Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Code review and security audit in private cloud - Arief Karfianto

Download as PPTX, PDF

This document discusses implementing code review and security in a private cloud environment. It outlines some common problems that occur during app development like bugs, errors, and lack of version control. The document then proposes hosting source code in a private cloud repository for improved security, availability, and compliance. It describes using tools like Git, Gitweb and VPN access to implement a flexible source code management system in the cloud with role-based access control and snapshot capabilities.

1 of 21
Code Review and Security Audit in Private Cloud @karfianto UKP4
About Me • UPN alumnus • civil cervant • sysadmin • system analyst • app tester
Things I Like • foss • website optimization • system security • wireframing
Managed Projects data.id
Problems in App Development • design • functionality test • security test • maintenance
Problem: Maintenance From: sysadmin Hi Developers, There’s a bug in your app From: postmaster Error User not found dude@expert.com
Security Test • Blackbox • Greybox • Whitebox (Code Review)
Problem: Access to Source Code From: Developers Hi sysadmin, We found some bugs in the app, we will patch soon From: Sysadmin Hi developer, Username: root Password: 123456
Problem: No Changes History From: Developers Hi sysadmin, We found some bugs in the app, we will patch soon From: Sysadmin Hi developer, Please send me the changed php files..
500 Internal Server Error From: Sysadmin Hi developer, There’s another error after patching. Please roll them back ..!!
Let’s Make Our Job Easier • Create source code repository • Use versioning • Control user access to the code • No access to production servers
Free Source Code Hosting
Make It Private • security • availability • policy compliance (e.g. iso27001)
...and Flexible Using Cloud Infrastructure • Flexible Resource • Cloning • High Availability • Snapshot and Restore
Model
How These Stuffs Work • VPN Tunneling
Related Tools • Git : a version control system • Gitweb : the git web interface • Gitosis : repository access control • VPN & SSH : tunneled access
Creating a Repository root@revision-control ~# ./addrepo.sh Please enter repository name and description Name :sample-app2 Description :Sample application 2.0 Creating a repository... Initialized empty Git repository in /srv/repos/git/sample-app2/.git/ # On branch master # # Initial commit # nothing to commit (create/copy files and use "git add" to track) Cloning into bare repository repositories/sample-app2.git... done. warning: You appear to have cloned an empty repository. [Done]
Gitosis Config Copy the public key to server Then edit gitosis.conf.. [group sample-app2] writable = sample-app2 members = intruder@LENOVOY460 John@Doe.PC
Clone and Review
Thank You

More Related Content

Code review and security audit in private cloud - Arief Karfianto

  • 1. Code Review and Security Audit in Private Cloud @karfianto UKP4
  • 2. About Me • UPN alumnus • civil cervant • sysadmin • system analyst • app tester
  • 3. Things I Like • foss • website optimization • system security • wireframing
  • 5. Problems in App Development • design • functionality test • security test • maintenance
  • 6. Problem: Maintenance From: sysadmin Hi Developers, There’s a bug in your app From: postmaster Error User not found dude@expert.com
  • 7. Security Test • Blackbox • Greybox • Whitebox (Code Review)
  • 8. Problem: Access to Source Code From: Developers Hi sysadmin, We found some bugs in the app, we will patch soon From: Sysadmin Hi developer, Username: root Password: 123456
  • 9. Problem: No Changes History From: Developers Hi sysadmin, We found some bugs in the app, we will patch soon From: Sysadmin Hi developer, Please send me the changed php files..
  • 10. 500 Internal Server Error From: Sysadmin Hi developer, There’s another error after patching. Please roll them back ..!!
  • 11. Let’s Make Our Job Easier • Create source code repository • Use versioning • Control user access to the code • No access to production servers
  • 12. Free Source Code Hosting
  • 13. Make It Private • security • availability • policy compliance (e.g. iso27001)
  • 14. ...and Flexible Using Cloud Infrastructure • Flexible Resource • Cloning • High Availability • Snapshot and Restore
  • 15. Model
  • 16. How These Stuffs Work • VPN Tunneling
  • 17. Related Tools • Git : a version control system • Gitweb : the git web interface • Gitosis : repository access control • VPN & SSH : tunneled access
  • 18. Creating a Repository root@revision-control ~# ./addrepo.sh Please enter repository name and description Name :sample-app2 Description :Sample application 2.0 Creating a repository... Initialized empty Git repository in /srv/repos/git/sample-app2/.git/ # On branch master # # Initial commit # nothing to commit (create/copy files and use "git add" to track) Cloning into bare repository repositories/sample-app2.git... done. warning: You appear to have cloned an empty repository. [Done]
  • 19. Gitosis Config Copy the public key to server Then edit gitosis.conf.. [group sample-app2] writable = sample-app2 members = intruder@LENOVOY460 John@Doe.PC