Assign reading? System Diagram: Person --> Browser --> Clojure .... --> clojars --> xss DNS, IP Notes: "Friend is intended to provide a foundation for addressing all of the security concerns associated with web apps" "All"? Channel security User-agent authentication Features vs. guarantees!!! Internal app structure & communications? Despite what adversary powers? Access-control? Auditing? Physical controls? Awareness, justification, economy, craft, coherence Trustworthy software Interpreters and structure-breaking Parsing of Authorization header... Weird machines Chain-of-trust: clojars http://docs.codehaus.org/display/MAVEN/Repository+Security https://github.com/technomancy/leiningen/blob/master/src/leiningen/deps.clj Compare to Debian / Fedora... https://groups.google.com/forum/m/#!topic/clojure/AsPs9ZonRPQ/discussion http://branchandbound.net/blog/security/2012/08/verify-dependencies-using-pgp/ http://stackoverflow.com/questions/7094035/how-secure-is-using-maven Passwords in source code Debug interfaces? Weak passwords Passwords?! :-) OWASP? Oracles: Disclosure via error messages. Unsafe interactions? Hashdos Crime, beast Message authentication, replay of messages relayed via the browser Inspired by SASL? Control of default requirements for authorization? Require routes to be authorized for the minimum DNS + CAs -- google + TURKTRUST http://www.dotnetnoob.com/2012/09/security-through-http-response-headers.html?m=1 PII, EU Privacy, Cookies Ring review ----------------- Cookie encryption: https://github.com/ring-clojure/ring/blob/master/ring-core/src/ring/middleware/session/cookie.clj AES CBC PKCS#5 padding.... HMAC256 SecureRandom, SHA1PRNG Encrypt-then-MAC. Attempted constant-time comparison. (Successful? Compiler & implementation defined behavior? How do I test this?) Swapping of key material? Cannot do pinned memory? (Ekobrin) What about cookie length limits? Memory limits? Slow-request killing? Crash rejection? Load reporting? How are requests mapped to computational resources? Handled by the servlet container. DOS by holding connections open? MIME type sniffing? Unsafe interactions. Ring middleware for anti-XSS headers / outbound WAF? Where is the interactive form actually created? User-provided. Taint propagation through metadata?