Crea%ng  Secure  Apps  for  Social  Media  

Tyler  Browning    Director  –  Agency  Development  at  BlueModus  –  A  Technology  Agency  

What does Internet security mean?

Data  Security  –  Man,  this  is  it’s  own  topic.  

Understanding  poten%al  data  exposure  

Firewalls  

Privacy  

Password  Security  

Risk  Assessment  

Code  Review  

Thinking  like  a  hacker  

Security for social media is…

Say yes to social apps. Say yes to security and incorporate the following into your development.

Applica%on  Requirements   Test  Cases   Risk  

Assessment  

Code  Review  Security  &  

development  placed  together  

Firewall!!!  

Oh, data, your crazy. Securing  a  Database   Securing  your  

server.  

Protect  the  data.    

Protect  the  system.  

Perimeter  firewall.  

Internal  firewall.  

Securing  User’s  Data   What  data  do  

you  have  on  the  user?  

How  is  data  being  managed?  

Who  has  access  to  the  user  ID  and  other  user  data?  

Password  Security  

Educate  the  user  on  password  security.  

Understand  how  secure  the  user  is  with  their  data.  

Thinking like a hacker.

Understand  the  data.  

How  sensi%ve  is  the  data?  

What  can  a  criminal  do  with  

the  data?  

Where  are  the  vulnerabili%es  in  the  applica%on?  

SQL  injec%on?  

Rainbow  Table?  

Educa%ng  the  user.  

Making  the  case  for  complex  +  

unique  passwords.  

Pos%ng  sensi%ve  data.  

Why NOT to eff with the privacy policy.

Andy  Hatch  "Without  a  privacy  policy  to  review,  consumers  may  not  have  the  ability  to  understand  and  control  the  use  of  their  personal  data  by  the  Apps,”  –  MediaPost  News  

Nearly  three-­‐quarters  of  the  most  popular  mobile  apps  lack  even  a  basic  privacy  policy,  according  to  a  new  survey  by  the  Future  of  Privacy  Forum.  

Case studies.

hZp://bit.ly/iUU0TS    

"It  would  appear  that  security  experts  are  not  expertly  secured,"  Anonymous  wrote.  

Lessons from the HB Gary Case Study

•  If you are not managing the security, know the firm or person and understand their security practices.

•  Security assumptions are very dangerous. •  Diverse passwords! •  Know your vulnerabilities and understand

what will happen if your system is breached. •  Plan for a system breach.

"...this is a scary privacy issue. I can find the name of pretty much every person on Facebook...Once I have the name and URL of a user, I can view, by default, their picture, friends, information about them, and some other details…..

hZp://bit.ly/m8pKvI     hZp://bit.ly/kDnMIC    

Lessons from the Facebook Case Study

•  Understand the security practice around social platforms like Facebook.

•  Privacy Policy! •  What data is open, closed and how could un-

authorized folks access a users information. •  User ID’s are important to secure on some

level. •  Security around available API’s.

Thank  you  for  the  opportunity.  

Tyler  Browning  @tylerbrowning  tbrowning@bluemodus.com  hZp://www.linkedin.com/in/tylerbrowning