Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security stories in online payment company

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for Raden Ardiansyah Natakusumah Raden Ardiansyah Natakusumah
December 13, 2018
Technology
0
26

Security stories in online payment company

Avatar for Raden Ardiansyah Natakusumah

Raden Ardiansyah Natakusumah

December 13, 2018
Tweet

More Decks by Raden Ardiansyah Natakusumah

See All by Raden Ardiansyah Natakusumah
Bug Bounty: Do and Don’t
Avatar for Raden Ardiansyah Natakusumah rully
0
62
Protect your business with PCI DSS
Avatar for Raden Ardiansyah Natakusumah rully
0
42
Intrusion Prevention System based on Machine Learning
Avatar for Raden Ardiansyah Natakusumah rully
0
160
PCI DSS Security Awareness
Avatar for Raden Ardiansyah Natakusumah rully
0
160

Other Decks in Technology

See All in Technology
SchooでVue.js/Nuxtを技術選定している理由
Avatar for Okuto Oyama yamanoku
3
190
OpenShiftでllm-dを動かそう!
Avatar for jpishikawa jpishikawa
0
140
~Everything as Codeを諦めない~ 後からCDK
Avatar for mu7889yoon / Yuta Nakamura mu7889yoon
3
480
Oracle AI Database 移行・アップグレード勉強会 - RAT活用編
Avatar for oracle4engineer oracle4engineer
PRO
0
110
OWASP Top 10:2025 リリースと 少しの日本語化にまつわる裏話
Avatar for Riotaro OKADA okdt
PRO
3
840
We Built for Predictability; The Workloads Didn’t Care
Avatar for Michael Stahnke stahnma
0
150
2026年、サーバーレスの現在地 -「制約と戦う技術」から「当たり前の実行基盤」へ- /serverless2026
Avatar for Serverless Operations slsops
2
260
Embedded SREの終わりを設計する 「なんとなく」から計画的な自立支援へ
Avatar for SansanTech sansantech
PRO
3
2.6k
コンテナセキュリティの最新事情 ~ 2026年版 ~
Avatar for Kyohei Mizumoto kyohmizu
6
1.3k
SREが向き合う大規模リアーキテクチャ 〜信頼性とアジリティの両立〜
Avatar for Kuniaki Moriya zepprix
0
480
フルカイテン株式会社 エンジニア向け採用資料
Avatar for FULL KAITEN fullkaiten
0
10k
Cosmos World Foundation Model Platform for Physical AI
Avatar for Takuya MINAGAWA takmin
0
970

Featured

See All Featured
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
666
130k
Ethics towards AI in product and experience design
Avatar for Skipper Chong Warson skipperchong
2
200
What does AI have to do with Human Rights?
Avatar for Per Axbom axbom
PRO
0
2k
Test your architecture with Archunit
Avatar for Yoan thirion
1
2.2k
Abbi's Birthday
Avatar for Violet Bock coloredviolet
1
4.8k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
Avatar for mongodb mongodb
49
9.9k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
Avatar for Akash Hashmi akashhashmi
0
270
Digital Ethics as a Driver of Design Innovation
Avatar for Per Axbom axbom
PRO
1
190
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
Avatar for Aleyda Solis aleyda
1
1.9k
The Impact of AI in SEO - AI Overviews June 2024 Edition
Avatar for Aleyda Solis aleyda
5
740
svc-hook: hooking system calls on ARM64 by binary rewriting
Avatar for Akira Moroo retrage
1
100
Lightning talk: Run Django tests with GitHub Actions
Avatar for Sarah Abderemane sabderemane
0
120

Transcript

  1. 13 December 2018 • Raden Ardiansyah Natakusumah • FintechNite •

    UnionSPACE, Jakarta Security stories in online payment company

  2. https://about.me/r_u_l_l_y

  3. Newbie

  4. 14.5 years

  5. None
  6. None
  7. None
  8. None
  9. None

  10. Registered Penetration Tester

  11. Practitioner Security Analyst

  12. None
  13. None

  14. The Story ….

  15. Online Payment Company

  16. Potential Employees

  17. Minimize the Risk

  18. Human Resource Department

  19. Background Checks

  20. Criminal Record

  21. Reference Checks

  22. Credit History

  23. 1st Day!

  24. Onboarding Process

  25. Security Awareness Training

  26. All New Hires

  27. Information Security Policy

  28. And Other Policies

  29. Developer

  30. Secure Coding Training

  31. Incident Response Team

  32. From various departments

  33. Incident Response Training

  34. See You Next Year!

  35. Time to work!

  36. Don’t forget …

  37. Use Badge

  38. Infra Team

  39. Review the Network Diagram

  40. Review the configuration

  41. Review the rules

  42. Update patches

  43. Support Team

  44. Anti Malware, Personal Firewall

  45. Change default credential, default configuration

  46. Asset inventory

  47. Dev Team

  48. Develop Secure Applications

  49. Secure Coding Guidelines

  50. OWASP, SANS CWE Top 25

  51. Security Team

  52. Security Code Review

  53. Vulnerability Assessment

  54. Penetration Testing

  55. Examine documents changes

  56. Business Justification? Tested? Approved?

  57. Monitoring

  58. Logs, Security Events

  59. At a time ….

  60. Incident occurred

  61. Incident Response Plan

  62. Roles, responsibilities, and communication

  63. Follow the procedure

  64. Post-incident investigation

  65. Business Team

  66. Business Needs

  67. External Entity

  68. Regulator

  69. Need compliance!

  70. None

  71. ISO 27001

  72. PCI DSS

  73. Not that hard

  74. Why?

  75. Focus

  76. Security

  77. Not Compliance

  78. Security

  79. ALL responsibility

  80. Security

  81. Business as Usual

  82. Questions?

  83. Lawrence Lessig method - 2005

  84. 84 LET’S GO.