Merken

Making Django Really, Really, Ridiculously Secure (CW)

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
but the end and of the and the and the and the guy and if I have a have a have tradition like to take a speaker cell the and you feel indulge me in in a 2nd to read or Twitter it's OK yeah can we have a meeting I so yeah that that think this about it thank you was our there's underscore on the front of that saying rated to be less discoverable which and this is the purpose of putting on a side business so I am going to have an underscore front and you and I it and a developer and I'm not a security expert and my background is in back in development and installer for many years and all of that and the I joined such of innovations are a little before the beginning of the year to build Callisto alone consumers
as the ages fabulous intro explained um a confidential and secure the voting system for such on college campuses it is alive as of last week at 2 schools um Pomona and USS in California yeah then there's a lot of things the cluster does and there's some really amazing UX surrounded we've designed a you that's I meant to be supportive and server focused in and to and the steps and information design engineers design which is its own fields uh also to the surface resources at a campus for people who have had a victim of this kind of thing and this attended the expansion of the talk of A UX stuff of which has lots of benefits and is really exciting but did as what's important about clusters that it's an information escrow what that means is that survivors can come to the site and they can write down what happened to them and they can store it securely until they decide what they wanna do without information as kind of a new idea and the you come from Iowa the cost of asker in terms of money because he did formula house to give money to a trusted 3rd party information as creative information to a trusted 3rd party and then you can really when you're ready ends and Hey the challenge 1st analyze then is to keep that information really secure Wireless survivor decides what to do with so and talk to you about what we did to do that we used enjoying go to do that on a little bit about why we chose Jano rm can I want to do it in at the beginning there's no user-uploaded content on this site besides tax evasion of files were uploaded the and there be dragons had if you know that there's a whole host of security concerns that you need to be worried about are not to touch and just say no the 6 you
can forget it on internet so how the Madison hand was like professionally really about time in the and yeah probably where 1 of the few say that of the regression and just because I'm sending this idea data losses in the news right and there's a ton of the around understandably was a worst-case situation and and analysis is to have someone comes up and tells you that they cannot do that it's provably secure they're selling the snake oil and their almost all of the practice of security in a big way I'm revolves around being pessimistic you assume a breach and you work from there you wanna figure out what the breach might be and how you can mitigate it and that's not true should start from when your securing out are you should have a plan for the when a breach happens and you have a plan for knowing that bootstrapping which is really and then you Jacob couple months attitude to talk a lot about practices in sort of organizational tools you can build around that so going to start moving it's like you and me and I think it's an hour the so that's said great yeah I am like anniversary with some of the press about mouse and have great because yes and do it on the internet there's a lot of security concerns in general the whole concept of data but the Ashkenazim reach specifically what we had was a really deeply unethical company do you really deeply unethical things with other people's incredibly sensitive data rate also you can do things that are reasonably secure on the internet I assume many of us bank on the internet for example which is incredibly on sensitive information many of us use saying by internet connected and health information provided offerings and things like that but there are things we can do in some ways of like this node of that light spot you you view but information on the internet it'll be out there it's kind of a copy because if you look at the specifics about mouse that that happens Aboutrika mountains we in for use and even notice we were using default passwords from the internet I mean you know there are anonymous how did you have to do this with a grain of salt but there's a lot evidence of the this was a company that wasn't taking care their consumers data and the they've actually said there is no indication of any software vulnerability being exploited during this incident what that means is that people were able to get access through the same means that other people are getting access whether it was because it was and add disgruntled employee which is what something was that we just didn't lock down their staff is and you you still we don't know we may never know but it's important to like because that there are ethical things you can and should do when you have people data that they're trusting to so honestly not right because I built this assumed do we did you really sensitive data and putting it on the internet so when we talk only certain about
