Security threats, challenges and best practices in ecommerce
?
3 likes?507 views
This document summarizes security threats, challenges, and best practices for ecommerce. It discusses 1) new vulnerabilities and zero-day exploits, mitigated through patching and virtual patching. 2) DDoS attacks, addressed through mitigation services or in-house solutions. 3) the goals of hackers, which are often data theft for purposes like blackmail, espionage, or economic gain. It also outlines principles for achieving encryption and hashing, such as keeping keys separate, using multiple authentication, designing keys to self-destruct if stolen, and restricting key export and visibility. The overall message is on the importance of mitigation strategies like patching, firewalls, and encryption to help secure systems from online threats.
Security threats, challenges and best practices in ecommerce
- 1. Security Threats, Challenges and Best Practices in ecommerce Presented at CIO roundtable on Secure the breach ( New Delhi, India) 12th Aug 2015 By Dinesh Aggarwal VP-IT & CISO Payu Payments Pvt Ltd
- 2. What are the treats and challenges to ecommerce and online industry today ?
- 3. 1. New Vulnerabilities and zero days
- 9. Solution ??
- 10. 1.Patching How do I know when these latest patches and vulnerabilities comes
- 11. Regular scanning, at least once a quarter- Nessus
- 12. US-CERT
- 15. Solution ??
- 16. ? DDOS mitigation service from local service provider ? In-house solution ??
- 19. More names ??
- 21. Solution ??
- 22. ? Application firewalls ? Application penetration testing-in- house, outsourced. Detailed POC ? Secure code review, secure SDLC ? IDS/IPS
- 23. What do hackers get with all this hacking and what is their purpose??
- 28. More often than not, a Hacker's ultimate goal is Data theft. Ever wonder what does he/she do with the data? Experts say - Data theft can be for purposes of blackmail, espionage, economic gain and more. The data that is stolen can be financial data (such as credit card numbers, bank account credentials), personal data that can further be used for profit (SSN, DOB, etc.), credentials, private keys and passwords, medical records, intellectual property (source code, trade secrets, etc.), the list goes on
- 29. Can anyone of us claim that they are un hackable ?
- 30. Solution ??
- 31. Secure leak
- 32. We have got 2 friends
- 34. How to achieve this and common mistakes
- 36. In real world, key is kept securely not with treasure NO ?
- 37. Principle 1 ? Always keep key separate ? Use hash wherever possible
- 38. Principle 2 Lock should open with 3/multiple keys ? Multi administrator authentication for critical tasks
- 39. Principle 3 Key destroys itself if someone tries to steal it. ? Use a key encryption box with in built Physical security.
- 40. Principle 4 Even treasure owner cannot see key and take out key with him but still use it ? Key export disable ? Key not visible from naked eyes
- 41. Result ???
- 42. Secure leak