I’m Mattias and have worked in IT for a long time. First computer IBM x286 with their WebOS. Well, I was able to open it up and remove a ROM. And then I could install windows95.

Unwilling end up in Sec

I started working on a payment company and during the first weeks

Did you read IT-Security at University? We have this PCI DSS coming up if you can have a look

From that day and many years, I a works securing our PCI DSS system.

Time make you think

In the beginning, it was many o this is important, and let’s block here and make a checkbox of an approval. But over time I moved more to security that is there watching and then reacts when it’s needed. So instead of bringing up that hard wall and putting all energy building that wall with a firewall and more install tools that look over the apps and react when it sees change. A new outgoing request to a new endpoint will trigger an alert for me.


I had the same issues with the scanner and I remember one day when a talked with some security professional that urged that we had DELETE options open on our REST endpoint and that was a problem because you can delete files from the server with that. I said that well we have PUT and GET also open and then started thinking there must be a better way …


Samma is not a replacement for big scanners but can be good start scannings your apps. And with that finding security problems early and fixing them early.

Im here

Mattias Hemmingsson