code review and security audit in private cloud - arief karfianto
DESCRIPTION
Code review and security audit in private cloudTRANSCRIPT
![Page 1: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/1.jpg)
Code Review and Security
Audit in Private Cloud
@karfianto
UKP4
![Page 2: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/2.jpg)
About Me
• UPN alumnus
• civil cervant
• sysadmin
• system analyst
• app tester
![Page 3: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/3.jpg)
Things I Like
• foss
• website optimization
• system security
• wireframing
![Page 4: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/4.jpg)
Managed Projects
data.id
![Page 5: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/5.jpg)
Problems in App Development
• design
• functionality test
• security test
• maintenance
![Page 6: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/6.jpg)
Problem: Maintenance
From: sysadmin
Hi Developers,
There’s a bug in your app
From: postmaster
Error
User not found [email protected]
![Page 7: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/7.jpg)
Security Test
• Blackbox
• Greybox
• Whitebox (Code Review)
![Page 8: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/8.jpg)
Problem: Access to Source
Code
From: Developers
Hi sysadmin,
We found some bugs in the
app, we will patch soon
From: Sysadmin
Hi developer,
Username: root
Password: 123456
![Page 9: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/9.jpg)
Problem: No Changes History
From: Developers
Hi sysadmin,
We found some bugs in the
app, we will patch soon
From: Sysadmin
Hi developer,
Please send me the
changed php files..
![Page 10: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/10.jpg)
500 Internal Server Error
From: Sysadmin
Hi developer,
There’s another error after
patching. Please roll them
back ..!!
![Page 11: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/11.jpg)
Let’s Make Our Job Easier
• Create source code repository
• Use versioning
• Control user access to the code
• No access to production servers
![Page 12: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/12.jpg)
Free Source Code Hosting
![Page 13: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/13.jpg)
Make It Private
• security
• availability
• policy compliance (e.g. iso27001)
![Page 14: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/14.jpg)
...and Flexible
Using Cloud Infrastructure
• Flexible Resource
• Cloning
• High Availability
• Snapshot and Restore
![Page 15: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/15.jpg)
Model
![Page 16: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/16.jpg)
How These Stuffs Work
• VPN Tunneling
![Page 17: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/17.jpg)
Related Tools
• Git : a version control system
• Gitweb : the git web interface
• Gitosis : repository access control
• VPN & SSH : tunneled access
![Page 18: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/18.jpg)
Creating a Repository
root@revision-control ~# ./addrepo.sh
Please enter repository name and description
Name :sample-app2
Description :Sample application 2.0
Creating a repository...
Initialized empty Git repository in /srv/repos/git/sample-app2/.git/
# On branch master
#
# Initial commit
#
nothing to commit (create/copy files and use "git add" to track)
Cloning into bare repository repositories/sample-app2.git...
done.
warning: You appear to have cloned an empty repository.
[Done]
![Page 19: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/19.jpg)
Gitosis Config
Copy the public key to server
Then edit gitosis.conf..
[group sample-app2]
writable = sample-app2
members = intruder@LENOVOY460
![Page 20: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/20.jpg)
Clone and Review
![Page 21: Code review and security audit in private cloud - Arief Karfianto](https://reader033.vdocuments.us/reader033/viewer/2022060201/559af1ee1a28abb2708b45a7/html5/thumbnails/21.jpg)
Thank You