Date post: | 07-Nov-2014 |
Category: |
Technology |
Upload: | tyler-browning |
View: | 233 times |
Download: | 3 times |
Crea%ng Secure Apps for Social Media
Tyler Browning Director – Agency Development at BlueModus – A Technology Agency
What does Internet security mean?
Data Security – Man, this is it’s own topic.
Understanding poten%al data exposure
Firewalls
Privacy
Password Security
Risk Assessment
Code Review
Thinking like a hacker
Security for social media is…
Say yes to social apps. Say yes to security and incorporate the following into your development.
Applica%on Requirements Test Cases Risk
Assessment
Code Review Security &
development placed together
Firewall!!!
Oh, data, your crazy. Securing a Database Securing your
server.
Protect the data.
Protect the system.
Perimeter firewall.
Internal firewall.
Securing User’s Data What data do
you have on the user?
How is data being managed?
Who has access to the user ID and other user data?
Password Security
Educate the user on password security.
Understand how secure the user is with their data.
Thinking like a hacker.
Understand the data.
How sensi%ve is the data?
What can a criminal do with
the data?
Where are the vulnerabili%es in the applica%on?
SQL injec%on?
Rainbow Table?
Educa%ng the user.
Making the case for complex +
unique passwords.
Pos%ng sensi%ve data.
Why NOT to eff with the privacy policy.
Andy Hatch "Without a privacy policy to review, consumers may not have the ability to understand and control the use of their personal data by the Apps,” – MediaPost News
Nearly three-‐quarters of the most popular mobile apps lack even a basic privacy policy, according to a new survey by the Future of Privacy Forum.
Case studies.
hZp://bit.ly/iUU0TS
"It would appear that security experts are not expertly secured," Anonymous wrote.
Lessons from the HB Gary Case Study
• If you are not managing the security, know the firm or person and understand their security practices.
• Security assumptions are very dangerous. • Diverse passwords! • Know your vulnerabilities and understand
what will happen if your system is breached. • Plan for a system breach.
"...this is a scary privacy issue. I can find the name of pretty much every person on Facebook...Once I have the name and URL of a user, I can view, by default, their picture, friends, information about them, and some other details…..
hZp://bit.ly/m8pKvI hZp://bit.ly/kDnMIC
Lessons from the Facebook Case Study
• Understand the security practice around social platforms like Facebook.
• Privacy Policy! • What data is open, closed and how could un-
authorized folks access a users information. • User ID’s are important to secure on some
level. • Security around available API’s.
Thank you for the opportunity.
Tyler Browning @tylerbrowning [email protected] hZp://www.linkedin.com/in/tylerbrowning