Skip to content

Instantly share code, notes, and snippets.

@braoru

braoru/ asfws14.md

Last active August 29, 2015 14:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save braoru/9fb67f6a2413dc466305 to your computer and use it in GitHub Desktop.
Save braoru/9fb67f6a2413dc466305 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
asfws14.md

#Talk

  • The A of CIA aka playing with CAP theorem
    • CRDT
    • How and why computer fail
    • Failures in distributed systems
    • Consistency in distributed systems
    • Reliability techniques
    • ...

Nowadays when people think about #infosec they tend to forgot this little A. In this area of cloud computing and massively distributed services and storage, this little A can be a huge pain in the ass.

When you decide to shard/split/distribute/whaetvercloudyyouwant your data and services, you will face a whole new set of problematics like a split (the intentional or accidental down of node, a link, a software services and so on), asynchronous update of data, concurrent update of data and so on.

This talk what to present what you can do today within your data and your code to shield-up your distributed services against this kind of issues.

In 2014 when your distributed service should work in a active-active manner with no downtime. In 2014 your applications and data storage should be able to restore and heal themselves from failures. In 2014 you should be able to survive partial loss in your cloud.

More than all, you should do all of this with almost no human cost and without old and creepy master-slave kind of synchronization.

I will try to use open-source and well-known example of what people are doing about that.

  • SeLinux 2014

    • Architecture of SeLinux
    • 5 minutes to understands SeLinux
    • How modern distirbutions use IT
    • How to go with SeLinux and not against SeLinux
    • svirt, dockers, PAAS and current use of SeLinux in cool and trendy projects
    • ..

  • A world with less undigestible cookies but more chunky and crispy tokens

    • Introduction to JWT
    • Applicative authorisations validation split
    • 10$ SSO
    • ....

  • SRP + JWT and SSO for modern websites

    • Gentle introduction to SRP
    • Introduction to JWT
    • Applicative authrisations validation split
    • About consistent context across application layers (Use user token inside DAO for impersonation ..)
    • ...

  • GDB reminders

    • Kind of cheatsheet slides about GDB and how to use it

  • Applicative logging, do it by yourself !

  • Kibana + logstash + elsaticsearch + redis + caching and so on

  • How to use logback and other logging API

  • Best practice about how to handle loggin in your apps

#Training 1D

  • SeLinux

  • Metasploit

  • Introduction to GDB (Beginer orented)

  • Applicative logging

  • Logstash, elasticsearch, redis, kibana

  • Design your applicative log

  • How to maintan and install all the stuff

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment