SlideShare a Scribd company logo

Secure development environment @ Meet Magento Croatia 2017

Anna Völkl
Anna Völkl

Software development can sometimes be a mess: live database dumps needed for testing lying around, development files being forgotten or accidentally transferred to the live environment, untested code being written and deployed in a hurry. It's easy to mess up and fail, often without noticing for a long time. In this talk we'll have a look at how to bullet-proof your development workflow. It covers best practices and tools which you should use in your daily work that will improve the overall security and also speed up software development. http://hr.meet-magento.com/en/speaker/anna-volkl/

Software
1 of 48
Download to read offline
Secure development workflow Best practises and tools to improve the overall security of your Magento shops Anna Völkl / @rescueAnn Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Anna Völkl ! Lead Magento Developer ! E-CONOMIX ! Wels, Linz / Austria @rescueAnn Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
http://bouk.co/blog/hacking-developers/ http://extractdata.club Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Who is responsible for security? "I didn't know it had to be secure..." Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Source: Zend - The State of PHP in 2017 Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Magento Security Best Practises ! https://magento.com/security ! Sign up for Magento security alerts • Be prepared Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Magento Security Best Practises ! https://magento.com/security ! Sign up for Magento security alerts • Be prepared • Patch early & • Use magereport.com Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Magento Security Best Practises ! https://magento.com/security ! Sign up for Magento security alerts • Be prepared • Patch early • Use magereport.com • Monitor for Signs of Attack Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Recommended Extensions I Passwords & Login ! Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Recommended Extensions I Passwords & Login • EW_NativePasswords Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Recommended Extensions I Passwords & Login • EW_NativePasswords • MageHackDay_TwoFactorAuth Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Recommended Extensions I Passwords & Login • EW_NativePasswords • MageHackDay_TwoFactorAuth • BranchLabs_AdminPasswordStrength Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Recommended Extensions I Passwords & Login • EW_NativePasswords • MageHackDay_TwoFactorAuth • BranchLabs_AdminPasswordStrength • Shopliebe_PasswordStrength Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Recommended Extensions I Passwords & Login • EW_NativePasswords • MageHackDay_TwoFactorAuth • BranchLabs_AdminPasswordStrength • Shopliebe_PasswordStrength • Ikonoshirt_Pbkdf2 Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Recommended Extensions II Configuration & Monitoring ! Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Recommended Extensions II Configuration & Monitoring • Ikonoshirt_StrictTransportSecurity Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Recommended Extensions II Configuration & Monitoring • Ikonoshirt_StrictTransportSecurity • ET_IpSecurity Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Recommended Extensions II Configuration & Monitoring • Ikonoshirt_StrictTransportSecurity • ET_IpSecurity • FireGento_AdminMonitoring Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Recommended Extensions II Configuration & Monitoring • Ikonoshirt_StrictTransportSecurity • ET_IpSecurity • FireGento_AdminMonitoring • Nexcessnet_Alarmbell Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Recommended Extensions II Configuration & Monitoring • Ikonoshirt_StrictTransportSecurity • ET_IpSecurity • FireGento_AdminMonitoring • Nexcessnet_Alarmbell • Mhauri_Slack / Moogento_SlackCommerce Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Recommended Extensions for M2 ! Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Recommended Extensions for M2 • creaminternet/module-secure-passwords Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Recommended Extensions for M2 • creaminternet/module-secure-passwords • Git Status Security Report Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Recommended Extensions for M2 • creaminternet/module-secure-passwords • Git Status Security Report • Xtento Two-Factor Authentication [paid] Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Recommended Extensions for M2 • creaminternet/module-secure-passwords • Git Status Security Report • Xtento Two-Factor Authentication [paid] • Admin Actions Log [paid] Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Who has access to your code? You. Your colleague. Your company. Your GitLab Server Server. An external developer. GitHub/Bitbucket Your CodeClimate Integration. Your build/deployment tools. Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Isolate Development from Production reduce unwanted errors, improve security Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Dev vs. Testing/ Staging vs. Production Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
No keys in your code, put them in settings files. Don't add the settings files (esp. production) into your repo. Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Database dumps I Because dumping big databases is boring Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Remove log data$ n98-magerun.phar db:dump --strip="@stripped" Available: @log, @dataflowtemp, @stripped See: n98-magerun Stripped Database Dumps Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Database dumps II Because you don't need thousands of orders, customers and logs in your dev-environment Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Remove sales and customer data $ n98-magerun.phar db:dump --strip="@development" Available: @log, @dataflowtemp, @stripped, @sales, @customers, @trade, @development See: n98-magerun Stripped Database Dumps Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Use an environment configuration tool Because accidentally using the wrong environment is embarrassing Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Environment Configuration • LimeSoda_EnvironmentConfiguration • n98-magerun Script • Cti_MagentoConfigurator • HarrisStreet ImpEx Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Code analysis • CodeClimate • SensioLabs Insight • Scrutinizer Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
GrumPHP A PHP code-quality tool • Tests running via git hooks • improve codebase • write better code following best practises • Extra packages like sensiolabs/ security-checker ! https://github.com/phpro/grumphp Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Security advisories https://github.com/FriendsOfPHP/security-advisories Checking for Vulnerabilities • Upload composer.lock to https://security.sensiolabs.org • Use web service (curl) • Use CLI tool php checker security:check composer.lock Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Magento Malware Scanner wget git.io/mwscan.txt grep -Erlf mwscan.txt /path/to/magento https://github.com/gwillem/magento-malware-scanner Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Magento Project Mess Detector https://github.com/AOEpeople/mpmd Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Admin password cracking Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
To do ! Read & apply Magento Security Best Practises ! Sign up for Magento security alerts ! Test & check your code and settings ! Follow @piotrekkaminski, @gwillem, @_Talesh, @pete_cags, @PeterJaap, @Fabian_ikono Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Hvala! Questions? @rescueAnn github.com/avoelkl Meet Magento Croatia 2017, Anna Völkl / @rescueAnn
Meet Magento Croatia 2017, Anna Völkl / @rescueAnn

