Don't be a trojan - Codemotion Amsterdam 2019
0 likes368 views
This document discusses the importance of security in software development. It warns that software systems can become compromised over time if security is not prioritized from the beginning. It recommends designing systems with security in mind from the start, implementing secure development practices like automated security testing, code reviews that consider privacy and data exposure, and centralizing logs to detect issues. Maintaining security requires ongoing efforts like monitoring systems in production for vulnerabilities.
Don't be a trojan - Codemotion Amsterdam 2019
- 1. DONT BE A TROJAN BRIAN VERMEER (@BRIANVERM)
- 2. @BrianVerm DATA IS THE NEW GOLD
- 3. @BrianVerm
- 4. @BrianVerm
- 6. @BrianVerm BUT I GOT NOTHING TO HIDE DONT BE A TROJAN
- 10. @BrianVerm BUT NOW WE HAVE GDPRRIGHT?!
- 11. @BrianVerm HTTPS://FUSION.TV/STORY/281543/REAL-FUTURE-EPISODE-8-HACK- ATTACK/?CURATOR=TECHREDEF KEVIN ROOSE - 24 FEB 2016
- 12. @BrianVerm HTTPS://FUSION.TV/STORY/281543/REAL-FUTURE-EPISODE-8-HACK- ATTACK/?CURATOR=TECHREDEF KEVIN ROOSE - 24 FEB 2016
- 13. @BrianVerm
- 14. @BrianVerm
- 15. @BrianVerm
- 21. @BrianVerm DONT BE A TROJAN DATA STORAGE WHAT DATA DO WE STORE? WHAT DATA DO WE NEED? HOW LONG DO WE NEED TO KEEP THIS DATA? HOW DOES THIS DATA TRACE BACK TO AN INDIVIDUAL? WHO HAS ACCESS TO THIS DATA
- 23. @BrianVerm DONT BE A TROJAN STAGE 1 - BUILD A NICE CLEAN SYSTEM
- 24. @BrianVerm DONT BE A TROJAN STAGE 2 - A LITTLE ADDITION
- 25. @BrianVerm DONT BE A TROJAN STAGE 3 - A COMPLETE NEW FEATURE ON TOP
- 26. @BrianVerm DONT BE A TROJAN STAGE 4 - EXPANDING WITH A NEW SCOPE
- 27. @BrianVerm DONT BE A TROJAN STAGE 5 - AND NOW WE WANT TO RULE THE WORLD
- 28. @BrianVerm EXAMPLE PROFILE SERVICE CREATE PROFILE UPDATE PREFERENCES GET PROFILE BY UUID PROFILE - UUID - LIST OF PREFERENCES
- 29. @BrianVerm EXAMPLE PROFILE SERVICE CREATE PROFILE UPDATE PREFERENCES GET PROFILE BY UUID PROFILE - UUID - EMAIL - LIST OF PREFERENCES MYHOME SERVICE CLAIM A HOUSE UPDATE YOUR HOUSE FIND ALL HOUSES MyHOUSE - UUID - HOUSE ADDRESS - HOUSE PICTURES SECURED LOGIN
- 30. @BrianVerm EXAMPLE PROFILE SERVICE GET PROFILE BY UUID PROFILE - UUID - EMAIL - LIST OF PREFERENCES MYHOME SERVICE FIND ALL HOUSES MyHOUSE - UUID (EXPOSED) - HOUSE ADDRESS - HOUSE PICTURES
- 31. @BrianVerm WHAT DATA IS EXPOSED TO THE OUTSIDE WORLD
- 32. DATA LEAK?
- 33. @BrianVerm WHO WAS EXPOSED? HOW LONG WAS IT THERE? WHAT WAS THE IMPACT? WHAT KIND OF DATA IS LEAKED? AM I A VICTIM?
- 42. @BrianVerm 222 Lines of Code SPRING SERVERLESS EXAMPLE
- 43. @BrianVerm 222 Lines of Code SPRING SERVERLESS EXAMPLE
- 44. @BrianVerm 222 Lines of Code 5 Direct dependencies SPRING SERVERLESS EXAMPLE
- 45. @BrianVerm 222 Lines of Code 5 Direct dependencies 54 dependencies (incl. indirect) SPRING SERVERLESS EXAMPLE
- 46. @BrianVerm 222 Lines of Code 5 Direct dependencies 54 dependencies (incl. indirect) 460,046 Lines of Code SPRING SERVERLESS EXAMPLE
- 48. @BrianVerm
- 50. DONT BE A TROJAN CODE REVIEW @GetMapping(path="/all") public List<MyHouse> getAllHouses() { return MyHouseRepository.鍖ndAll(); } public class MyHouse { @Id private String id; private Date creationDate; private Date modi鍖cationDate; private String userId; private String street; private Integer number; private String zip; private String city; }
- 51. DONT BE A TROJAN CODE REVIEW @GetMapping(path="/all") public List<MyHouse> getAllHouses() { return MyHouseRepository.鍖ndAll(); } public class MyHouse { @Id private String id; private Date creationDate; private Date modi鍖cationDate; @JsonIgnore private String userId; private String street; private Integer number; private String zip; private String city; }
- 53. @BrianVerm CENTRALIZED LOGGING AND ALERT ON IT