WEBVTT NOTE This file was generated by Descript 00:00:00.000 --> 00:00:03.450 Raphaƫl: Welcome back to our series on EC's methodology. 00:00:03.950 --> 00:00:06.920 Last time we talked about containers today. 00:00:06.979 --> 00:00:08.269 We're talking about security. 00:00:08.769 --> 00:00:13.809 You are always going to have security concerns, but you can do your best to 00:00:13.809 --> 00:00:18.069 address obvious ones early and keep track of them as you work on your project. 00:00:18.570 --> 00:00:22.650 There are always going to be attack vectors that you, or the tools that 00:00:22.650 --> 00:00:24.419 you depend on haven't considered. 00:00:24.919 --> 00:00:27.409 While you cannot control what you don't know. 00:00:27.469 --> 00:00:30.139 You can take steps to avoid surprises. 00:00:30.639 --> 00:00:34.900 As you're developing your app, always make sure to keep access locked 00:00:34.900 --> 00:00:38.889 down by default, whether that's data or servers or anything else. 00:00:39.389 --> 00:00:43.949 From there you'll incrementally open it up to people who require access. 00:00:44.249 --> 00:00:48.450 If you do the reverse, have an open system and incrementally lock it down, 00:00:48.630 --> 00:00:52.380 you're almost guaranteed to leak some data at some point somewhere somehow. 00:00:52.620 --> 00:00:53.339 It's going to happen. 00:00:53.879 --> 00:00:57.829 As you're configuring your infrastructure, you'll also want to make sure to think 00:00:57.829 --> 00:01:02.059 about locking down traffic between services and with the public internet. 00:01:02.559 --> 00:01:07.810 In AWS in its most basic form that might mean using things like security groups. 00:01:08.110 --> 00:01:13.360 On DigitalOcean that might mean using their cloud firewalls service. 00:01:13.797 --> 00:01:18.477 In either case we like to use tools like CloudFlare to mitigate against 00:01:18.507 --> 00:01:22.497 things like distributed denial of service attacks and other things. 00:01:22.916 --> 00:01:27.506 You'll also want to make sure that you keep access to servers locked down. 00:01:28.006 --> 00:01:31.066 In AWS that might mean making sure that the people who have 00:01:31.066 --> 00:01:36.286 access to the keys to SSH into a server is as limited as possible. 00:01:36.586 --> 00:01:40.666 You will also want to make sure that you're using, IAM policies to restrict 00:01:40.666 --> 00:01:43.396 access to services and resources. 00:01:43.896 --> 00:01:47.226 Always keep access as limited as possible. 00:01:47.726 --> 00:01:50.726 It might seem basic, but another thing that's worth mentioning 00:01:50.726 --> 00:01:52.826 is do not password share. 00:01:53.156 --> 00:01:56.156 We have seen people do this in the past, and it's always a mess. 00:01:56.186 --> 00:01:58.976 Sometimes you have a team member who leaves and you 00:01:58.976 --> 00:02:00.296 shared the password with them. 00:02:00.596 --> 00:02:05.096 Now everyone needs to update the password for their own use. 00:02:05.336 --> 00:02:07.016 And it's just not efficient. 00:02:07.016 --> 00:02:08.246 It's not safe. 00:02:08.306 --> 00:02:11.966 Make sure that if you're using a service that requires multiple people 00:02:11.966 --> 00:02:16.376 to interact with one resource that you invite them through their team features 00:02:16.526 --> 00:02:21.026 so that you can easily revoke access to specific people when they leave the team. 00:02:21.326 --> 00:02:24.506 We understand that that usually means an increased cost, but 00:02:24.536 --> 00:02:26.096 believe me, it's worth it. 00:02:26.596 --> 00:02:29.986 If you found this helpful, and you want to learn more about how we build apps 00:02:29.986 --> 00:02:35.206 or more generally how app development works, we've put together a free PDF 00:02:35.446 --> 00:02:39.076 that explains our process and some other stuff that you might want to learn about. 00:02:39.576 --> 00:02:43.206 We also want to know what has your experience been with security? 00:02:43.536 --> 00:02:45.276 What things would you recommend? 00:02:45.776 --> 00:02:46.346 Follow us. 00:02:46.346 --> 00:02:49.856 If you want to keep up with this series, we have a lot more to share, 00:02:49.856 --> 00:02:52.586 and we're always updating our processes. 00:02:52.586 --> 00:02:56.186 As we learn from ourselves, our community and our partners. 00:02:56.686 --> 00:02:59.776 If you think we could work together, we'd love to partner with you and 00:02:59.776 --> 00:03:01.966 help you out with your next project. 00:03:02.506 --> 00:03:04.366 Thanks and see you next time.