"Defense in depth": trench warfare principles for building secure distributed applications
“Defense in depth” is a security engineering pattern, that suggests building an independent set of security controls aimed at mitigating more risks even if the attacker crosses the outer perimeter. During the talk, Anastasiia modeled threats and risks for the modern distributed application, and improved it by building multiple lines of defence. She gave an overview of high-level patterns and exact tools how to build defense in depth for your distributed web applications.
Teach your application eloquence. Logs, metrics, traces.
Most modern applications live in a close cooperation with each other. Dmytro spoke about the ways to effectively use the modern techniques for monitoring the health of applications. Being an infrastructure engineer, Dmytro explain typical mistakes developers do when implement monitoring, and suggested a couple of approaches and tools that can help.
Data encryption for Ruby web applications
Making secure applications is not easy, especially when encryption tools are difficult and incomprehensible. Dmytro talked about typical data security problems in web apps and about proper implementation of encryption. Dmytro reviewed the cryptographic approaches and the exact tools that ensure that no sensitive data leaks from the application or the database.