscaremeimpersonation
2)investigationmode3)demoaccountsonproduction4)SSLinterceptionandanalysis5)manypasswordsins
TL;DRSecurityFundamentals
Someimportantpointsthatareworthrefreshing
PreventionAvoidcommonvulnerabilities andavoidmistakes
DetectionPrepare forsurvivalandresponse
Laura BellFounder and Lead Consultant - SafeStack@lady_nerd [email protected] http://safestack.io
Questions?