In 1970, a small group of activists broke into a draft board office in Delaware to steal records. These records were stored in a secure room, and none of them were able to pick the lock. Instead, hours before the planned robbery one of them pasted a note on the door reading “Please don’t lock this door tonight.” After hours when they arrived, the door was open.
The moral of the story is that security is not about picking the right lock. It’s about how the different pieces all come together to make a complete system.
Securing any software system usually isn’t about picking a better cipher algorithm (i.e. a better lock.) It’s about the way that cipher works with a sophisticated suite of related security tools to provide trust and privacy. Even the simplest website now uses public key cryptography, signatures, password hashes, key exchange, and stream ciphers – at a minimum. We often take this diverse suite of tools for granted.
This session will build an understanding of how this ecosystem provides security for our applications. We’ll start with a quick review of what the tools in the toolbox are:
And then we’ll focus on how these tools come together with our applications in order to achieve user-visible functionality like:
We’ll learn about real implementations by digging under the hood of HTTP requests to popular websites.
These tools and technologies are not new, or shiny, or hip. But they are complicated, critical, and ubiquitous. Understanding the tools in the toolbox will make you better equipped to create, debug, and deploy your applications.
I am a software developer at Atomic Object. For more than decade I’ve written, tweaked, bent, and broken code into the shape of software of all sorts for many industries.
I obsess over details, lines, and patterns. I travel regularly and seek out adventures ranging from theatre and culture to altitude sickness. I enjoy peeking under the hood of everything, be it math, or software, or coffee, or cake.
In the past, I’ve spoken at RailsConf, Windy City Rails, SyntaxCon, BeerCityCode, GLSEC, and several local meet-ups.
Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?
Join the conversation here (requires login)
©2018, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com