Startups Security
Download as PPT, PDF2 likes1,377 views
The document discusses security concerns for startups with web applications. It notes that web infection attacks and malware seeding on legitimate websites have increased significantly. Startups with user-generated content or that trust user inputs are vulnerable if developers do not understand vulnerabilities like SQL injection, cross-site scripting, and cross-site request forgery. The document recommends educating developers on secure coding practices, implementing security testing to cover the OWASP Top 10 vulnerabilities, and addressing website security as it makes good business sense and is necessary to maintain trust with online users.
![www.pcsafety.in [email_address] SS 14 th June 2008 Do Startups Need to Worry about Security ? Or Why Will Anyone Hack My Servers ?](https://image.slidesharecdn.com/startupssecurity-1213392204458269-8/85/Startups-Security-1-320.jpg)
![www.pcsafety.in [email_address] SS 14 th June 2008 Do Startups Need to Worry about Security ? YES, and here is why. Three recent headlines Web infection attacks more than 100,000 pages [ theregister.co.uk on 24 th April 2008 ] Drive-by download attack compromises 500,000 websites [ channelregister.co.uk on 13 th May 2008 ] Hackers 'seeding' legitimate websites. A 220% increase in Web-based malware [ vunet.com on 9th June 2008]](https://image.slidesharecdn.com/startupssecurity-1213392204458269-8/85/Startups-Security-2-320.jpg)
![www.pcsafety.in akash@pcsafety.in SS 14 th June 2008 Been working on Info Sec domain for the past 3 years. Worked with CDAC Bangalore securing their web and email servers. Bootstrapped End Point Security and IDS teams for StillSecure Flying Solo from 1 st of July to help companies with Info Security You have any questions about security come talk to me. So what is my angle ? Why am I telling you all this ? BLOG / WEBSITE www.pcsafety.in [email_address]](https://image.slidesharecdn.com/startupssecurity-1213392204458269-8/85/Startups-Security-7-320.jpg)
Startups Security
- 1. www.pcsafety.in [email_address] SS 14 th June 2008 Do Startups Need to Worry about Security ? Or Why Will Anyone Hack My Servers ?
- 2. www.pcsafety.in [email_address] SS 14 th June 2008 Do Startups Need to Worry about Security ? YES, and here is why. Three recent headlines Web infection attacks more than 100,000 pages [ theregister.co.uk on 24 th April 2008 ] Drive-by download attack compromises 500,000 websites [ channelregister.co.uk on 13 th May 2008 ] Hackers 'seeding' legitimate websites. A 220% increase in Web-based malware [ vunet.com on 9th June 2008]
- 3. www.pcsafety.in akash@pcsafety.in SS 14 th June 2008 But how is this relevant to my startup ? Do you have a web application as your interface to the end user? Are you letting your users add content to the web app ? Are you trusting your users to be always benign ? Would you want to serve malware unknowingly ? Do your developers understand XSS, CSRF & SQL injection ? Do Startups Need to Worry about Security ?
- 4. www.pcsafety.in akash@pcsafety.in SS 14 th June 2008 For bandwidth to host and serve malware. To add one line of extra code to download trojans. To use your site as a conduit while performing other attacks. Because on the web bad guys trade hosting space as currency. Because some script kiddie is learning how to do all this Why Will Anyone Hack My Servers ?
- 5. www.pcsafety.in akash@pcsafety.in SS 14 th June 2008 Educate developers to follow secure coding principals. Add security testing as an integral part of app testing. Making sure the testing covers OWASP Top 10 vulnerabilities. So what exactly can we do about this ?
- 6. www.pcsafety.in akash@pcsafety.in SS 14 th June 2008 But why, what is the point ? Loosing trust on line can be a death knell for a startup. Legally you are responsible for what is on your website. Keeping yourself secure makes good business sense anyway
- 7. www.pcsafety.in akash@pcsafety.in SS 14 th June 2008 Been working on Info Sec domain for the past 3 years. Worked with CDAC Bangalore securing their web and email servers. Bootstrapped End Point Security and IDS teams for StillSecure Flying Solo from 1 st of July to help companies with Info Security You have any questions about security come talk to me. So what is my angle ? Why am I telling you all this ? BLOG / WEBSITE www.pcsafety.in [email_address]