Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security stories in online payment company

Avatar for Raden Ardiansyah Natakusumah Raden Ardiansyah Natakusumah
December 13, 2018
Technology
0
25

Security stories in online payment company

Avatar for Raden Ardiansyah Natakusumah

Raden Ardiansyah Natakusumah

December 13, 2018
Tweet

More Decks by Raden Ardiansyah Natakusumah

See All by Raden Ardiansyah Natakusumah
Bug Bounty: Do and Don’t
Avatar for Raden Ardiansyah Natakusumah rully
0
61
Protect your business with PCI DSS
Avatar for Raden Ardiansyah Natakusumah rully
0
39
Intrusion Prevention System based on Machine Learning
Avatar for Raden Ardiansyah Natakusumah rully
0
160
PCI DSS Security Awareness
Avatar for Raden Ardiansyah Natakusumah rully
0
160

Other Decks in Technology

See All in Technology
「どこから読む?」コードとカルチャーに最速で馴染むための実践ガイド
Avatar for ZOZO Developers zozotech
PRO
0
590
Evolución del razonamiento matemático de GPT-4.1 a GPT-5 - Data Aventura Summit 2025 & VSCode DevDays
Avatar for Lautaro Carro lauchacarro
0
220
なぜテストマネージャの視点が 必要なのか? 〜 一歩先へ進むために 〜
Avatar for Sammy(MoritaMasami) moritamasami
0
250
OCI Oracle Database Services新機能アップデート(2025/06-2025/08)
Avatar for oracle4engineer oracle4engineer
PRO
0
190
組織規模に応じたPlatform Engineeringの実践
Avatar for hacomono Inc. hacomono
PRO
0
110
データ分析エージェント Socrates の育て方
Avatar for na0 na0
9
3.4k
Oracle Base Database Service 技術詳細
Avatar for oracle4engineer oracle4engineer
PRO
10
75k
20250913_JAWS_sysad_kobe
Avatar for Takuya Yonezawa takuyay0ne
2
260
[ JAWS-UG 東京 CommunityBuilders Night #2 ]SlackとAmazon Q Developerで 運用効率化を模索する
Avatar for sh_fk2 sh_fk2
3
480
AWSを利用する上で知っておきたい名前解決のはなし(10分版)
Avatar for nagisa_53 nagisa53
10
3.3k
dbt開発 with Claude Codeのためのガードレール設計
Avatar for 10xinc 10xinc
3
1.4k
AIがコード書きすぎ問題にはAIで立ち向かえ
Avatar for jyoshise jyoshise
4
1.6k

Featured

See All Featured
Designing for Performance
Avatar for Lara Hogan lara
610
69k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
790
250k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
127
53k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
9
590
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
77
6k
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
268
13k
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
329
39k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
173
14k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
8
930
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
How to train your dragon (web standard)
Avatar for Monica Dinculescu notwaldorf
96
6.2k
BBQ
Avatar for Matthew Crist matthewcrist
89
9.8k

Transcript

  1. 13 December 2018 • Raden Ardiansyah Natakusumah • FintechNite •

    UnionSPACE, Jakarta Security stories in online payment company

  2. https://about.me/r_u_l_l_y

  3. Newbie

  4. 14.5 years

  5. None
  6. None
  7. None
  8. None
  9. None

  10. Registered Penetration Tester

  11. Practitioner Security Analyst

  12. None
  13. None

  14. The Story ….

  15. Online Payment Company

  16. Potential Employees

  17. Minimize the Risk

  18. Human Resource Department

  19. Background Checks

  20. Criminal Record

  21. Reference Checks

  22. Credit History

  23. 1st Day!

  24. Onboarding Process

  25. Security Awareness Training

  26. All New Hires

  27. Information Security Policy

  28. And Other Policies

  29. Developer

  30. Secure Coding Training

  31. Incident Response Team

  32. From various departments

  33. Incident Response Training

  34. See You Next Year!

  35. Time to work!

  36. Don’t forget …

  37. Use Badge

  38. Infra Team

  39. Review the Network Diagram

  40. Review the configuration

  41. Review the rules

  42. Update patches

  43. Support Team

  44. Anti Malware, Personal Firewall

  45. Change default credential, default configuration

  46. Asset inventory

  47. Dev Team

  48. Develop Secure Applications

  49. Secure Coding Guidelines

  50. OWASP, SANS CWE Top 25

  51. Security Team

  52. Security Code Review

  53. Vulnerability Assessment

  54. Penetration Testing

  55. Examine documents changes

  56. Business Justification? Tested? Approved?

  57. Monitoring

  58. Logs, Security Events

  59. At a time ….

  60. Incident occurred

  61. Incident Response Plan

  62. Roles, responsibilities, and communication

  63. Follow the procedure

  64. Post-incident investigation

  65. Business Team

  66. Business Needs

  67. External Entity

  68. Regulator

  69. Need compliance!

  70. None

  71. ISO 27001

  72. PCI DSS

  73. Not that hard

  74. Why?

  75. Focus

  76. Security

  77. Not Compliance

  78. Security

  79. ALL responsibility

  80. Security

  81. Business as Usual

  82. Questions?

  83. Lawrence Lessig method - 2005

  84. 84 LET’S GO.