SlideShare a Scribd company logo

Creating Secure Social Applications

Tyler Browning
Tyler Browning

Social media is a new marketing currency for brands. That much is certain. Brands can engage directly with consumers in real-time allowing for the collection of unprecedented amount of data on the customer. This data is increasingly powerful to brands, their agencies, their customers and unfortunately, the unscrupulous among us. Hopefully, someone is thinking about security.

Technology
1 of 13
Download to read offline
Crea%ng  Secure  Apps  for   Social  Media   Tyler  Browning     Director  –  Agency  Development  at   BlueModus  –  A  Technology  Agency  
What does Internet security mean?
Security for social media is… Data  Security  –  Man,  this  is  it’s  own  topic.   Understanding  poten%al  data  exposure   Firewalls   Privacy   Password  Security   Risk  Assessment   Code  Review   Thinking  like  a  hacker  
Say yes to social apps. Say yes to security and incorporate the following into your development. Applica%on   Risk   Test  Cases   Requirements   Assessment   Security  &   Code  Review   development   Firewall!!!   placed  together  
Oh, data, your crazy. Securing  a  Database   Securing  User’s  Data   Password  Security   Securing  your   What  data  do   Educate  the  user   server.   you  have  on  the   on  password   Protect  the  data.     user?   security.   Protect  the   How  is  data   Understand  how   system.   being  managed?   secure  the  user   Who  has  access   is  with  their   Perimeter   data.   firewall.   to  the  user  ID   and  other  user   Internal  firewall.   data?  
Thinking like a hacker. Where  are  the   Understand  the   Educa%ng  the   vulnerabili%es  in   data.   user.   the  applica%on?   Making  the  case   How  sensi%ve  is   for  complex  +   SQL  injec%on?   the  data?   unique   passwords.   What  can  a   Rainbow  Table?   Pos%ng  sensi%ve   criminal  do  with   data.   the  data?  
Why NOT to eff with the privacy policy. "Without  a  privacy  policy  to  review,  consumers   Andy  Hatch   may  not  have  the  ability  to  understand  and   control  the  use  of  their  personal  data  by  the   Apps,”  –  MediaPost  News   Nearly  three-­‐quarters  of  the  most  popular   mobile  apps  lack  even  a  basic  privacy  policy,   according  to  a  new  survey  by  the  Future  of   Privacy  Forum.  
Case studies.
"It  would  appear  that  security  experts   are  not  expertly  secured,"   Anonymous  wrote.   hZp://bit.ly/iUU0TS    
Lessons from the HB Gary Case Study •  If you are not managing the security, know the firm or person and understand their security practices. •  Security assumptions are very dangerous. •  Diverse passwords! •  Know your vulnerabilities and understand what will happen if your system is breached. •  Plan for a system breach.
"...this is a scary privacy issue. I can find the name of pretty much every person on Facebook...Once I have the name and URL of a user, I can view, by default, their picture, friends, information about them, and some other details….. hZp://bit.ly/m8pKvI     hZp://bit.ly/kDnMIC    
Lessons from the Facebook Case Study •  Understand the security practice around social platforms like Facebook. •  Privacy Policy! •  What data is open, closed and how could un- authorized folks access a users information. •  User ID’s are important to secure on some level. •  Security around available API’s.
Thank  you  for  the   opportunity.   Tyler  Browning   @tylerbrowning   tbrowning@bluemodus.com   hZp://www.linkedin.com/in/tylerbrowning  

Recommended

Wayfs and Strays - Jonathan Richardson
Wayfs and Strays - Jonathan RichardsonWayfs and Strays - Jonathan Richardson
Wayfs and Strays - Jonathan RichardsonEduserv
 
Study, analysis and formulation of a new method for integrity protection of d...
Study, analysis and formulation of a new method for integrity protection of d...Study, analysis and formulation of a new method for integrity protection of d...
Study, analysis and formulation of a new method for integrity protection of d...ijsrd.com
 
