Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Magento meet-up


Published on

Pod1 Magento developers meet-up
July 28th 2010 at Brilliant's offices in Shoreditch

Published in: Technology
  • Login to see the comments

  • Be the first to like this

Magento meet-up

  1. 1. Magento meet-upJuly 28th 2010<br />
  2. 2. About Pod1 and Brilliant – the Pod1 Group<br />Established 2001<br />About 100 people in London, New York, Cape Town<br />Full service digital agency: strategy, design & build, marketing<br />Magento Enterprise Partner<br />Delivered more than 20 Magentosites (15 currently in production across the Pod1 Group)<br />
  3. 3. Format<br />Nominate topics and vote<br />Brief talks, followed by discussion (maximum of 15 minutes each)<br />Closing discussion: what we love and hate about Magento<br />
  4. 4. Topics for discussion – so far?<br />Magento and PCI compliance<br />Performance tuning Magento<br />Magento localization - language translations<br />The Magento theme hierarchy<br />Other suggestions<br />
  5. 5. Magento and PCI compliance<br />What is PCI compliance?<br />What is Varien’s position on PCI compliance?<br />What are your options as a solution provider?<br />
  6. 6. What is PCI compliance?<br />Payment card security – global standard<br />PCI-DSS covers a business (e.g. a retailer)<br />applies infrastructure, software, business processes, manual records, databases<br />PA-DSS covers an application (e.g. Magento, or a chip and pin terminal)<br />applies to any application that handles card data<br />It will become a business survival issue in the next 2 years<br />
  7. 7. Varien’s position<br />Community Edition – no Varien offering on PCI compliance, you have to ensure it yourself<br />Professional and Enterprise Edition – strong encryption, security, audit trails in Magento, plus Payment Bridge (perhaps not for PE)<br />Payment Bridge – abstracts card handling into inaccessible, secure application, separate from Magento<br />
  8. 8.
  9. 9. Options as a solution provider<br />Need to get infrastructure and processes right anyway:<br />Firewalls, DMZs, IDS, IPS, scans, securing servers<br />Development, QA, deployment processes<br />Business processes<br />Community Edition is risky for PCI-DSS (limited audit and access control)<br />Professional (TBC) and Enterprise:<br />Use Payment Bridge<br />Use payment extension that doesn’t retain card data (this will need to be verifiable) – for example the Sagepay extension<br />
  10. 10. Performance tuning Magento<br />How far are people taking Magento performance-wise?<br />How are they achieving it?<br />
  11. 11. Magento localization - language translations<br />Arabic case study<br />Top tips and things to avoid<br />
  12. 12.
  13. 13. Closing discussion<br />What do you love about developing for Magento?<br />And what do you hate?<br />