+ All Categories
Home > Education > IT security for all. Bootcamp slides

IT security for all. Bootcamp slides

Date post: 19-Jun-2015
Category:

Education
Upload: wallarm
View: 183 times
Download: 4 times
Download Report this document
Share this document with a friend
Popular Tags:
platform security
security audit
security guide
security basics page
qa tests
typical questions
qa contact
platform cms
19
IT security for startups all Bootcamp, MIPT, 21/12/2013
Transcript
Page 1: IT security for all. Bootcamp slides

IT security for startups all

Bootcamp, MIPT, 21/12/2013

Page 2: IT security for all. Bootcamp slides

BIO

• Whitehat (Facebook, Google, Yandex rewards)

• Security researcher

• CEO

• @d0znpp

Page 3: IT security for all. Bootcamp slides

Security?

• Not for our budget now

• Not affected revenue

• We are not interesting for hackers

• No one had hacked us before

• Rocket science

• QA job

Page 4: IT security for all. Bootcamp slides

Security!

• We have firewall

• We have admin

• We have antivirus

• All is OK

Page 5: IT security for all. Bootcamp slides

Security!

• External network level

• Application layer

• Internal network layer

• Staff awareness

Page 6: IT security for all. Bootcamp slides
Page 7: IT security for all. Bootcamp slides

Best practice!

Page 8: IT security for all. Bootcamp slides

Security like bookkeeping

• A process

• Nondiscrete

• You can not start it retroactively

Page 9: IT security for all. Bootcamp slides

Enterprise way

• SDL - security development lifecycle

• Works but hard to implement

Page 10: IT security for all. Bootcamp slides

All in clouds! !

For what i need security?

Page 11: IT security for all. Bootcamp slides

Typical cases

• Marketing site (almost static content)

• Cloud CRM

• Cloud mail

• Cloud dev (github/bitbucket private reps)

• And what about DNS?

• What about integration between it?

• What about client-side security?

Page 12: IT security for all. Bootcamp slides

PCI DSS! !

Our payments protected

Page 13: IT security for all. Bootcamp slides

Typical cases

• «These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step»

• And what about other information?

• What about MY data/money?

• Nothing...

Page 14: IT security for all. Bootcamp slides

Platform (CMS, framework, etc) based

application !

Our security depends from platform security

Page 15: IT security for all. Bootcamp slides

Typical cases

• On what basis did you choose the platform?

• Is your platform have security guide?

• Are you read it?

• Do you all understand there?

• Whether your application can run on the new version of the same?

Page 16: IT security for all. Bootcamp slides

A little from history

• HTTP - 1991 for links at science articles

• PHP - Personal Home Pages

• ...

Page 17: IT security for all. Bootcamp slides

Typical questions after security audit

• Why so easy to hack us?

• Why this has not been done before?

• How do we know whether it's someone did earlier?

Page 18: IT security for all. Bootcamp slides

What i can do now?

• Scan your addresses using nmap -p1-65535

• Add nmap scanning to QA tests

• Create «Security basics» page in your Wiki

• http://en.wikipedia.org/wiki/Cross-site_scripting

• http://en.wikipedia.org/wiki/Cross-site_request_forgery

• ...

http://en.wikipedia.org/wiki/Cross-site_scripting
http://en.wikipedia.org/wiki/Cross-site_request_forgery
Page 19: IT security for all. Bootcamp slides

Q/A or QA ;)

Contact anytime:

[email protected]

• @d0znpp

mailto:[email protected]

Recommended
AWS Security Event Slides

AWS Security Event Slides

Documents

“Bootcamp” Lesson 4 · “Bootcamp” Lesson 4.1 1 ... • a space-invaders game with many invaders • a presentation with many slides • Each of these can be represented as

“Bootcamp” Lesson 4 · “Bootcamp” Lesson 4.1 1 ... • a space-invaders game with many invaders • a presentation with many slides • Each of these can be represented as

Documents

App slides at bootcamp

App slides at bootcamp

Documents

87 Security Frameworks Slides

87 Security Frameworks Slides

Documents

Networking and Security PowerPoint Slides

Networking and Security PowerPoint Slides

Documents

Security+ Slides

Security+ Slides

Documents

Security Bootcamp 2013 mitigate d do-s attack with effective cost

Security Bootcamp 2013 mitigate d do-s attack with effective cost

Technology

Web App Security Slides

Web App Security Slides

Documents

security slides

security slides

Documents

Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Chấn Việt

Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Chấn Việt

Technology

Energy security green needham slides

Energy security green needham slides

Documents

Ios4 Security Evaluation Slides

Ios4 Security Evaluation Slides

Documents

Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015

Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015

Technology

L2 Security Bootcamp Final

L2 Security Bootcamp Final

Documents

Security Bootcamp 2013 lap trinh web an toan

Security Bootcamp 2013 lap trinh web an toan

Technology

2013 Bootcamp Core Slides

2013 Bootcamp Core Slides

Documents

SDN Mini-Bootcamp - Mirantis · How SDN protocols such as OpenFlow work and how that relates to your own ... 1.5.1, March 2015 ... bit.ly/sdn-mini-bootcamp-slides

SDN Mini-Bootcamp - Mirantis · How SDN protocols such as OpenFlow work and how that relates to your own ... 1.5.1, March 2015 ... bit.ly/sdn-mini-bootcamp-slides

Documents

L2-security-Bootcamp-final - Dartmouth College

L2-security-Bootcamp-final - Dartmouth College

Documents