Hindering data theft attack through fog computing
Hindering data theft attack through fog computingHindering data theft attack through fog computing
Hindering data theft attack through fog computingeSAT Publishing House
 
IRJET- Security Safe Guarding Location Data Proximity
IRJET- Security Safe Guarding Location Data ProximityIRJET- Security Safe Guarding Location Data Proximity
IRJET- Security Safe Guarding Location Data ProximityIRJET Journal
 
Security and Protection of Enterprise Data in Cloud: Implementation of Deniab...
Security and Protection of Enterprise Data in Cloud: Implementation of Deniab...Security and Protection of Enterprise Data in Cloud: Implementation of Deniab...
Security and Protection of Enterprise Data in Cloud: Implementation of Deniab...IJERA Editor
 
Anomaly Threat Detection System using User and Role-Based Profile Assessment
Anomaly Threat Detection System using User and Role-Based Profile AssessmentAnomaly Threat Detection System using User and Role-Based Profile Assessment
Anomaly Threat Detection System using User and Role-Based Profile Assessmentijtsrd
 
3 d
3 d3 d
3 dgeethanjali a
 
A Survey on Access Control Mechanisms using Attribute Based Encryption in cloud
A Survey on Access Control Mechanisms using Attribute Based Encryption in cloudA Survey on Access Control Mechanisms using Attribute Based Encryption in cloud
A Survey on Access Control Mechanisms using Attribute Based Encryption in cloudijsrd.com
 

Recommended

Wayfs and Strays - Jonathan Richardson
Wayfs and Strays - Jonathan RichardsonWayfs and Strays - Jonathan Richardson
Wayfs and Strays - Jonathan RichardsonEduserv
 
Study, analysis and formulation of a new method for integrity protection of d...
Study, analysis and formulation of a new method for integrity protection of d...Study, analysis and formulation of a new method for integrity protection of d...
Study, analysis and formulation of a new method for integrity protection of d...ijsrd.com
 
Hindering data theft attack through fog computing
Hindering data theft attack through fog computingHindering data theft attack through fog computing
Hindering data theft attack through fog computingeSAT Publishing House
 
IRJET- Security Safe Guarding Location Data Proximity
IRJET- Security Safe Guarding Location Data ProximityIRJET- Security Safe Guarding Location Data Proximity
IRJET- Security Safe Guarding Location Data ProximityIRJET Journal
 
Security and Protection of Enterprise Data in Cloud: Implementation of Deniab...
Security and Protection of Enterprise Data in Cloud: Implementation of Deniab...Security and Protection of Enterprise Data in Cloud: Implementation of Deniab...
Security and Protection of Enterprise Data in Cloud: Implementation of Deniab...IJERA Editor
 
Anomaly Threat Detection System using User and Role-Based Profile Assessment
Anomaly Threat Detection System using User and Role-Based Profile AssessmentAnomaly Threat Detection System using User and Role-Based Profile Assessment
Anomaly Threat Detection System using User and Role-Based Profile Assessmentijtsrd
 
3 d
3 d3 d
3 dgeethanjali a
 
A Survey on Access Control Mechanisms using Attribute Based Encryption in cloud
A Survey on Access Control Mechanisms using Attribute Based Encryption in cloudA Survey on Access Control Mechanisms using Attribute Based Encryption in cloud
A Survey on Access Control Mechanisms using Attribute Based Encryption in cloudijsrd.com
 
Secure Transfers of Personal Data
Secure Transfers of Personal DataSecure Transfers of Personal Data
Secure Transfers of Personal DataAriz Baig
 
The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...IJERA Editor
 
Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networkinganita maharjan
 
A review on key aggregate cryptosystem for scalable data sharing in cloud sto...
A review on key aggregate cryptosystem for scalable data sharing in cloud sto...A review on key aggregate cryptosystem for scalable data sharing in cloud sto...
A review on key aggregate cryptosystem for scalable data sharing in cloud sto...eSAT Journals
 
