Big brother is watching and how to secure your apps from them
The revelations of Edward snowden has shown how deep the states are
stooping to get hold of your data, People who did not care how your
data is stored online in your Saas applications are now asking
questions, and tough ones.
The talk will be about what to do to protect your data from Govt and
in that make the application less easy to hack for other people as well.
The structure of the talk is following
How the current default rails setup on the cloud is not enough.
Why is it important?
How to secure the shell of the application
Why just securing the shell of the application
Auditing things that might be leaking information that other people
Mysql databases/ Third part calls/ Insecure gems/ Insecure filesystems
Infrastructure choices. Where to host, what to look for in hosting providers.
How to implement a system that provides a push button secure me plan.
Caveats and Fine print.
What this is not
I am not talking about making the application hack proof( there will be some authentication security stuff)
I am not talking about running a security audit of the application( there will some of the how to audit bit)
I am not talking about cryptography and Security fundamentals