Recommended

Magento Security Best Practises - MM17PL
Magento Security Best Practises - MM17PLMagento Security Best Practises - MM17PL
Magento Security Best Practises - MM17PLAnna Völkl
 
Magento Security Best Practises - MM17DE
Magento Security Best Practises - MM17DEMagento Security Best Practises - MM17DE
Magento Security Best Practises - MM17DEAnna Völkl
 
How to get maximum from Magento community
How to get maximum from Magento community How to get maximum from Magento community
How to get maximum from Magento community Vasyl Malanka
 
James jara portafolio
James jara portafolioJames jara portafolio
James jara portafolioJames Jara
 
Android Development - NOTE TAKING APP FROM SCRATCH
Android Development - NOTE TAKING APP FROM SCRATCHAndroid Development - NOTE TAKING APP FROM SCRATCH
Android Development - NOTE TAKING APP FROM SCRATCHKeith Levi Lumanog
 
Boite à outils du développeur : les indispensables
Boite à outils du développeur : les indispensablesBoite à outils du développeur : les indispensables
Boite à outils du développeur : les indispensablesMicrosoft
 
WordCamp London - Top Tools for WordPress SEO - To Use As Well As Yoast's Stuff
WordCamp London - Top Tools for WordPress SEO - To Use As Well As Yoast's StuffWordCamp London - Top Tools for WordPress SEO - To Use As Well As Yoast's Stuff
WordCamp London - Top Tools for WordPress SEO - To Use As Well As Yoast's StuffRhys Wynne
 
What is apache kafka
What is apache kafkaWhat is apache kafka
What is apache kafkaMinesh A. Jethva
 

Recommended

Magento Security Best Practises - MM17PL
Magento Security Best Practises - MM17PLMagento Security Best Practises - MM17PL
Magento Security Best Practises - MM17PLAnna Völkl
 
Magento Security Best Practises - MM17DE
Magento Security Best Practises - MM17DEMagento Security Best Practises - MM17DE
Magento Security Best Practises - MM17DEAnna Völkl
 
How to get maximum from Magento community
How to get maximum from Magento community How to get maximum from Magento community
How to get maximum from Magento community Vasyl Malanka
 
James jara portafolio
James jara portafolioJames jara portafolio
James jara portafolioJames Jara
 