Ijarcet vol-2-issue-3-925-932
Ijarcet vol-2-issue-3-925-932Ijarcet vol-2-issue-3-925-932
Ijarcet vol-2-issue-3-925-932Editor IJARCET
 
Secure Sharing of Personal Health Records in Cloud Computing using Encryption
Secure Sharing of Personal Health Records in Cloud Computing using EncryptionSecure Sharing of Personal Health Records in Cloud Computing using Encryption
Secure Sharing of Personal Health Records in Cloud Computing using EncryptionEditor IJCATR
 
Secure communication
Secure communicationSecure communication
Secure communicationTushar Swami
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing IRJET Journal
 
Improving Security Measures of E-Learning Database
Improving Security Measures of E-Learning DatabaseImproving Security Measures of E-Learning Database
Improving Security Measures of E-Learning DatabaseIOSR Journals
 
4.authentication and key agreement based on anonymous identity for peer to-pe...
4.authentication and key agreement based on anonymous identity for peer to-pe...4.authentication and key agreement based on anonymous identity for peer to-pe...
4.authentication and key agreement based on anonymous identity for peer to-pe...Venkat Projects
 
NEMZOW PATENT PORTFOLIO
NEMZOW PATENT PORTFOLIONEMZOW PATENT PORTFOLIO
NEMZOW PATENT PORTFOLIOMartin Nemzow
 
«Определение понятия «облачные вычисления» (от National Institute of Standard...
«Определение понятия «облачные вычисления» (от National Institute of Standard...«Определение понятия «облачные вычисления» (от National Institute of Standard...
«Определение понятия «облачные вычисления» (от National Institute of Standard...Victor Gridnev
 
Benefits of Network - R.D.Sivakumar
Benefits of Network - R.D.SivakumarBenefits of Network - R.D.Sivakumar
Benefits of Network - R.D.SivakumarSivakumar R D .
 
Forensic Analysis and Discovery System
Forensic Analysis and Discovery SystemForensic Analysis and Discovery System
Forensic Analysis and Discovery SystemAzri Hafiz
 
Privacy and Security Information
Privacy and Security InformationPrivacy and Security Information
Privacy and Security InformationAdeel Rasheed
 
Two Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed ServicesTwo Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed ServicesIRJET Journal
 
A survey on cloud security issues and techniques
A survey on cloud security issues and techniquesA survey on cloud security issues and techniques
A survey on cloud security issues and techniquesijcsa
 
Advanced Multi-Encryption Technique in Cloud Computing
Advanced Multi-Encryption Technique in Cloud ComputingAdvanced Multi-Encryption Technique in Cloud Computing
Advanced Multi-Encryption Technique in Cloud ComputingAM Publications
 
IRJET- Protecting E-Health Record with Data Sharing in Public Cloud
IRJET- Protecting E-Health Record with Data Sharing in Public CloudIRJET- Protecting E-Health Record with Data Sharing in Public Cloud
IRJET- Protecting E-Health Record with Data Sharing in Public CloudIRJET Journal
 
A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...IJORCS
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
Cloud assisted mobile-access of health data with privacy and auditability
Cloud assisted mobile-access of health data with privacy and auditabilityCloud assisted mobile-access of health data with privacy and auditability
Cloud assisted mobile-access of health data with privacy and auditabilityIGEEKS TECHNOLOGIES
 

More Related Content

What's hot

Secure Transfers of Personal Data
Secure Transfers of Personal DataSecure Transfers of Personal Data
Secure Transfers of Personal DataAriz Baig
 
The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...IJERA Editor
 
Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networkinganita maharjan
 
A review on key aggregate cryptosystem for scalable data sharing in cloud sto...
A review on key aggregate cryptosystem for scalable data sharing in cloud sto...A review on key aggregate cryptosystem for scalable data sharing in cloud sto...
A review on key aggregate cryptosystem for scalable data sharing in cloud sto...eSAT Journals
 