things we learn a lot of things we did to secure that data into a continuous a connected so what this shows us about gender is that you totally that a lot for free Genoa is is a pretty security-minded web framework they do care about security they being you fit and me and everybody comprising a do care about security and but 1 example the example that I found when I was sort of you know what I did a lot of due diligence was picking of parameter was using because this was a huge concern of ours and 1 of them was that passwords are what's called cryptographically agile what that means is so you don't stop passwords in plaintext you derive a key from the password and you right and gender uses the that the algorithm that is sort of recommended which is P B K D F 2 I'll of wood and and it's not even that uses a certain number of iterations of color work factor and the idea being that you can slow it down enough that like large-scale brute force is too expensive to actually crack something but you can still have that be within the bounds of being usable and that iteration number depends on the part of computer of the computer being used both to generate the password for real users into try to at up similar increase as computers get more powerful as we know they do and J. no actually not only use of a sparse set of best practice 1 but it's built into 2 of as as computers get faster and as they're all really gets improved but you can you can you can get increased iterations for free so it stores in all recalculate so if you log in with an older version of Jingle and you only use say you know X number of iterations the next time you log in if the developers updated Django recalculate in the background and get to x iteration that's illegal that's kind of like best that's like cutting edge stuff right I'm not however frameworks do that so laughter free that's Bolton just by using gender you also get a lot for cheap if you can do is you do some my basic things that that gender and they're the ecosystem make really easy to do so well as say secret secretly correctly right like that that is the basic 1 managerial to there's also into basic checks that you can do that take a little less than 5 minutes on Eric's pony check up is a good 1 gender secures Miller is it gives a management command that lets you run checks very similar to genders on each check any can integrate back into your continues innovation enabled system but I haven't brothers don't you know that the list of already done if you know what I'm gonna ah it's post on my website but I didn't put up there because you you listening to me not stressing out about looking things up but I'll start at the end of the talk and and they're sort of basic checks that we did there were really cheap and easy and goddess pretty far was um In telescopes agenda which is excellent the security chapters almost like a checklist you can go down a amid in each 1 and China another the person 1st was antidote to rave about gender debug tool by but you can look at everything that you're sending in getting back and storing really easily which about to when it is so easy use just amazing I'm an easy thing that we did was we slapped a CDN in front of our content which is the content delivery network and not the we use cover which book provides some DOS protection which means that you not sending and request the ratio so you get a little bit of like a rudimentary block in front of them but most of you get basically out of the box and some of you might have to like prime uninstalled opera like go to a website that those are all things that you could do in now hour when you say we get into the nitty gritty like the more more serious stuff of um preventing data loss and securing your site the 1st step is knowing your
