Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security stories in online payment company

Avatar for Raden Ardiansyah Natakusumah Raden Ardiansyah Natakusumah
December 13, 2018
Technology
0
25

Security stories in online payment company

Avatar for Raden Ardiansyah Natakusumah

Raden Ardiansyah Natakusumah

December 13, 2018
Tweet

More Decks by Raden Ardiansyah Natakusumah

See All by Raden Ardiansyah Natakusumah
Bug Bounty: Do and Don’t
Avatar for Raden Ardiansyah Natakusumah rully
0
61
Protect your business with PCI DSS
Avatar for Raden Ardiansyah Natakusumah rully
0
39
Intrusion Prevention System based on Machine Learning
Avatar for Raden Ardiansyah Natakusumah rully
0
160
PCI DSS Security Awareness
Avatar for Raden Ardiansyah Natakusumah rully
0
160

Other Decks in Technology

See All in Technology
Amplify Gen2から知るAWS CDK Toolkit Libraryの使い方/How to use the AWS CDK Toolkit Library as known from Amplify Gen2
Avatar for MURAKAMI Masahiko fossamagna
1
360
Microsoft Defender XDRで疲弊しないためのインシデント対応
Avatar for Kunii, Suguru sophiakunii
2
330
本当にわかりやすいAIエージェント入門
Avatar for segavvy segavvy
5
3.1k
第64回コンピュータビジョン勉強会「The PanAf-FGBG Dataset: Understanding the Impact of Backgrounds in Wildlife Behaviour Recognition」
Avatar for Tatsuya Suzuki x_ttyszk
0
250
Deep Security Conference 2025:生成AI時代のセキュリティ監視 /dsc2025-genai-secmon
Avatar for Masayoshi Mizutani mizutani
4
3.1k
アクセスピークを制するオートスケール再設計: 障害を乗り越えKEDAで実現したリソース管理の最適化
Avatar for M-Yamashita myamashii
1
720
OpenTelemetryセマンティック規約の恩恵とMackerel APMにおける活用例 / SRE NEXT 2025
Avatar for mackerelio mackerelio
3
2k
サービスを止めるな! DDoS攻撃へのスマートな備えと最前線の事例
Avatar for coconala_engineer coconala_engineer
1
190
衛星運用をソフトウェアエンジニアに依頼したときにできあがるもの
Avatar for Takahiro Miyoshi sankichi92
1
1.1k
今だから言えるセキュリティLT_Wordpress5.7.2未満を一斉アップデートせよ
Avatar for CUEBiC Inc. cuebic9bic
2
170
CDKコード品質UP!ナイスな自作コンストラクタを作るための便利インターフェース
Avatar for Haruka Sakihara harukasakihara
2
240
ロールが細分化された組織でSREは何をするか?
Avatar for norimichi.osanai tgidgd
1
440

Featured

See All Featured
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
367
19k
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
29
2.7k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
7
520
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
184
22k
Done Done
Avatar for chrislema chrislema
184
16k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
278
23k
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
189
11k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.3k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
379
70k
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
329
21k
The Language of Interfaces
Avatar for Des Traynor destraynor
158
25k
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
351
21k

Transcript

  1. 13 December 2018 • Raden Ardiansyah Natakusumah • FintechNite •

    UnionSPACE, Jakarta Security stories in online payment company

  2. https://about.me/r_u_l_l_y

  3. Newbie

  4. 14.5 years

  5. None
  6. None
  7. None
  8. None
  9. None

  10. Registered Penetration Tester

  11. Practitioner Security Analyst

  12. None
  13. None

  14. The Story ….

  15. Online Payment Company

  16. Potential Employees

  17. Minimize the Risk

  18. Human Resource Department

  19. Background Checks

  20. Criminal Record

  21. Reference Checks

  22. Credit History

  23. 1st Day!

  24. Onboarding Process

  25. Security Awareness Training

  26. All New Hires

  27. Information Security Policy

  28. And Other Policies

  29. Developer

  30. Secure Coding Training

  31. Incident Response Team

  32. From various departments

  33. Incident Response Training

  34. See You Next Year!

  35. Time to work!

  36. Don’t forget …

  37. Use Badge

  38. Infra Team

  39. Review the Network Diagram

  40. Review the configuration

  41. Review the rules

  42. Update patches

  43. Support Team

  44. Anti Malware, Personal Firewall

  45. Change default credential, default configuration

  46. Asset inventory

  47. Dev Team

  48. Develop Secure Applications

  49. Secure Coding Guidelines

  50. OWASP, SANS CWE Top 25

  51. Security Team

  52. Security Code Review

  53. Vulnerability Assessment

  54. Penetration Testing

  55. Examine documents changes

  56. Business Justification? Tested? Approved?

  57. Monitoring

  58. Logs, Security Events

  59. At a time ….

  60. Incident occurred

  61. Incident Response Plan

  62. Roles, responsibilities, and communication

  63. Follow the procedure

  64. Post-incident investigation

  65. Business Team

  66. Business Needs

  67. External Entity

  68. Regulator

  69. Need compliance!

  70. None

  71. ISO 27001

  72. PCI DSS

  73. Not that hard

  74. Why?

  75. Focus

  76. Security

  77. Not Compliance

  78. Security

  79. ALL responsibility

  80. Security

  81. Business as Usual

  82. Questions?

  83. Lawrence Lessig method - 2005

  84. 84 LET’S GO.