Ijarcet vol-2-issue-3-925-932
Ijarcet vol-2-issue-3-925-932Ijarcet vol-2-issue-3-925-932
Ijarcet vol-2-issue-3-925-932Editor IJARCET
 
Secure Sharing of Personal Health Records in Cloud Computing using Encryption
Secure Sharing of Personal Health Records in Cloud Computing using EncryptionSecure Sharing of Personal Health Records in Cloud Computing using Encryption
Secure Sharing of Personal Health Records in Cloud Computing using EncryptionEditor IJCATR
 
Secure communication
Secure communicationSecure communication
Secure communicationTushar Swami
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing IRJET Journal
 
Improving Security Measures of E-Learning Database
Improving Security Measures of E-Learning DatabaseImproving Security Measures of E-Learning Database
Improving Security Measures of E-Learning DatabaseIOSR Journals
 
4.authentication and key agreement based on anonymous identity for peer to-pe...
4.authentication and key agreement based on anonymous identity for peer to-pe...4.authentication and key agreement based on anonymous identity for peer to-pe...
4.authentication and key agreement based on anonymous identity for peer to-pe...Venkat Projects
 
NEMZOW PATENT PORTFOLIO
NEMZOW PATENT PORTFOLIONEMZOW PATENT PORTFOLIO
NEMZOW PATENT PORTFOLIOMartin Nemzow
 
«Определение понятия «облачные вычисления» (от National Institute of Standard...
«Определение понятия «облачные вычисления» (от National Institute of Standard...«Определение понятия «облачные вычисления» (от National Institute of Standard...
«Определение понятия «облачные вычисления» (от National Institute of Standard...Victor Gridnev
 
Benefits of Network - R.D.Sivakumar
Benefits of Network - R.D.SivakumarBenefits of Network - R.D.Sivakumar
Benefits of Network - R.D.SivakumarSivakumar R D .
 
Forensic Analysis and Discovery System
Forensic Analysis and Discovery SystemForensic Analysis and Discovery System
Forensic Analysis and Discovery SystemAzri Hafiz
 
Privacy and Security Information
Privacy and Security InformationPrivacy and Security Information
Privacy and Security InformationAdeel Rasheed
 
Two Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed ServicesTwo Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed ServicesIRJET Journal
 
A survey on cloud security issues and techniques
A survey on cloud security issues and techniquesA survey on cloud security issues and techniques
A survey on cloud security issues and techniquesijcsa
 
Advanced Multi-Encryption Technique in Cloud Computing
Advanced Multi-Encryption Technique in Cloud ComputingAdvanced Multi-Encryption Technique in Cloud Computing
Advanced Multi-Encryption Technique in Cloud ComputingAM Publications
 
IRJET- Protecting E-Health Record with Data Sharing in Public Cloud
IRJET- Protecting E-Health Record with Data Sharing in Public CloudIRJET- Protecting E-Health Record with Data Sharing in Public Cloud
IRJET- Protecting E-Health Record with Data Sharing in Public CloudIRJET Journal
 
A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...IJORCS
 

What's hot (20)

Secure Transfers of Personal Data
Secure Transfers of Personal DataSecure Transfers of Personal Data
Secure Transfers of Personal Data
 
The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...
 
Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networking
 
A review on key aggregate cryptosystem for scalable data sharing in cloud sto...
A review on key aggregate cryptosystem for scalable data sharing in cloud sto...A review on key aggregate cryptosystem for scalable data sharing in cloud sto...
A review on key aggregate cryptosystem for scalable data sharing in cloud sto...
 
