• Home

  • Technology

  • Code review and security audit in private cloud - Arief Karfianto
21
Code Review and Security Audit in Private Cloud @karfianto UKP4

Code review and security audit in private cloud - Arief Karfianto

Tags:

Embed Size (px)

DESCRIPTION

Code review and security audit in private cloud

Citation preview

Page 1: Code review and security audit in private cloud - Arief Karfianto

Code Review and Security

Audit in Private Cloud

@karfianto

UKP4

Page 2: Code review and security audit in private cloud - Arief Karfianto

About Me

• UPN alumnus

• civil cervant

• sysadmin

• system analyst

• app tester

Page 3: Code review and security audit in private cloud - Arief Karfianto

Things I Like

• foss

• website optimization

• system security

• wireframing

Page 4: Code review and security audit in private cloud - Arief Karfianto

Managed Projects

data.id

Page 5: Code review and security audit in private cloud - Arief Karfianto

Problems in App Development

• design

• functionality test

• security test

• maintenance

Page 6: Code review and security audit in private cloud - Arief Karfianto

Problem: Maintenance

From: sysadmin

Hi Developers,

There’s a bug in your app

From: postmaster

Error

User not found [email protected]

mailto:[email protected]
Page 7: Code review and security audit in private cloud - Arief Karfianto

Security Test

• Blackbox

• Greybox

• Whitebox (Code Review)

Page 8: Code review and security audit in private cloud - Arief Karfianto

Problem: Access to Source

Code

From: Developers

Hi sysadmin,

We found some bugs in the

app, we will patch soon

From: Sysadmin

Hi developer,

Username: root

Password: 123456

Page 9: Code review and security audit in private cloud - Arief Karfianto

Problem: No Changes History

From: Developers

Hi sysadmin,

We found some bugs in the

app, we will patch soon

From: Sysadmin

Hi developer,

Please send me the

changed php files..

Page 10: Code review and security audit in private cloud - Arief Karfianto

500 Internal Server Error

From: Sysadmin

Hi developer,

There’s another error after

patching. Please roll them

back ..!!

Page 11: Code review and security audit in private cloud - Arief Karfianto

Let’s Make Our Job Easier

• Create source code repository

• Use versioning

• Control user access to the code

• No access to production servers

Page 12: Code review and security audit in private cloud - Arief Karfianto

Free Source Code Hosting

Page 13: Code review and security audit in private cloud - Arief Karfianto

Make It Private

• security

• availability

• policy compliance (e.g. iso27001)

Page 14: Code review and security audit in private cloud - Arief Karfianto

...and Flexible

Using Cloud Infrastructure

• Flexible Resource

• Cloning

• High Availability

• Snapshot and Restore

Page 15: Code review and security audit in private cloud - Arief Karfianto

Model

Page 16: Code review and security audit in private cloud - Arief Karfianto

How These Stuffs Work

• VPN Tunneling

Page 17: Code review and security audit in private cloud - Arief Karfianto

Related Tools

• Git : a version control system

• Gitweb : the git web interface

• Gitosis : repository access control

• VPN & SSH : tunneled access

Page 18: Code review and security audit in private cloud - Arief Karfianto

Creating a Repository

root@revision-control ~# ./addrepo.sh

Please enter repository name and description

Name :sample-app2

Description :Sample application 2.0

Creating a repository...

Initialized empty Git repository in /srv/repos/git/sample-app2/.git/

# On branch master

#

# Initial commit

#

nothing to commit (create/copy files and use "git add" to track)

Cloning into bare repository repositories/sample-app2.git...

done.

warning: You appear to have cloned an empty repository.

[Done]

Page 19: Code review and security audit in private cloud - Arief Karfianto

Gitosis Config

Copy the public key to server

Then edit gitosis.conf..

[group sample-app2]

writable = sample-app2

members = intruder@LENOVOY460

[email protected]

Page 20: Code review and security audit in private cloud - Arief Karfianto

Clone and Review

Page 21: Code review and security audit in private cloud - Arief Karfianto

Thank You


The value of audit: views from retail (private) investors · the VALUe OF AUDIt: VIews FrOm retAIL (PrIVAte) INVestOrs The value of audit: ... termINOLOgy Audit: ‘Audit’ refers

The value of audit: views from retail (private) investors · the VALUe OF AUDIt: VIews FrOm retAIL (PrIVAte) INVestOrs The value of audit: ... termINOLOgy Audit: ‘Audit’ refers

Documents
2016 Key Performance Indicator Audit Guideline Private ... Key Performance Indicator... · 2016 Key Performance Indicator Audit Guideline Private Institutions ... An accountant licensed

2016 Key Performance Indicator Audit Guideline Private ... Key Performance Indicator... · 2016 Key Performance Indicator Audit Guideline Private Institutions ... An accountant licensed

Documents
ARIEF MULIAWAN-FEB.pdf

ARIEF MULIAWAN-FEB.pdf

Documents
Moh. Yahya Arief

Moh. Yahya Arief

Documents
EKA JUWITA ARIEF

EKA JUWITA ARIEF

Documents
Lapkas arief

Lapkas arief

Documents
Arief Fadlullah Fsh

Arief Fadlullah Fsh

Documents
Arief P - journal.ubm.ac.id

Arief P - journal.ubm.ac.id

Documents
6. Arief Setiawan

6. Arief Setiawan

Documents
2002 Audit Report Private Managed Forest Practices … · 2002 Audit Report Private Managed Forest Practices on Vancouver ... audit exit meeting ... City & Guilds of London Institute

2002 Audit Report Private Managed Forest Practices … · 2002 Audit Report Private Managed Forest Practices on Vancouver ... audit exit meeting ... City & Guilds of London Institute

Documents
DAFTAR PUSTAKA Dwi Putra Arief Rachman Hakim,Arief

DAFTAR PUSTAKA Dwi Putra Arief Rachman Hakim,Arief

Documents
Private Public Partnership - Audit Guidelines

Private Public Partnership - Audit Guidelines

Documents
Edric arief portfolio

Edric arief portfolio

Documents
Arief Rahman

Arief Rahman

Documents
Arief lingkungan

Arief lingkungan

Documents
Mohamad Arief Hidayat

Mohamad Arief Hidayat

Documents
Mohammad Arief

Mohammad Arief

Documents
pterigium arief

pterigium arief

Documents
THE PUBLIC & PRIVATE SECTOR ONLINE SERVICES AUDIT

THE PUBLIC & PRIVATE SECTOR ONLINE SERVICES AUDIT

Documents
Arief Presentation

Arief Presentation

Documents
Bab II Arief

Bab II Arief

Documents
Jurnal Arief

Jurnal Arief

Documents
arief ПЕЧАТЬ.docx

arief ПЕЧАТЬ.docx

Documents
Arief - 7 TOOLS

Arief - 7 TOOLS

Documents
UConn Private Clery Audit Report

UConn Private Clery Audit Report

Documents
KTI ARIEF WIBISANA1

KTI ARIEF WIBISANA1

Documents
Supervisi Akademik (Arief)

Supervisi Akademik (Arief)

Documents
Mola Arief

Mola Arief

Documents
Demand for Audit Quality in Private Firms

Demand for Audit Quality in Private Firms

Documents
Lapsus Arief Dm

Lapsus Arief Dm

Documents