threats and so you can save threat modeling is that's the term that's used in use only politically hacksaw when you talk about throughout my and with basic likes it's as many make you want to write him those an attacker looking for and how they get it and what will they use it for right and what this requires is you really need to know your data model and flow really well before you can assess this and so the of a chicken and egg you can have an idea about what I'm attackers might be looking for but until you feel like you really know where did is coming from and going to in your app you don't have good ideas that's the 1st step of threat modeling is actually system modeling which is instructive anyway when you're building a site so it's it's uh it's it's something that you should be thinking about early on in your processes are already doing so part of the stuff that you need to do to keep it secure for the past 4 Callisto we had 2 aspects that came out in a threat model a little unusual from say your standard I don't know e-commerce website rate notice that we anticipated this data would be really valuable for a specific personal attackers there might be reason to think that a specific person and repair work would be interesting to somebody who had the knowledge and ability to do this and we also had reason along those lines to think that an attacker may have access to or whatever uses computers or to their calcium and so that was a threat model we were dealing with that you may not be with the meaning that may be less important to you and as a result we really we you put some more focus on looking at things like brute force attacks for example someone new close to the password or elements of a password that someone was using you know again like if I know your dog's name I can probably get in your e-mail like that kind of thing and the also session-based attacks when the nature I we operating in a college context and we had so the user research we did indicated that there are a lot of shared computing resources they get used and so making sure that are sessions were really well locked down in that people were accidentally exposing stuff and that and threat for us er that vector for us that you probably won't be doing with the banning we're working on is that we have a memory it is made but frankly expect to be subpoenaed at some point for this data because of the user data that were storing could potentially be a factor in a court case now that's really interesting flat model to sort of add the other come as an engineer way to look at your system and to have this through model that that you can't really necessary to build a moat around right making the less tolerant 100 break doesn't matter if someone is knocking on your door from at the sheriff's office so that it was a big factor in our design and what we ended up doing with that is we actually store the reports the I must say it out right 0 knowledge but the concept is is that we encrypt them with a key that's known only to a user's a separate from the password it's a secret key that they create and put into the website and crept in we don't start that key anywhere we don't have any way to recover it because if you can reset the key we could then reset it to something we knew and get that information so this and this is sort of this came out of our model as an escrow rate we're just storing this information and the user ready to use it themselves so we had the we would we were able to build this encryption model that we think will be fit fairly safe from subpoena in that if you subpoenaed it if you said you know the data for this person with a give it to them but it would be unreadable it would just be a blob of of binary data so that was sort of what came out of all the threat modeling process so
this is in this in this room where you know someone that you know and what I mean by this is I don't mean like I don't necessarily mean microarray time was talking about briefly with disgruntle employs that's absolutely effect and as the mean of all crypt anyone effects so OK is this so that our line of pocket is this amazing story of this bitcoin exchange and then again like the word they would start data that directly impact was money basically because that's our works and they end ended up shutting down this is earlier this year the and when even at this rate it they had a technical contractor working on their side who was you know very technically adept at very train someone who had an interest in securing that this person was running a private e-mail server on their own machine and now is how they do all the work you know was on this private e-mail server that only this contractor and access to someone and it's not clear who by anyone someone sense of fraudulent password reset e-mail on the WordPress blog nothing yet with the bickering parts of the system said we set for the WordPress want to a marketing person on the the person had been well trained and then the policies in MIT person that I mean request I wanna make sure that this isn't about exploit and inferred it to the technical team Hank words so that private mail server had been of dead then I had taken over by someone malicious and then the e-mail with that of the person correctly forwarded to this terrible contractor With this password reset button e-mail came the person who had was an axis so that by the answer was able to reset the password get into the WordPress admin up PHP files that gain access to the rest of the machine which happen to contain the databases that had all of the Bicoid relevant information and they still 40 Bitcoin which I think