Security threats, challenges and best practices in ecommerce

•

3 likes•495 views

Dinesh Kumar Aggarwal

Presented at CIO roundtable on Secure the breach ( New Delhi, India) 12th Aug 2015

Internet

What are the treats and
challenges to ecommerce and
online industry today ?

1.Patching
How do I know when these latest
patches and vulnerabilities comes

Regular scanning, at least once
a quarter- Nessus

 DDOS mitigation service from local
service provider
 In-house solution ??

 Application firewalls
 Application penetration testing-in-
house, outsourced. Detailed POC
 Secure code review, secure SDLC
 IDS/IPS

What do hackers get
with all this hacking and
what is their purpose??

More often than not, a Hacker's ultimate goal is Data theft.
Ever wonder what does he/she do with the data? Experts say -
Data theft can be for purposes of blackmail,
espionage, economic gain and more.
The data that is stolen can be financial data (such as
credit card numbers, bank account credentials), personal
data that can further be used for profit (SSN, DOB, etc.),
credentials, private keys and passwords, medical
records, intellectual property (source code, trade secrets,
etc.), the list goes on

Can anyone of us claim
that they are un hackable
?

In real world, key is kept
securely not with
treasure
NO ?

Principle 1
 Always keep key
separate
 Use hash wherever possible

Principle 2
Lock should open with
3/multiple keys
 Multi administrator authentication for
critical tasks

Principle 3
Key destroys itself if someone
tries to steal it.
 Use a key encryption box with in built
Physical security.

Principle 4
Even treasure owner cannot see key and
take out key with him but still use it
 Key export disable
 Key not visible from naked eyes

What's hot

Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL

Aalto cyber-10.4.18japijapi

Leveraging ip 2010Fernando Torres MSc

Reality of cybersecurity 11.4.2017japijapi

Detect, Deter, and Remediate Cyber Risk Courion Corporation

CISO Summit 2020 Post Event ReportSarthak Nanda

Overview of Artificial Intelligence in CybersecurityOlivier Busolini

Information Security: DBPOTata Consultancy Services

Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensenjaredcarst

Bug Bounty Programs : Good for GovernmentDinesh O Bareja

How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...IT Network marcus evans

Practical approach to combating cyber crimesChinatu Uzuegbu

CISO Case Study 2011 V2candy_alexander

2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit WondersInternetwork Engineering (IE)

Addressing Password CreepDigitalPersona

Enterprise cyber securitynsheel

Identity Intelligence: From Reactionary Support to Sustained EnablerDuane Blackburn

Cybersecurity in Sudan: Challenges & OpportunitiesMohamed Amine Belarbi

The 10 most trusted companies in enterprise security for dec 2017Merry D'souza

Bring Your Own IdentityNetIQ

What's hot (20)

Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...

Aalto cyber-10.4.18

Leveraging ip 2010

Reality of cybersecurity 11.4.2017

Detect, Deter, and Remediate Cyber Risk

CISO Summit 2020 Post Event Report

Overview of Artificial Intelligence in Cybersecurity

Information Security: DBPO

Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen

Bug Bounty Programs : Good for Government

How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...

Practical approach to combating cyber crimes

CISO Case Study 2011 V2

2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders

Addressing Password Creep

Enterprise cyber security

Identity Intelligence: From Reactionary Support to Sustained Enabler

Cybersecurity in Sudan: Challenges & Opportunities

The 10 most trusted companies in enterprise security for dec 2017

Bring Your Own Identity

Similar to Security threats, challenges and best practices in ecommerce

Risk Management — Visual Ids CountermeasuresSheloeloe

Robust Software Solutions.pptxBusiness Thrust Pte. Ltd. (BThrust)

Whitepaper: IP Risk Assessment & Loss Prevention - Happiest MindsHappiest Minds Technologies

PCI Compliance ReportHolly Vega

Spirit of PCI DSS by Dr. Anton ChuvakinAnton Chuvakin

2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)Andris Soroka

Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Berezha Security Group

Select idpsInfo-Tech Research Group

Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones

Ethical Hacking, Its relevance and Its ProspectsRwik Kumar Dutta

Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler

APT & What we can do TODAYJames Ryan, CSyP, EA, PMP

The Need for DLP now - A Clearswift White PaperBen Rothke

Michael Hordych: Cybersecurity, Software Engineering & Supply Chain в Україні...Lviv Startup Club