Android Development - NOTE TAKING APP FROM SCRATCH
Android Development - NOTE TAKING APP FROM SCRATCHAndroid Development - NOTE TAKING APP FROM SCRATCH
Android Development - NOTE TAKING APP FROM SCRATCHKeith Levi Lumanog
 
Boite à outils du développeur : les indispensables
Boite à outils du développeur : les indispensablesBoite à outils du développeur : les indispensables
Boite à outils du développeur : les indispensablesMicrosoft
 
WordCamp London - Top Tools for WordPress SEO - To Use As Well As Yoast's Stuff
WordCamp London - Top Tools for WordPress SEO - To Use As Well As Yoast's StuffWordCamp London - Top Tools for WordPress SEO - To Use As Well As Yoast's Stuff
WordCamp London - Top Tools for WordPress SEO - To Use As Well As Yoast's StuffRhys Wynne
 
What is apache kafka
What is apache kafkaWhat is apache kafka
What is apache kafkaMinesh A. Jethva
 
Mancsas - 5 Top Tools for WordPress SEO in 2016
Mancsas - 5 Top Tools for WordPress SEO in 2016Mancsas - 5 Top Tools for WordPress SEO in 2016
Mancsas - 5 Top Tools for WordPress SEO in 2016Rhys Wynne
 
What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?Quick Heal Technologies Ltd.
 
Ransomwarever1
Ransomwarever1Ransomwarever1
Ransomwarever1quickheal_co_ir
 
PhoneGap 2014 & Beyond - PhoneGap Day EU 2015 (2015-05-18)
PhoneGap 2014 & Beyond - PhoneGap Day EU 2015 (2015-05-18)PhoneGap 2014 & Beyond - PhoneGap Day EU 2015 (2015-05-18)
PhoneGap 2014 & Beyond - PhoneGap Day EU 2015 (2015-05-18)mwbrooks
 
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer Çıtak
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer ÇıtakOWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer Çıtak
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer ÇıtakNetsparker Türkiye
 
How to Use Unbounce to Make a Landing Page
How to Use Unbounce to Make a Landing PageHow to Use Unbounce to Make a Landing Page
How to Use Unbounce to Make a Landing PageElizabeth Gesta
 
Measurement for success - #SASCON 2014
Measurement for success - #SASCON 2014Measurement for success - #SASCON 2014
Measurement for success - #SASCON 2014Neil Walker
 
Secure input and output handling - Mage Titans Manchester 2016
Secure input and output handling - Mage Titans Manchester 2016Secure input and output handling - Mage Titans Manchester 2016
Secure input and output handling - Mage Titans Manchester 2016Anna Völkl
 
Anomaly detection in real-time data streams using Heron
Anomaly detection in real-time data streams using HeronAnomaly detection in real-time data streams using Heron
Anomaly detection in real-time data streams using HeronArun Kejariwal
 
Diagnóstico SEO Técnico con Herramientas #TheInbounder
Diagnóstico SEO Técnico con Herramientas #TheInbounderDiagnóstico SEO Técnico con Herramientas #TheInbounder
Diagnóstico SEO Técnico con Herramientas #TheInbounderMJ Cachón Yáñez
 
B2B Marketing and The Power of Twitter
B2B Marketing and The Power of TwitterB2B Marketing and The Power of Twitter
B2B Marketing and The Power of TwitterSteve Yanor
 
10 Things You Didn’t Know About Mobile Email from Litmus & HubSpot
10 Things You Didn’t Know About Mobile Email from Litmus & HubSpot 10 Things You Didn’t Know About Mobile Email from Litmus & HubSpot
10 Things You Didn’t Know About Mobile Email from Litmus & HubSpotHubSpot
 
How to Earn the Attention of Today's Buyer
How to Earn the Attention of Today's BuyerHow to Earn the Attention of Today's Buyer
How to Earn the Attention of Today's BuyerHubSpot
 
25 Discovery Call Questions
25 Discovery Call Questions25 Discovery Call Questions
25 Discovery Call QuestionsHubSpot
 
Modern Prospecting Techniques for Connecting with Prospects (from Sales Hacke...
Modern Prospecting Techniques for Connecting with Prospects (from Sales Hacke...Modern Prospecting Techniques for Connecting with Prospects (from Sales Hacke...
Modern Prospecting Techniques for Connecting with Prospects (from Sales Hacke...HubSpot
 
