Seguranca em APP Rails
-
Upload
daniel-lopes -
Category
Technology
-
view
1.047 -
download
2
description
Transcript of Seguranca em APP Rails
![Page 1: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/1.jpg)
@danielvlopes
Daniel Lopes
![Page 2: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/2.jpg)
SEGURANÇA & RAILS
![Page 4: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/4.jpg)
![Page 5: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/5.jpg)
voltando . . .
![Page 6: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/6.jpg)
Segurança
![Page 7: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/7.jpg)
![Page 8: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/8.jpg)
![Page 9: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/9.jpg)
Instituto Gartner
O alvo é ...
App75%
Host25%
![Page 10: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/10.jpg)
WEB APP
![Page 11: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/11.jpg)
![Page 12: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/12.jpg)
![Page 13: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/13.jpg)
XSS
CSRF
Parâmetros
SQL INJECTION
Mass Assign
Logs
Arquivos
Session
![Page 14: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/14.jpg)
Cobaia
![Page 15: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/15.jpg)
![Page 16: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/16.jpg)
MassAssignment
![Page 17: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/17.jpg)
LIVE CODING
![Page 18: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/18.jpg)
SQL INJECTION
![Page 19: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/19.jpg)
LIVE CODING
![Page 20: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/20.jpg)
XSSCross Site Scripting
![Page 21: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/21.jpg)
LIVE CODING
![Page 22: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/22.jpg)
CSRFCross s. ref. forgery
![Page 23: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/23.jpg)
LIVE CODING
![Page 24: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/24.jpg)
Files (download / upload)
![Page 25: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/25.jpg)
class Asset < ActiveRecord::Base validates_presence_of :title has_attached_file :document, :styles => { :medium => "300x300#", :thumb => "50x50#" } validates_attachment_size :document, :less_than => 5.megabyte validates_attachment_presence :document default_scope :order => "created_at DESC" end
![Page 26: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/26.jpg)
class Asset < ActiveRecord::Base validates_presence_of :title
has_attached_file :document, :path => ":rails_root/uploads/:attachment/:id/:style/:style.:extension", :styles => { :medium => "300x300#", :thumb => "50x50#" }
has_attached_file :document, , :whiny => false
validates_attachment_size :document, :less_than => 5.megabyte validates_attachment_presence :document validates_attachment_content_type :document, :content_type => %w(image/jpeg image/pjpeg image/gif image/png)
default_scope :order => "created_at DESC"
end
![Page 27: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/27.jpg)
send_file('/var/www/uploads/' + params[:filename])
../../../etc/passwd
![Page 28: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/28.jpg)
BRUTE FORCE
![Page 29: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/29.jpg)
Devise.setup do |config| config.mailer_sender = "[email protected]"
require 'devise/orm/active_record'
config.encryptor = :bcrypt config.pepper = "e3b0100c8c0ef8a7f09f104de3d2827f..."
config.timeout_in = 10.minutes
config.lock_strategy = :failed_attempts config.maximum_attempts = 20 config.unlock_strategy = :both # email and time config.unlock_in = 1.hourend
Devise
![Page 30: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/30.jpg)
SpamsLog FilteringParâmetros
![Page 31: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/31.jpg)
gem 'reverse_captcha'
class Comment < ActiveRecord::Base captcha :nicknameend
<%= form_for @comment do |f| %> ... <%= f.captcha %><% end %>
Spam
gem 'recaptcha'gem 'captcha'
![Page 32: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/32.jpg)
require File.expand_path('../boot', __FILE__)
require 'rails/all'
Bundler.require(:default, Rails.env) if defined?(Bundler)
module Producer class Application < Rails::Application config.autoload_paths += %W(#{config.root}/app/sweepers) config.i18n.default_locale = "pt-BR" config.encoding = "utf-8"
config.filter_parameters += [:password, :credit_card, :cnpj, :cpf] ... endend
Log Filter
![Page 33: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/33.jpg)
@project = Project.find(params[:id])
Parâmetros
@project = current_user.projects.find(params[:id])
![Page 34: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/34.jpg)
Mass Assign.
Parâmetros
☐☐
SQL Inject.☐XSS☐CSRF☐File System☐
Brute Force☐Spams☐Log☐Session☐
![Page 35: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/35.jpg)
Mass Assign.
Parâmetros
☑
SQL Inject.
XSS
CSRF
File System
Brute Force
Spams
Log
☑☑☑☑☑
☑☑☑
![Page 36: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/36.jpg)
![Page 37: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/37.jpg)
• SSL
• Criptografia
• Automated Protection
• Pen. Testing
• Mantenha-se Atualizado
![Page 38: Seguranca em APP Rails](https://reader033.fdocuments.us/reader033/viewer/2022052619/55593277d8b42a4f3d8b49b3/html5/thumbnails/38.jpg)
Contatos
@danielvlopes
www.objetiva.co
Cursos
www.egenial.pro/cursos