at the time was like over 10 thousand dollars that is an amazing story of talk about like you know in which messages and code like that's like some Agatha Christie's I love it but and I that because that's that you don't things right and still managed to get really taken the shirts taken right and because you really have the right sort of um protocol for their employees so this really should be something that you're you're team escape taking the young and the password hygiene you've gotta be tracking all your data including e-mail you want to have a clean separation of concern from like your marketing and blogging user formant support stuff in your actual business logic you want don't have strong employer policies and if you do end up having that disgruntled employee situation that you have a weighted but detector and mitigated of gender-specific information on this and that and admin because that's a really that's actually like when we were talking and gender so that's the 1st place we go and to change the URL is a really common 1 that suggested and you can use j Argentinan honeypot puts up a fake page that lets you know if anyone's trying to get in through your fake admin nature default dominates I I I would suggest what we decided to do don't use admin so we have is we have a staging site that my co-workers to edit the content can log into and they can edit content there and then I export over to prod when they need to and we don't have a broad admin so that's 1 less factor of the attack yes again I limit and I have some links for her ways to do that so his
2nd biggest threat so is on the user side I would say right under its so-called comfort if you've locked everything down on your server encode side if you use a because of their real incomes to allowed to make security choices that expose the data that they're not gonna make that distinction and neither will your of your other customers likely it's it's a messaging thing and so long as security concerns can be mitigated with really good you acts not was another thing we focused on and password strength is of a 1 year a so we used um a product and I'm excited about which is dropboxes EXE which is a password strength meter that operates on a sort of more sophisticated concept of entropy and complexity this isn't really liked and password strengthened parts design is a really interesting in deep topic there's a lot of all of academic and industry work being done on it I would suggest that if you have a site that people log into you should read up about this like aide-memoire characters in 1 special special character whatever is it doesn't really cut it for example and so this is the pattern strength needed that for example you know what is the x 2 x k see example is correct toss battery staple which is very memorable and long it's gonna get a higher score on a passive reader then password 1 with an active instead of the 8 which is a really common passwords and I don't know about this is and it's it's also little experimental but uses is a and it uses only set of just being like low-medium good at this is a pretty arbitrary but it actually tells you an estimate of how long it would take to crack a given password it's an interesting reminder right there what's at stake when you're choosing a positive kind of a cool way we're continuing to explore and to work with folks on passes duty because we have this unusual password you X which is like a half so that you can't recover which like is the death knell for you exit the pattern that you don't normally see another thing you to look at is rate limiting particularly if you've identified brute force as a potential likely of attack vectors so would you buy a couple Jing after make up this I I will put on 1 side there's a couple gender implementations are like integrations of z at CVD and that's the last on your keyboard if you're a what's called that and there's a coverage and implementations we ended up sort of rolling just the UI was exactly what we wanted but there's a bunch of there and rate-limiting so gender axis is a really common use 1 uh it's on the and blow open up idea authentication Mollenauer 1 is that you can lock out users and you can do combinations of users and IP of people are trying to many times give of passive a given user we also needed to rate limit on encryption and decryption function like entering your secret key so we use something called jingle rate limit which lets you apply that to various different views its decorator I engines of road maps of the wanted to I would like to implement exponential backoff so you start even at the first one putting in a little imperceptible delay because the brute force you can expect sort of scripting to attack and then you may get longer and longer as ego eventually locking out another thing that you can do is desalter captures so this is usually a passage position argues what we've got a password that we don't let you recover so