How do you make things stick?
How do you make things stick?How do you make things stick?
How do you make things stick?Marlies van Dijk
 
Class 1: Email Marketing Certification course: Email Marketing and Your Business
Class 1: Email Marketing Certification course: Email Marketing and Your BusinessClass 1: Email Marketing Certification course: Email Marketing and Your Business
Class 1: Email Marketing Certification course: Email Marketing and Your BusinessHubSpot
 
Behind the Scenes: Launching HubSpot Tokyo
Behind the Scenes: Launching HubSpot TokyoBehind the Scenes: Launching HubSpot Tokyo
Behind the Scenes: Launching HubSpot TokyoHubSpot
 
HubSpot Diversity Data 2016
HubSpot Diversity Data 2016HubSpot Diversity Data 2016
HubSpot Diversity Data 2016HubSpot
 
Why People Block Ads (And What It Means for Marketers and Advertisers) [New R...
Why People Block Ads (And What It Means for Marketers and Advertisers) [New R...Why People Block Ads (And What It Means for Marketers and Advertisers) [New R...
Why People Block Ads (And What It Means for Marketers and Advertisers) [New R...HubSpot
 
What is Inbound Recruiting?
What is Inbound Recruiting?What is Inbound Recruiting?
What is Inbound Recruiting?HubSpot
 
3 Proven Sales Email Templates Used by Successful Companies
3 Proven Sales Email Templates Used by Successful Companies3 Proven Sales Email Templates Used by Successful Companies
3 Proven Sales Email Templates Used by Successful CompaniesHubSpot
 

More Related Content

What's hot

Mancsas - 5 Top Tools for WordPress SEO in 2016
Mancsas - 5 Top Tools for WordPress SEO in 2016Mancsas - 5 Top Tools for WordPress SEO in 2016
Mancsas - 5 Top Tools for WordPress SEO in 2016Rhys Wynne
 
PhoneGap 2014 & Beyond - PhoneGap Day EU 2015 (2015-05-18)
PhoneGap 2014 & Beyond - PhoneGap Day EU 2015 (2015-05-18)PhoneGap 2014 & Beyond - PhoneGap Day EU 2015 (2015-05-18)
PhoneGap 2014 & Beyond - PhoneGap Day EU 2015 (2015-05-18)mwbrooks
 
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer Çıtak
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer ÇıtakOWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer Çıtak
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer ÇıtakNetsparker Türkiye
 
How to Use Unbounce to Make a Landing Page
How to Use Unbounce to Make a Landing PageHow to Use Unbounce to Make a Landing Page
How to Use Unbounce to Make a Landing PageElizabeth Gesta
 
Measurement for success - #SASCON 2014
Measurement for success - #SASCON 2014Measurement for success - #SASCON 2014
Measurement for success - #SASCON 2014Neil Walker
 

What's hot (7)

Mancsas - 5 Top Tools for WordPress SEO in 2016
Mancsas - 5 Top Tools for WordPress SEO in 2016Mancsas - 5 Top Tools for WordPress SEO in 2016
Mancsas - 5 Top Tools for WordPress SEO in 2016
 
What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?
 
Ransomwarever1
Ransomwarever1Ransomwarever1
Ransomwarever1
 
PhoneGap 2014 & Beyond - PhoneGap Day EU 2015 (2015-05-18)
PhoneGap 2014 & Beyond - PhoneGap Day EU 2015 (2015-05-18)PhoneGap 2014 & Beyond - PhoneGap Day EU 2015 (2015-05-18)
PhoneGap 2014 & Beyond - PhoneGap Day EU 2015 (2015-05-18)
 
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer Çıtak
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer ÇıtakOWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer Çıtak
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer Çıtak
 
How to Use Unbounce to Make a Landing Page
How to Use Unbounce to Make a Landing PageHow to Use Unbounce to Make a Landing Page
How to Use Unbounce to Make a Landing Page
 
Measurement for success - #SASCON 2014
Measurement for success - #SASCON 2014Measurement for success - #SASCON 2014
Measurement for success - #SASCON 2014
 

