IT security for all. Bootcamp slides
Upcoming SlideShare
Loading in...5

IT security for all. Bootcamp slides






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds


Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

IT security for all. Bootcamp slides IT security for all. Bootcamp slides Presentation Transcript

  • IT security for startups all Bootcamp, MIPT, 21/12/2013
  • BIO • Whitehat (Facebook, Google,Yandex rewards) • Security researcher • CEO • @d0znpp
  • Security? • Not for our budget now • Not affected revenue • We are not interesting for hackers • No one had hacked us before • Rocket science • QA job
  • Security! • We have firewall • We have admin • We have antivirus • All is OK
  • Security! • External network level • Application layer • Internal network layer • Staff awareness
  • Best practice!
  • Security like bookkeeping • A process • Nondiscrete • You can not start it retroactively
  • Enterprise way • SDL - security development lifecycle • Works but hard to implement
  • All in clouds! ! For what i need security?
  • Typical cases • Marketing site (almost static content) • Cloud CRM • Cloud mail • Cloud dev (github/bitbucket private reps) • And what about DNS? • What about integration between it? • What about client-side security?
  • PCI DSS! ! Our payments protected
  • Typical cases • «These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step» • And what about other information? • What about MY data/money? • Nothing...
  • Platform (CMS, framework, etc) based application ! Our security depends from platform security
  • Typical cases • On what basis did you choose the platform? • Is your platform have security guide? • Are you read it? • Do you all understand there? • Whether your application can run on the new version of the same?
  • A little from history • HTTP - 1991 for links at science articles • PHP - Personal Home Pages • ...
  • Typical questions after security audit • Why so easy to hack us? • Why this has not been done before? • How do we know whether it's someone did earlier?
  • What i can do now? • Scan your addresses using nmap -p1-65535 • Add nmap scanning to QA tests • Create «Security basics» page in your Wiki • • • ...
  • Q/A or QA ;) Contact anytime: • • @d0znpp