IT security for all. Bootcamp slides

552 views
428 views

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
552
On SlideShare
0
From Embeds
0
Number of Embeds
18
Actions
Shares
0
Downloads
5
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

IT security for all. Bootcamp slides

  1. 1. IT security for startups all Bootcamp, MIPT, 21/12/2013
  2. 2. BIO • Whitehat (Facebook, Google,Yandex rewards) • Security researcher • CEO • @d0znpp
  3. 3. Security? • Not for our budget now • Not affected revenue • We are not interesting for hackers • No one had hacked us before • Rocket science • QA job
  4. 4. Security! • We have firewall • We have admin • We have antivirus • All is OK
  5. 5. Security! • External network level • Application layer • Internal network layer • Staff awareness
  6. 6. Best practice!
  7. 7. Security like bookkeeping • A process • Nondiscrete • You can not start it retroactively
  8. 8. Enterprise way • SDL - security development lifecycle • Works but hard to implement
  9. 9. All in clouds! ! For what i need security?
  10. 10. Typical cases • Marketing site (almost static content) • Cloud CRM • Cloud mail • Cloud dev (github/bitbucket private reps) • And what about DNS? • What about integration between it? • What about client-side security?
  11. 11. PCI DSS! ! Our payments protected
  12. 12. Typical cases • «These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step» • And what about other information? • What about MY data/money? • Nothing...
  13. 13. Platform (CMS, framework, etc) based application ! Our security depends from platform security
  14. 14. Typical cases • On what basis did you choose the platform? • Is your platform have security guide? • Are you read it? • Do you all understand there? • Whether your application can run on the new version of the same?
  15. 15. A little from history • HTTP - 1991 for links at science articles • PHP - Personal Home Pages • ...
  16. 16. Typical questions after security audit • Why so easy to hack us? • Why this has not been done before? • How do we know whether it's someone did earlier?
  17. 17. What i can do now? • Scan your addresses using nmap -p1-65535 • Add nmap scanning to QA tests • Create «Security basics» page in your Wiki • http://en.wikipedia.org/wiki/Crosssite_scripting • http://en.wikipedia.org/wiki/Crosssite_request_forgery • ...
  18. 18. Q/A or QA ;) Contact anytime: • in@wallarm.com • @d0znpp

×