Viewers also liked

Secure input and output handling - Mage Titans Manchester 2016
Secure input and output handling - Mage Titans Manchester 2016Secure input and output handling - Mage Titans Manchester 2016
Secure input and output handling - Mage Titans Manchester 2016Anna Völkl
 
Anomaly detection in real-time data streams using Heron
Anomaly detection in real-time data streams using HeronAnomaly detection in real-time data streams using Heron
Anomaly detection in real-time data streams using HeronArun Kejariwal
 
Diagnóstico SEO Técnico con Herramientas #TheInbounder
Diagnóstico SEO Técnico con Herramientas #TheInbounderDiagnóstico SEO Técnico con Herramientas #TheInbounder
Diagnóstico SEO Técnico con Herramientas #TheInbounderMJ Cachón Yáñez
 
B2B Marketing and The Power of Twitter
B2B Marketing and The Power of TwitterB2B Marketing and The Power of Twitter
B2B Marketing and The Power of TwitterSteve Yanor
 
10 Things You Didn’t Know About Mobile Email from Litmus & HubSpot
10 Things You Didn’t Know About Mobile Email from Litmus & HubSpot 10 Things You Didn’t Know About Mobile Email from Litmus & HubSpot
10 Things You Didn’t Know About Mobile Email from Litmus & HubSpotHubSpot
 
How to Earn the Attention of Today's Buyer
How to Earn the Attention of Today's BuyerHow to Earn the Attention of Today's Buyer
How to Earn the Attention of Today's BuyerHubSpot
 
25 Discovery Call Questions
25 Discovery Call Questions25 Discovery Call Questions
25 Discovery Call QuestionsHubSpot
 
Modern Prospecting Techniques for Connecting with Prospects (from Sales Hacke...
Modern Prospecting Techniques for Connecting with Prospects (from Sales Hacke...Modern Prospecting Techniques for Connecting with Prospects (from Sales Hacke...
Modern Prospecting Techniques for Connecting with Prospects (from Sales Hacke...HubSpot
 
How do you make things stick?
How do you make things stick?How do you make things stick?
How do you make things stick?Marlies van Dijk
 
Class 1: Email Marketing Certification course: Email Marketing and Your Business
Class 1: Email Marketing Certification course: Email Marketing and Your BusinessClass 1: Email Marketing Certification course: Email Marketing and Your Business
Class 1: Email Marketing Certification course: Email Marketing and Your BusinessHubSpot
 
Behind the Scenes: Launching HubSpot Tokyo
Behind the Scenes: Launching HubSpot TokyoBehind the Scenes: Launching HubSpot Tokyo
Behind the Scenes: Launching HubSpot TokyoHubSpot
 
HubSpot Diversity Data 2016
HubSpot Diversity Data 2016HubSpot Diversity Data 2016
HubSpot Diversity Data 2016HubSpot
 
Why People Block Ads (And What It Means for Marketers and Advertisers) [New R...
Why People Block Ads (And What It Means for Marketers and Advertisers) [New R...Why People Block Ads (And What It Means for Marketers and Advertisers) [New R...
Why People Block Ads (And What It Means for Marketers and Advertisers) [New R...HubSpot
 
What is Inbound Recruiting?
What is Inbound Recruiting?What is Inbound Recruiting?
What is Inbound Recruiting?HubSpot
 
3 Proven Sales Email Templates Used by Successful Companies
3 Proven Sales Email Templates Used by Successful Companies3 Proven Sales Email Templates Used by Successful Companies
3 Proven Sales Email Templates Used by Successful CompaniesHubSpot
 
Add the Women Back: Wikipedia Edit-a-Thon
Add the Women Back: Wikipedia Edit-a-ThonAdd the Women Back: Wikipedia Edit-a-Thon
Add the Women Back: Wikipedia Edit-a-ThonHubSpot
 
Fortune 1000 HR Leader Survey Results
Fortune 1000 HR Leader Survey ResultsFortune 1000 HR Leader Survey Results
Fortune 1000 HR Leader Survey ResultsChuck Solomon
 
Prins Amedeo officieel benoemd bij Gutzwiller bank
Prins Amedeo officieel benoemd bij Gutzwiller bankPrins Amedeo officieel benoemd bij Gutzwiller bank
Prins Amedeo officieel benoemd bij Gutzwiller bankThierry Debels
 

