Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security stories in online payment company
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Raden Ardiansyah Natakusumah
December 13, 2018
Technology
0
26
Security stories in online payment company
Raden Ardiansyah Natakusumah
December 13, 2018
Tweet
Share
More Decks by Raden Ardiansyah Natakusumah
See All by Raden Ardiansyah Natakusumah
Bug Bounty: Do and Don’t
rully
0
62
Protect your business with PCI DSS
rully
0
42
Intrusion Prevention System based on Machine Learning
rully
0
160
PCI DSS Security Awareness
rully
0
160
Other Decks in Technology
See All in Technology
SchooでVue.js/Nuxtを技術選定している理由
yamanoku
3
190
OpenShiftでllm-dを動かそう!
jpishikawa
0
140
~Everything as Codeを諦めない~ 後からCDK
mu7889yoon
3
480
Oracle AI Database移行・アップグレード勉強会 - RAT活用編
oracle4engineer
PRO
0
110
OWASP Top 10:2025 リリースと 少しの日本語化にまつわる裏話
okdt
PRO
3
840
We Built for Predictability; The Workloads Didn’t Care
stahnma
0
150
2026年、サーバーレスの現在地 -「制約と戦う技術」から「当たり前の実行基盤」へ- /serverless2026
slsops
2
260
Embedded SREの終わりを設計する 「なんとなく」から計画的な自立支援へ
sansantech
PRO
3
2.6k
コンテナセキュリティの最新事情 ~ 2026年版 ~
kyohmizu
6
1.3k
SREが向き合う大規模リアーキテクチャ 〜信頼性とアジリティの両立〜
zepprix
0
480
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
10k
Cosmos World Foundation Model Platform for Physical AI
takmin
0
970
Featured
See All Featured
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
130k
Ethics towards AI in product and experience design
skipperchong
2
200
What does AI have to do with Human Rights?
axbom
PRO
0
2k
Test your architecture with Archunit
thirion
1
2.2k
Abbi's Birthday
coloredviolet
1
4.8k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
49
9.9k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
270
Digital Ethics as a Driver of Design Innovation
axbom
PRO
1
190
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
1.9k
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
740
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
1
100
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
120
Transcript
13 December 2018 • Raden Ardiansyah Natakusumah • FintechNite •
UnionSPACE, Jakarta Security stories in online payment company
https://about.me/r_u_l_l_y
Newbie
14.5 years
None
None
None
None
None
Registered Penetration Tester
Practitioner Security Analyst
None
None
The Story ….
Online Payment Company
Potential Employees
Minimize the Risk
Human Resource Department
Background Checks
Criminal Record
Reference Checks
Credit History
1st Day!
Onboarding Process
Security Awareness Training
All New Hires
Information Security Policy
And Other Policies
Developer
Secure Coding Training
Incident Response Team
From various departments
Incident Response Training
See You Next Year!
Time to work!
Don’t forget …
Use Badge
Infra Team
Review the Network Diagram
Review the configuration
Review the rules
Update patches
Support Team
Anti Malware, Personal Firewall
Change default credential, default configuration
Asset inventory
Dev Team
Develop Secure Applications
Secure Coding Guidelines
OWASP, SANS CWE Top 25
Security Team
Security Code Review
Vulnerability Assessment
Penetration Testing
Examine documents changes
Business Justification? Tested? Approved?
Monitoring
Logs, Security Events
At a time ….
Incident occurred
Incident Response Plan
Roles, responsibilities, and communication
Follow the procedure
Post-incident investigation
Business Team
Business Needs
External Entity
Regulator
Need compliance!
None
ISO 27001
PCI DSS
Not that hard
Why?
Focus
Security
Not Compliance
Security
ALL responsibility
Security
Business as Usual
Questions?
Lawrence Lessig method - 2005
84 LET’S GO.