3. Security?
• Not for our budget now
• Not affected revenue
• We are not interesting for hackers
• No one had hacked us before
• Rocket science
• QA job
11. Typical cases
• Marketing site (almost static content)
• Cloud CRM
• Cloud mail
• Cloud dev (github/bitbucket private reps)
• And what about DNS?
• What about integration between it?
• What about client-side security?
13. Typical cases
• «These materials include a framework of
specifications, tools, measurements and
support resources to help organizations
ensure the safe handling of cardholder
information at every step»
• And what about other information?
• What about MY data/money?
• Nothing...
15. Typical cases
• On what basis did you choose the
platform?
• Is your platform have security guide?
• Are you read it?
• Do you all understand there?
• Whether your application can run on the
new version of the same?
16. A little from history
• HTTP - 1991 for links at science articles
• PHP - Personal Home Pages
• ...
17. Typical questions after
security audit
• Why so easy to hack us?
• Why this has not been done before?
• How do we know whether it's someone
did earlier?
18. What i can do now?
• Scan your addresses using nmap -p1-65535
• Add nmap scanning to QA tests
• Create «Security basics» page in your Wiki
• http://en.wikipedia.org/wiki/Crosssite_scripting
• http://en.wikipedia.org/wiki/Crosssite_request_forgery
• ...