Viewers also liked (18)

Secure input and output handling - Mage Titans Manchester 2016
Secure input and output handling - Mage Titans Manchester 2016Secure input and output handling - Mage Titans Manchester 2016
Secure input and output handling - Mage Titans Manchester 2016
 
Anomaly detection in real-time data streams using Heron
Anomaly detection in real-time data streams using HeronAnomaly detection in real-time data streams using Heron
Anomaly detection in real-time data streams using Heron
 
Diagnóstico SEO Técnico con Herramientas #TheInbounder
Diagnóstico SEO Técnico con Herramientas #TheInbounderDiagnóstico SEO Técnico con Herramientas #TheInbounder
Diagnóstico SEO Técnico con Herramientas #TheInbounder
 
B2B Marketing and The Power of Twitter
B2B Marketing and The Power of TwitterB2B Marketing and The Power of Twitter
B2B Marketing and The Power of Twitter
 
10 Things You Didn’t Know About Mobile Email from Litmus & HubSpot
10 Things You Didn’t Know About Mobile Email from Litmus & HubSpot 10 Things You Didn’t Know About Mobile Email from Litmus & HubSpot
10 Things You Didn’t Know About Mobile Email from Litmus & HubSpot
 
How to Earn the Attention of Today's Buyer
How to Earn the Attention of Today's BuyerHow to Earn the Attention of Today's Buyer
How to Earn the Attention of Today's Buyer
 
25 Discovery Call Questions
25 Discovery Call Questions25 Discovery Call Questions
25 Discovery Call Questions
 
Modern Prospecting Techniques for Connecting with Prospects (from Sales Hacke...
Modern Prospecting Techniques for Connecting with Prospects (from Sales Hacke...Modern Prospecting Techniques for Connecting with Prospects (from Sales Hacke...
Modern Prospecting Techniques for Connecting with Prospects (from Sales Hacke...
 
How do you make things stick?
How do you make things stick?How do you make things stick?
How do you make things stick?
 
Class 1: Email Marketing Certification course: Email Marketing and Your Business
Class 1: Email Marketing Certification course: Email Marketing and Your BusinessClass 1: Email Marketing Certification course: Email Marketing and Your Business
Class 1: Email Marketing Certification course: Email Marketing and Your Business
 
Behind the Scenes: Launching HubSpot Tokyo
Behind the Scenes: Launching HubSpot TokyoBehind the Scenes: Launching HubSpot Tokyo
Behind the Scenes: Launching HubSpot Tokyo
 
HubSpot Diversity Data 2016
HubSpot Diversity Data 2016HubSpot Diversity Data 2016
HubSpot Diversity Data 2016
 
Why People Block Ads (And What It Means for Marketers and Advertisers) [New R...
Why People Block Ads (And What It Means for Marketers and Advertisers) [New R...Why People Block Ads (And What It Means for Marketers and Advertisers) [New R...
Why People Block Ads (And What It Means for Marketers and Advertisers) [New R...
 
What is Inbound Recruiting?
What is Inbound Recruiting?What is Inbound Recruiting?
What is Inbound Recruiting?
 
3 Proven Sales Email Templates Used by Successful Companies
3 Proven Sales Email Templates Used by Successful Companies3 Proven Sales Email Templates Used by Successful Companies
3 Proven Sales Email Templates Used by Successful Companies
 
Add the Women Back: Wikipedia Edit-a-Thon
Add the Women Back: Wikipedia Edit-a-ThonAdd the Women Back: Wikipedia Edit-a-Thon
Add the Women Back: Wikipedia Edit-a-Thon
 
Fortune 1000 HR Leader Survey Results
Fortune 1000 HR Leader Survey ResultsFortune 1000 HR Leader Survey Results
Fortune 1000 HR Leader Survey Results
 
Prins Amedeo officieel benoemd bij Gutzwiller bank
Prins Amedeo officieel benoemd bij Gutzwiller bankPrins Amedeo officieel benoemd bij Gutzwiller bank
Prins Amedeo officieel benoemd bij Gutzwiller bank
 

