roshansingh

I work in a startup. We have very limited knowledge of security. The only thing we have done to ensure safety of our infrastructure is to install firewall. We are planning to install openvpn and block ssh on all servers on public interface. We currently use key based ssh.

We have idea about XSS and SQL injection, so I think we can handle that.

How do you manage security at your startup? What are the best practices?

I know that security in itself is very big issue. But till we can hire a security guy, we need something to prevent naive attacks.