figuring out the balance between security new axes ago 1 another 1 session security expiring sessions after a given amount of activity making sure in general that your sessions actually expiring unit cube around forever and there's um and middleware Jarvis the commission called session security that we use to do that it's pretty nice out of the box and you can customize all kinds of ways and 1 that we have not implemented it yet on and may not ever but that you should probably look into is two-factor authentication that's using another piece of information that the user has access to um often it'll be a text message or an e-mail that we are so user testing it and people have a lot of positive there where we accept that the information into our website which is understandable we wanna sort of reduce friction in terms of registering so we're still figuring out whether that would work at all for us but it's definitely there's a ton of different things and is now third-party services that will do a bunch of that stuff for you which is really cool so basically you hundreds
of high this is a lesson from my mother no I'm kidding and and so I and a is sending data around when you do that for that model that's which look at right beside the sort of obvious ones like is Microblog got good and no information security and do my users have the tools they need to be secure has a history of sending data across service boundaries or even you know in and out of a DB serializing these realizing that so you look at the looking at level you can related those kind of uh that data being readable at all or even moving across that and we do store some data come as anonymous as possible and because we 1 evaluate the use of a system and also make sure that we can provide information to our schools about what sort of broad aggregate statistics about what's going on in the climbing campus we decided to store that in a way that was an accessible online so we have an encrypted with symmetric encryption and we don't put the key online over so we have to actually pull that it off and put it on a machine that we can lock down in various different ways you know and to read it because we don't need it in real time so think about whether you need to crosses boundaries and I that's a little odd and we here I would say is the boundary of your versus not your help and and that's kind of like you know getting into you definitely into user design considerations that stuff like you know that I really sensitive data like how far away can someone read off someone's screen late like yeah that's not your responsibility that's something you can help mitigate and them 1 of our big things is when someone actually size to report to deliver the report to a school we have to get into an admins hands right so that's a big data boundary for us then with a reasonably secure process involves is much encryption PGP hunt with that means is I'm teaching regular people who are university admins to use fugitive if he wants to have you know done ideas about university will use PGP you might be like qualified right now and like it's it is really difficult you x wise is and this is the solution we do make that easier but you know we talk to people and what they're doing is they're taking these reports and putting them into the student conduct tracking systems and if we can figure out this is our goal to integrate with those we don't have much more strict control over that boundary and it's 1 spot again just a few more slides the this is like
the ones in the Netherlands and like don't take you know the crypto and look for other libraries of Flanders of around for a long time you don't wanna be the 1st user you wanna be visited a pioneer and using pi salt which is a wrapper of a very well regarded C library and this is not the tell your story
people and especially when the security is going to trust your security and on that is the heart of that is so and patient's mind
this is a really good use of your budget to consult with someone and you did this and when the non-Abelian didn't mention any network security were hosting on a rope you know as a trade-off for us because of some of our subpoena is questions but we could not afford to hire someone to lock down on networks and our servers the way that vocal can I think this is a really like no no-brainer if you're starting with low resources and the In end I don't want specifics shops for like a pen secular view in like a given topic ask your friends if you are looking for this talk to me because I have a big spreadsheet of stuff we looked at 2 finally I wanna think a security by members who helped us with and the security stuff which involve canceled enormously Honeywell severe Hoskyns seen about and Salinas common cosmos that Donnelly and generalize I wanted think injury most of us do the incomparable leads to intentional and friends Abdallah Ben use Jacob copper moss and his team an and Rebecca and NCC group after funds we should talk about this more it's security is still you and I think that there is a high entry and the better we can do the lower that the better off everybody thank you