Similar to Secure development environment @ Meet Magento Croatia 2017

Secure input and output handling - Meet Magento Romania 2016
Secure input and output handling - Meet Magento Romania 2016Secure input and output handling - Meet Magento Romania 2016
Secure input and output handling - Meet Magento Romania 2016Anna Völkl
 
Let's Make Pentesting Fun Again! Report writing in 5 minutes.
Let's Make Pentesting Fun Again! Report writing in 5 minutes.Let's Make Pentesting Fun Again! Report writing in 5 minutes.
Let's Make Pentesting Fun Again! Report writing in 5 minutes.DefCamp
 
Mli 2017 technical first steps to building secure Magento extensions
Mli 2017 technical first steps to building secure Magento extensionsMli 2017 technical first steps to building secure Magento extensions
Mli 2017 technical first steps to building secure Magento extensionsHanoi MagentoMeetup
 
APIDays Australia - Openresty for scale
APIDays Australia - Openresty for scaleAPIDays Australia - Openresty for scale
APIDays Australia - Openresty for scaleSteven Cooper
 
Andrea Zwirner - Magento security and hardening strategies
Andrea Zwirner - Magento security and hardening strategiesAndrea Zwirner - Magento security and hardening strategies
Andrea Zwirner - Magento security and hardening strategiesMeet Magento Italy
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can youShakacon
 
SOS UiComponents
SOS UiComponentsSOS UiComponents
SOS UiComponentsvinaikopp
 
Testing Magento 2
Testing Magento 2Testing Magento 2
Testing Magento 2vinaikopp
 
Meaningful Data - Best Internet Conference 2015 (Lithuania)
Meaningful Data - Best Internet Conference 2015 (Lithuania)Meaningful Data - Best Internet Conference 2015 (Lithuania)
Meaningful Data - Best Internet Conference 2015 (Lithuania)Simo Ahava
 
Hire Magento 2 developer India, Call us for more
Hire Magento 2 developer India, Call us for more Hire Magento 2 developer India, Call us for more
Hire Magento 2 developer India, Call us for more AResourcePool
 
Lessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric ArchitectureLessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric ArchitectureWSO2
 
6 track kinect@Bicocca - iniziative
6 track kinect@Bicocca - iniziative6 track kinect@Bicocca - iniziative
6 track kinect@Bicocca - iniziativeMatteo Valoriani
 
Extension Submission to Marketplace
Extension Submission to MarketplaceExtension Submission to Marketplace
Extension Submission to MarketplaceWagento Kangiya
 
Penetration testing as an internal audit activity
Penetration testing as an internal audit activityPenetration testing as an internal audit activity
Penetration testing as an internal audit activityTranscendent Group
 
My Application is Slow | Best Practices for Troubleshooting and Prevention
My Application is Slow | Best Practices for Troubleshooting and PreventionMy Application is Slow | Best Practices for Troubleshooting and Prevention
My Application is Slow | Best Practices for Troubleshooting and PreventioneG Innovations
 
JAZOON'13 - Stefan Saasen - True Git: The Great Migration
JAZOON'13 - Stefan Saasen - True Git: The Great MigrationJAZOON'13 - Stefan Saasen - True Git: The Great Migration
JAZOON'13 - Stefan Saasen - True Git: The Great Migrationjazoon13
 
Apidays Paris 2023 - Kafka in Event-Driven Architectures, Hassane Moustapha, ...
Apidays Paris 2023 - Kafka in Event-Driven Architectures, Hassane Moustapha, ...Apidays Paris 2023 - Kafka in Event-Driven Architectures, Hassane Moustapha, ...
Apidays Paris 2023 - Kafka in Event-Driven Architectures, Hassane Moustapha, ...apidays
 
OSMC 2018 | Monitor your application performances using InspectIT APM by Alai...
OSMC 2018 | Monitor your application performances using InspectIT APM by Alai...OSMC 2018 | Monitor your application performances using InspectIT APM by Alai...
OSMC 2018 | Monitor your application performances using InspectIT APM by Alai...NETWAYS
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101 Wade Malone
 
How to migrate data from Marketpress to Magento by LitExtension
How to migrate data from Marketpress to Magento by LitExtensionHow to migrate data from Marketpress to Magento by LitExtension
How to migrate data from Marketpress to Magento by LitExtensionLitExtension
 

