IT security for all. Bootcamp slides

Post on 19-Jun-2015

183 views 4 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

transcript

IT security for startups all

Bootcamp, MIPT, 21/12/2013

BIO

• Whitehat (Facebook, Google, Yandex rewards)

• Security researcher

• CEO

• @d0znpp

Security?

• Not for our budget now

• Not affected revenue

• We are not interesting for hackers

• No one had hacked us before

• Rocket science

• QA job

Security!

• We have firewall

• We have admin

• We have antivirus

• All is OK

Security!

• External network level

• Application layer

• Internal network layer

• Staff awareness

Best practice!

Security like bookkeeping

• A process

• Nondiscrete

• You can not start it retroactively

Enterprise way

• SDL - security development lifecycle

• Works but hard to implement

All in clouds! !

For what i need security?

Typical cases

• Marketing site (almost static content)

• Cloud CRM

• Cloud mail

• Cloud dev (github/bitbucket private reps)

• And what about DNS?

• What about integration between it?

• What about client-side security?

PCI DSS! !

Our payments protected

Typical cases

• «These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step»

• And what about other information?

• What about MY data/money?

• Nothing...

Platform (CMS, framework, etc) based

application !

Our security depends from platform security

Typical cases

• On what basis did you choose the platform?

• Is your platform have security guide?

• Are you read it?

• Do you all understand there?

• Whether your application can run on the new version of the same?

A little from history

• HTTP - 1991 for links at science articles

• PHP - Personal Home Pages

• ...

Typical questions after security audit

• Why so easy to hack us?

• Why this has not been done before?

• How do we know whether it's someone did earlier?

What i can do now?

• Scan your addresses using nmap -p1-65535

• Add nmap scanning to QA tests

• Create «Security basics» page in your Wiki

• http://en.wikipedia.org/wiki/Cross-site_scripting

• http://en.wikipedia.org/wiki/Cross-site_request_forgery

• ...

http://en.wikipedia.org/wiki/Cross-site_scripting
http://en.wikipedia.org/wiki/Cross-site_request_forgery

Q/A or QA ;)

Contact anytime:

• in@wallarm.com

• @d0znpp

mailto:in@wallarm.com

Top related

Security Bootcamp for Startups and Small Businesses
Technology
Security Bootcamp 2013 - Lap trinh web an toan
Technology
87 Security Frameworks Slides
Documents
Security+ Certification (Glossary Definition) (Slides)
Technology
AWS Security Event Slides
Documents
Security+ Slides
Documents
Word 2007 Bootcamp Slides
Entertainment & Humor
Ideation Bootcamp Slides 11-15-11
Documents
Docker Security workshop slides
Technology
Social media mini bootcamp slides
Documents
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Technology
Windows Powershell and Microsoft Azure : “Global Windows Azure BootCamp 2014 Slides
Education
Security Bootcamp 2013 mitigate d do-s attack with effective cost
Technology
“Bootcamp” Lesson 4 · “Bootcamp” Lesson 4.1 1 ... • a space-invaders game with many invaders • a presentation with many slides • Each of these can be represented as
Documents
Bootcamp slides
Technology
App slides at bootcamp
Documents
Energy security green needham slides
Documents
SHARE “Assembler BootCamp” Assembler BootCamp Starter Kit€¦ · routines for link-time inclusion in an executable program.) 5. Presentations − The presentation-slides handout
Documents
Ideation Bootcamp Slides Seattle 02-21-12 & Redmond 2-23-12
Documents
Networking and Security PowerPoint Slides
Documents

Copyright © 2018 DOCUMENTS