at the power and if the the the
Expertensystem
Verbandstheorie
Twitter <Softwareplattform>
Computersicherheit
Gebäude <Mathematik>
Zellularer Automat
Installation <Informatik>
Softwareentwickler
Computeranimation
Sensitivitätsanalyse
Web Site
Bit
Abstimmung <Frequenz>
Einfügungsdämpfung
Stab
Snake <Bildverarbeitung>
Automatische Handlungsplanung
Euler-Winkel
Inzidenzalgebra
Term
Computeranimation
Ausdruck <Logik>
Internetworking
Knotenmenge
Flächentheorie
Lineare Regression
Zeitkomplexität
Passwort
Indexberechnung
Inhalt <Mathematik>
Cluster <Rechnernetz>
Default
Figurierte Zahl
Demo <Programm>
Analysis
Umwandlungsenthalpie
Internetworking
Medizinische Informatik
Computersicherheit
Physikalisches System
Bitrate
Elektronische Publikation
Quick-Sort
Arithmetisches Mittel
Datenfeld
Softwareschwachstelle
Rechter Winkel
Information
Wärmeausdehnung
Drahtloses lokales Netz
Resultante
Einfügungsdämpfung
Prozess <Physik>
Punkt
Freeware
Natürliche Zahl
Versionsverwaltung
Familie <Mathematik>
Iteration
Element <Mathematik>
Computerunterstütztes Verfahren
Computer
Binärcode
Computeranimation
Gebundener Zustand
Freeware
Algorithmus
Datenmanagement
Kontrollstruktur
E-Mail
Gerade
Umwandlungsenthalpie
App <Programm>
Parametersystem
Oval
Computersicherheit
Gebäude <Mathematik>
Ähnlichkeitsgeometrie
Schwach besetzte Matrix
p-Block
Kontextbezogenes System
Bitrate
Teilbarkeit
Checkliste
Arithmetisches Mittel
Chiffrierung
Menge
Forcing
Geschlecht <Mathematik>
Rechter Winkel
Festspeicher
Information
Schlüsselverwaltung
Standardabweichung
Sichtbarkeitsverfahren
CDN-Netzwerk
Web Site
Quader
Abgeschlossene Menge
Zahlenbereich
Term
Framework <Informatik>
Überlagerung <Mathematik>
Benutzerbeteiligung
Informationsmodellierung
Reelle Zahl
Passwort
Inhalt <Mathematik>
Speicher <Informatik>
Softwareentwickler
Datenmodell
Mailing-Liste
Physikalisches System
Vektorraum
Fokalpunkt
Datenfluss
Quick-Sort
Office-Paket
Mereologie
Debugging
Kantenfärbung
Verkehrsinformation
Web log
Natürliche Zahl
Reibungskraft
Kartesische Koordinaten
Komplex <Algebra>
Computeranimation
Homepage
Einheit <Mathematik>
Kryptologie
Mustersprache
Maskierung <Informatik>
Meter
Default
E-Mail
Gerade
Auswahlaxiom
Softwaretest
Lineares Funktional
Schnelltaste
Sichtenkonzept
Datenhaltung
Computersicherheit
Exploit
Bitrate
Biprodukt
Teilbarkeit
Hoax
Motion Capturing
Arithmetisches Mittel
Dienst <Informatik>
Chiffrierung
Forcing
Geschlecht <Mathematik>
Würfel
Rechter Winkel
Server
Information
Decodierung
Schlüsselverwaltung
Message-Passing
Web Site
Subtraktion
Wellenpaket
Ortsoperator
Quader
Schaltnetz
Implementierung
Mathematische Logik
Term
Code
Virtuelle Maschine
Inverser Limes
Passwort
Inhalt <Mathematik>
Schätzwert
Soundverarbeitung
Trennungsaxiom
Protokoll <Datenverarbeitungssystem>
Systemverwaltung
Vektorraum
Physikalisches System
Binder <Informatik>
Ordnungsreduktion
Quick-Sort
Integral
Mapping <Computergraphik>
Summengleichung
Middleware
System F
Mereologie
Authentifikation
Wort <Informatik>
Entropie
Prozess <Physik>
Randwert
t-Test
Computeranimation
Übergang
Eins
Virtuelle Maschine
Informationsmodellierung
Regulärer Graph
Kryptologie
Wrapper <Programmierung>
Endogene Variable
Programmbibliothek
Grundraum
Touchscreen
Private-key-Kryptosystem
Statistik
Computersicherheit
Systemverwaltung
Physikalisches System
Quick-Sort
Rechenschieber
Randwert
Dienst <Informatik>
Echtzeitsystem
Chiffrierung
Gamecontroller
Information
Mikroblog
Verkehrsinformation
Wärmeleitfähigkeit
Umwandlungsenthalpie
Sichtenkonzept
Tabellenkalkulation
Datennetz
Computersicherheit
Gruppenkeim
Ablöseblase
Server
Honeywell-Holding
Computeranimation
Ereignishorizont
Computeranimation

Metadaten

Formale Metadaten

Titel Making Django Really, Really, Ridiculously Secure (CW)
Serientitel DjangoCon US 2015
Teil 37
Anzahl der Teile 46
Autor Gilmore-Innis, Kelsey
Mitwirkende Confreaks, LLC
Lizenz CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/32780
Herausgeber DjangoCon US
Erscheinungsjahr 2015
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract Callisto is an online reporting system designed to provide a more empowering, transparent, and confidential reporting experience for college sexual assault survivors. It's absolutely essential that we keep our user's data secure. So essential, in fact, that we couldn't leave it up to developers alone. We'll go over what Django settings, libraries and practices we used to ensure that on the development end. Then we'll walk through the process of obtaining, undergoing, and acting on a formal security audit from a professional security firm. You'll find out what they were looking for, what we missed, and how we fixed it, and how you might approach similar challenges for your companies and applications.

Zugehöriges Material

Ähnliche Filme

Loading...