Chris Riley

Nuclear powered software security by Chris Riley

It seems to be almost a weekly occurrence that another company makes the news headlines for being hacked and in the process disclosing sensitive user data and company secrets. These security meltdowns can cause catastrophic effects to the company in lost user trust and huge costs putting things right.

A nuclear power plant is considered one of the most dangerous things mankind has built, yet they very rarely go wrong. The systems engineering that goes into making nuclear power plants safe is a fascinating topic to study but on the surface it seems entirely irrelevant to PHP developers.

In this talk I'm going to show you how this level of safety is achieved, what happens when it goes wrong and then see what lessons we, as PHP developers, can learn from it to help us secure our applications from meltdown.

Talk Questions

  • Question 274
    I hope that on another part of the world, there is a talk of nuclear energy safety that has a software security introduction
  • Question 292
    Could an sql injection be equivalent to radon nucleus poisoning? Having the passwords of the infrastructure in plain text in project configuration files, is it like having graphite on the roof?
  • Question 283
    Was php behind the chernobyl incident??
  • Question 278
    I want one of those elephants. Do you raffle them? -L
  • Question 296
    Am I the only one that finds this well presented nuclear security comparison fantastic?
  • Question 318
    What kind of tools do you use to analyze PHP regarding security?
  • Question 319
    For administrator passwords which is the best encrypt algorithm to store in db system or other system?
  • Question 307
    Just press AZ-5.
  • Question 341
    Is it safe to Split a nuclear plant on a microservice architecture?
  • Question 336
    The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering.
  • Question 348
    How prevent vulnerabilities in external library?
  • Question 305
    Planes and nuclear talk, hello NSA
  • Question 384
    Chris, nice talk, insightfull for those actually want to learn and develop themselves. The nuclear comparison works great. Thanks!
  • Question 367
    Which open source tools are to do vulnerability assessment, or which ones recomends you?
  • Question 392
    Nice Talk Chris, I like it a lot!
  • Question 327
    https://www.iaea.org/topics/security-aspects
  • Question 364
    You could have added an example with PHP code that compromised or even damaged physical components. Can you provide one?
  • Question 395
    Good talk dude
  • Question 338
    What ways can be used to compromise or damage physical system, in order to prevent them?