At Wingify, we recently began an initiative by the name Engineering Talkies where our engineering teams share their experiences, repertoire of best practices, and learnings. Think of it as a knowledge sharing session between people within and across teams.

The last talk was about Web Application Security where I spoke about the best practices to follow for tightening the security of our web applications.

It started with a little introduction to my infosec journey and how companies deal with security researchers. Along the way I also touched upon why startups, specifically, should care about security.

Information Security is not just about following some best practices checklist, it’s all about lateral thinking.

We explored OWASP’s Top 10 Vulnerabilities considering possible attacks and techniques to shore up our defense against them. Next we went through some real world examples of common security threats and how the risks can be mitigated and flaws addressed.

In my preparation for the talk, I had conducted an internal security audit of our product application and the security measures we have put in place for VWO that should be followed for other products under the Wingify umbrella. Yes, we are coming up with some cool new products other than VWO, the beloved A/B Testing Tool, Stay tuned.

Slides from the talk on security at Wingify Engineering Talkies:

It’s very useful for companies to perform internal security audits and today we understand a little better about why we sometimes need to slow down feature development and clean up a bit.

We take security very seriously at Wingify. If you find any security vulnerability, please report it to security@wingify.com. We will respond as quickly as we can to any security issues identified.