Your SlideShare is downloading. ×
IT security for all. Bootcamp slides
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

IT security for all. Bootcamp slides

140
views

Published on


0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
140
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. IT security for startups all Bootcamp, MIPT, 21/12/2013
  • 2. BIO • Whitehat (Facebook, Google,Yandex rewards) • Security researcher • CEO • @d0znpp
  • 3. Security? • Not for our budget now • Not affected revenue • We are not interesting for hackers • No one had hacked us before • Rocket science • QA job
  • 4. Security! • We have firewall • We have admin • We have antivirus • All is OK
  • 5. Security! • External network level • Application layer • Internal network layer • Staff awareness
  • 6. Best practice!
  • 7. Security like bookkeeping • A process • Nondiscrete • You can not start it retroactively
  • 8. Enterprise way • SDL - security development lifecycle • Works but hard to implement
  • 9. All in clouds! ! For what i need security?
  • 10. Typical cases • Marketing site (almost static content) • Cloud CRM • Cloud mail • Cloud dev (github/bitbucket private reps) • And what about DNS? • What about integration between it? • What about client-side security?
  • 11. PCI DSS! ! Our payments protected
  • 12. Typical cases • «These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step» • And what about other information? • What about MY data/money? • Nothing...
  • 13. Platform (CMS, framework, etc) based application ! Our security depends from platform security
  • 14. Typical cases • On what basis did you choose the platform? • Is your platform have security guide? • Are you read it? • Do you all understand there? • Whether your application can run on the new version of the same?
  • 15. A little from history • HTTP - 1991 for links at science articles • PHP - Personal Home Pages • ...
  • 16. Typical questions after security audit • Why so easy to hack us? • Why this has not been done before? • How do we know whether it's someone did earlier?
  • 17. What i can do now? • Scan your addresses using nmap -p1-65535 • Add nmap scanning to QA tests • Create «Security basics» page in your Wiki • http://en.wikipedia.org/wiki/Crosssite_scripting • http://en.wikipedia.org/wiki/Crosssite_request_forgery • ...
  • 18. Q/A or QA ;) Contact anytime: • in@wallarm.com • @d0znpp