• A process
• You can not start it retroactively
• SDL - security development lifecycle
• Works but hard to implement
All in clouds!
For what i need
• Marketing site (almost static content)
• Cloud CRM
• Cloud mail
• Cloud dev (github/bitbucket private reps)
• And what about DNS?
• What about integration between it?
• What about client-side security?
• «These materials include a framework of
speciﬁcations, tools, measurements and
support resources to help organizations
ensure the safe handling of cardholder
information at every step»
• And what about other information?
• What about MY data/money?
framework, etc) based
Our security depends
from platform security
• On what basis did you choose the
• Is your platform have security guide?
• Are you read it?
• Do you all understand there?
• Whether your application can run on the
new version of the same?
A little from history
• HTTP - 1991 for links at science articles
• PHP - Personal Home Pages
Typical questions after
• Why so easy to hack us?
• Why this has not been done before?
• How do we know whether it's someone
What i can do now?
• Scan your addresses using nmap -p1-65535
• Add nmap scanning to QA tests
• Create «Security basics» page in your Wiki
Q/A or QA ;)