MT 117 Key Innovations in CybersecurityDell EMC World

Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...i2Coalition

Identity & Access Management Day 2022.pdfChinatu Uzuegbu

Information security management v2010joevest

The Difference Between Being Secure And Being CompliantJohn Bedrick

Similar to Security threats, challenges and best practices in ecommerce (20)

Risk Management — Visual Ids Countermeasures

Robust Software Solutions.pptx

Whitepaper: IP Risk Assessment & Loss Prevention - Happiest Minds

PCI Compliance Report

Spirit of PCI DSS by Dr. Anton Chuvakin

2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)

Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...

Select idps

Cyber Security, User Interface, and You - Deloitte CIO - WSJ

Ethical Hacking, Its relevance and Its Prospects

Pci Europe 2009 Underside Of The Compliance Ecosystem

APT & What we can do TODAY

The Need for DLP now - A Clearswift White Paper

Michael Hordych: Cybersecurity, Software Engineering & Supply Chain в Україні...

MT 117 Key Innovations in Cybersecurity

Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...

Identity & Access Management Day 2022.pdf

Information security management v2010

The Difference Between Being Secure And Being Compliant

Recently uploaded

Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1

Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665

AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁

Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131

Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany

Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083

VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0

AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12

VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13

Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls

Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4

VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0

VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya

Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceCall Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC

FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066

Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝9953056974 Low Rate Call Girls In Saket, Delhi NCR

Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC

Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh

Recently uploaded (20)

Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service

Call Girls South Delhi Delhi reach out to us at ☎ 9711199012

AlbaniaDreamin24 - How to easily use an API with Flows

Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$

Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...

Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call

VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room

AWS Community DAY Albertini-Ellan Cloud Security (1).pptx

VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room

Best VIP Call Girls Noida Sector 75 Call Me: 8448380779

Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata

VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room

VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...

Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...

Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance

'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...

FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607

Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝

Networking in the Penumbra presented by Geoff Huston at NZNOG

Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝

Security threats, challenges and best practices in ecommerce

1. Security Threats, Challenges and Best Practices in ecommerce Presented at CIO roundtable on Secure the breach ( New Delhi, India) 12th Aug 2015 By Dinesh Aggarwal VP-IT & CISO Payu Payments Pvt Ltd

2. What are the treats and challenges to ecommerce and online industry today ?

3. 1. New Vulnerabilities and zero days

9. Solution ??

10. 1.Patching How do I know when these latest patches and vulnerabilities comes

11. Regular scanning, at least once a quarter- Nessus

12. US-CERT

13. 2. Virtual patching

14.

15. Solution ??

16.  DDOS mitigation service from local service provider  In-house solution ??

17.

18.

19. More names ??

20.

21. Solution ??

22.  Application firewalls  Application penetration testing-in- house, outsourced. Detailed POC  Secure code review, secure SDLC  IDS/IPS

23. What do hackers get with all this hacking and what is their purpose??

24.

25.

26.

27.

28. More often than not, a Hacker's ultimate goal is Data theft. Ever wonder what does he/she do with the data? Experts say - Data theft can be for purposes of blackmail, espionage, economic gain and more. The data that is stolen can be financial data (such as credit card numbers, bank account credentials), personal data that can further be used for profit (SSN, DOB, etc.), credentials, private keys and passwords, medical records, intellectual property (source code, trade secrets, etc.), the list goes on

29. Can anyone of us claim that they are un hackable ?

30. Solution ??

31. Secure leak

32. We have got 2 friends

33. Encryption and hashing

34. How to achieve this and common mistakes

35.

36. In real world, key is kept securely not with treasure NO ?

37. Principle 1  Always keep key separate  Use hash wherever possible

38. Principle 2 Lock should open with 3/multiple keys  Multi administrator authentication for critical tasks

39. Principle 3 Key destroys itself if someone tries to steal it.  Use a key encryption box with in built Physical security.

40. Principle 4 Even treasure owner cannot see key and take out key with him but still use it  Key export disable  Key not visible from naked eyes