Similar to Secure development environment @ Meet Magento Croatia 2017 (20)

Secure input and output handling - Meet Magento Romania 2016
Secure input and output handling - Meet Magento Romania 2016Secure input and output handling - Meet Magento Romania 2016
Secure input and output handling - Meet Magento Romania 2016
 
Let's Make Pentesting Fun Again! Report writing in 5 minutes.
Let's Make Pentesting Fun Again! Report writing in 5 minutes.Let's Make Pentesting Fun Again! Report writing in 5 minutes.
Let's Make Pentesting Fun Again! Report writing in 5 minutes.
 
Mli 2017 technical first steps to building secure Magento extensions
Mli 2017 technical first steps to building secure Magento extensionsMli 2017 technical first steps to building secure Magento extensions
Mli 2017 technical first steps to building secure Magento extensions
 
APIDays Australia - Openresty for scale
APIDays Australia - Openresty for scaleAPIDays Australia - Openresty for scale
APIDays Australia - Openresty for scale
 
Andrea Zwirner - Magento security and hardening strategies
Andrea Zwirner - Magento security and hardening strategiesAndrea Zwirner - Magento security and hardening strategies
Andrea Zwirner - Magento security and hardening strategies
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can you
 
SOS UiComponents
SOS UiComponentsSOS UiComponents
SOS UiComponents
 
Testing Magento 2
Testing Magento 2Testing Magento 2
Testing Magento 2
 
Meaningful Data - Best Internet Conference 2015 (Lithuania)
Meaningful Data - Best Internet Conference 2015 (Lithuania)Meaningful Data - Best Internet Conference 2015 (Lithuania)
Meaningful Data - Best Internet Conference 2015 (Lithuania)
 
Hire Magento 2 developer India, Call us for more
Hire Magento 2 developer India, Call us for more Hire Magento 2 developer India, Call us for more
Hire Magento 2 developer India, Call us for more
 
Lessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric ArchitectureLessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric Architecture
 
6 track kinect@Bicocca - iniziative
6 track kinect@Bicocca - iniziative6 track kinect@Bicocca - iniziative
6 track kinect@Bicocca - iniziative
 
Extension Submission to Marketplace
Extension Submission to MarketplaceExtension Submission to Marketplace
Extension Submission to Marketplace
 
Penetration testing as an internal audit activity
Penetration testing as an internal audit activityPenetration testing as an internal audit activity
Penetration testing as an internal audit activity
 
My Application is Slow | Best Practices for Troubleshooting and Prevention
My Application is Slow | Best Practices for Troubleshooting and PreventionMy Application is Slow | Best Practices for Troubleshooting and Prevention
My Application is Slow | Best Practices for Troubleshooting and Prevention
 
JAZOON'13 - Stefan Saasen - True Git: The Great Migration
JAZOON'13 - Stefan Saasen - True Git: The Great MigrationJAZOON'13 - Stefan Saasen - True Git: The Great Migration
JAZOON'13 - Stefan Saasen - True Git: The Great Migration
 
Apidays Paris 2023 - Kafka in Event-Driven Architectures, Hassane Moustapha, ...
Apidays Paris 2023 - Kafka in Event-Driven Architectures, Hassane Moustapha, ...Apidays Paris 2023 - Kafka in Event-Driven Architectures, Hassane Moustapha, ...
Apidays Paris 2023 - Kafka in Event-Driven Architectures, Hassane Moustapha, ...
 
OSMC 2018 | Monitor your application performances using InspectIT APM by Alai...
OSMC 2018 | Monitor your application performances using InspectIT APM by Alai...OSMC 2018 | Monitor your application performances using InspectIT APM by Alai...
OSMC 2018 | Monitor your application performances using InspectIT APM by Alai...
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101
 
How to migrate data from Marketpress to Magento by LitExtension
How to migrate data from Marketpress to Magento by LitExtensionHow to migrate data from Marketpress to Magento by LitExtension
How to migrate data from Marketpress to Magento by LitExtension
 

Recently uploaded

Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 

Recently uploaded (20)

Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 

Secure development environment @ Meet Magento Croatia 2017