Ijarcet vol-2-issue-3-925-932
Ijarcet vol-2-issue-3-925-932Ijarcet vol-2-issue-3-925-932
Ijarcet vol-2-issue-3-925-932
 
Secure Sharing of Personal Health Records in Cloud Computing using Encryption
Secure Sharing of Personal Health Records in Cloud Computing using EncryptionSecure Sharing of Personal Health Records in Cloud Computing using Encryption
Secure Sharing of Personal Health Records in Cloud Computing using Encryption
 
Secure communication
Secure communicationSecure communication
Secure communication
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing
 
Improving Security Measures of E-Learning Database
Improving Security Measures of E-Learning DatabaseImproving Security Measures of E-Learning Database
Improving Security Measures of E-Learning Database
 
4.authentication and key agreement based on anonymous identity for peer to-pe...
4.authentication and key agreement based on anonymous identity for peer to-pe...4.authentication and key agreement based on anonymous identity for peer to-pe...
4.authentication and key agreement based on anonymous identity for peer to-pe...
 
NEMZOW PATENT PORTFOLIO
NEMZOW PATENT PORTFOLIONEMZOW PATENT PORTFOLIO
NEMZOW PATENT PORTFOLIO
 
«Определение понятия «облачные вычисления» (от National Institute of Standard...
«Определение понятия «облачные вычисления» (от National Institute of Standard...«Определение понятия «облачные вычисления» (от National Institute of Standard...
«Определение понятия «облачные вычисления» (от National Institute of Standard...
 
Benefits of Network - R.D.Sivakumar
Benefits of Network - R.D.SivakumarBenefits of Network - R.D.Sivakumar
Benefits of Network - R.D.Sivakumar
 
Forensic Analysis and Discovery System
Forensic Analysis and Discovery SystemForensic Analysis and Discovery System
Forensic Analysis and Discovery System
 
Privacy and Security Information
Privacy and Security InformationPrivacy and Security Information
Privacy and Security Information
 
Two Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed ServicesTwo Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed Services
 
A survey on cloud security issues and techniques
A survey on cloud security issues and techniquesA survey on cloud security issues and techniques
A survey on cloud security issues and techniques
 
Advanced Multi-Encryption Technique in Cloud Computing
Advanced Multi-Encryption Technique in Cloud ComputingAdvanced Multi-Encryption Technique in Cloud Computing
Advanced Multi-Encryption Technique in Cloud Computing
 
IRJET- Protecting E-Health Record with Data Sharing in Public Cloud
IRJET- Protecting E-Health Record with Data Sharing in Public CloudIRJET- Protecting E-Health Record with Data Sharing in Public Cloud
IRJET- Protecting E-Health Record with Data Sharing in Public Cloud
 
A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...
 

Similar to Creating Secure Social Applications

IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
Cloud assisted mobile-access of health data with privacy and auditability
Cloud assisted mobile-access of health data with privacy and auditabilityCloud assisted mobile-access of health data with privacy and auditability
Cloud assisted mobile-access of health data with privacy and auditabilityIGEEKS TECHNOLOGIES
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdfmistryritesh
 
Securing Cloud Using Fog: A Review
Securing Cloud Using Fog: A ReviewSecuring Cloud Using Fog: A Review
Securing Cloud Using Fog: A ReviewIRJET Journal
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
Target Unncryption Case Study
Target Unncryption Case StudyTarget Unncryption Case Study
Target Unncryption Case StudyEvelyn Donaldson
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze DataExchangeAgency
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?NTEN
 
Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - IdealwareIdealware
 
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the CloudFog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the CloudIJSRD
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)Patrick Garrett
 
IRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET- Medical Big Data Protection using Fog Computing and Decoy TechniqueIRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET- Medical Big Data Protection using Fog Computing and Decoy TechniqueIRJET Journal
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET Journal
 
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docxRunning head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docxglendar3
 
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docxRunning head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docxtodd581
 

Similar to Creating Secure Social Applications (20)

IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
Cloud assisted mobile-access of health data with privacy and auditability
Cloud assisted mobile-access of health data with privacy and auditabilityCloud assisted mobile-access of health data with privacy and auditability
Cloud assisted mobile-access of health data with privacy and auditability
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdf
 
Securing Cloud Using Fog: A Review
Securing Cloud Using Fog: A ReviewSecuring Cloud Using Fog: A Review
Securing Cloud Using Fog: A Review
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Target Unncryption Case Study
Target Unncryption Case StudyTarget Unncryption Case Study
Target Unncryption Case Study
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - Idealware
 
Dstca
DstcaDstca
Dstca
 
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the CloudFog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
 
Ci31560566
Ci31560566Ci31560566
Ci31560566
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)
 
IRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET- Medical Big Data Protection using Fog Computing and Decoy TechniqueIRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
 
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docxRunning head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
 
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docxRunning head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
Running head NETWORK PROTECTION AGAINST THREATS1NETWORK PROTEC.docx
 

Recently uploaded

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Recently uploaded (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Creating Secure Social Applications

  • 1. Crea%ng  Secure  Apps  for   Social  Media   Tyler  Browning     Director  –  Agency  Development  at   BlueModus  –  A  Technology  Agency  
  • 2. What does Internet security mean?
  • 3. Security for social media is… Data  Security  –  Man,  this  is  it’s  own  topic.   Understanding  poten%al  data  exposure   Firewalls   Privacy   Password  Security   Risk  Assessment   Code  Review   Thinking  like  a  hacker  
  • 4. Say yes to social apps. Say yes to security and incorporate the following into your development. Applica%on   Risk   Test  Cases   Requirements   Assessment   Security  &   Code  Review   development   Firewall!!!   placed  together  
  • 5. Oh, data, your crazy. Securing  a  Database   Securing  User’s  Data   Password  Security   Securing  your   What  data  do   Educate  the  user   server.   you  have  on  the   on  password   Protect  the  data.     user?   security.   Protect  the   How  is  data   Understand  how   system.   being  managed?   secure  the  user   Who  has  access   is  with  their   Perimeter   data.   firewall.   to  the  user  ID   and  other  user   Internal  firewall.   data?  
  • 6. Thinking like a hacker. Where  are  the   Understand  the   Educa%ng  the   vulnerabili%es  in   data.   user.   the  applica%on?   Making  the  case   How  sensi%ve  is   for  complex  +   SQL  injec%on?   the  data?   unique   passwords.   What  can  a   Rainbow  Table?   Pos%ng  sensi%ve   criminal  do  with   data.   the  data?  
  • 7. Why NOT to eff with the privacy policy. "Without  a  privacy  policy  to  review,  consumers   Andy  Hatch   may  not  have  the  ability  to  understand  and   control  the  use  of  their  personal  data  by  the   Apps,”  –  MediaPost  News   Nearly  three-­‐quarters  of  the  most  popular   mobile  apps  lack  even  a  basic  privacy  policy,   according  to  a  new  survey  by  the  Future  of   Privacy  Forum.  
  • 9. "It  would  appear  that  security  experts   are  not  expertly  secured,"   Anonymous  wrote.   hZp://bit.ly/iUU0TS    
  • 10. Lessons from the HB Gary Case Study •  If you are not managing the security, know the firm or person and understand their security practices. •  Security assumptions are very dangerous. •  Diverse passwords! •  Know your vulnerabilities and understand what will happen if your system is breached. •  Plan for a system breach.
  • 11. "...this is a scary privacy issue. I can find the name of pretty much every person on Facebook...Once I have the name and URL of a user, I can view, by default, their picture, friends, information about them, and some other details….. hZp://bit.ly/m8pKvI     hZp://bit.ly/kDnMIC    
  • 12. Lessons from the Facebook Case Study •  Understand the security practice around social platforms like Facebook. •  Privacy Policy! •  What data is open, closed and how could un- authorized folks access a users information. •  User ID’s are important to secure on some level. •  Security around available API’s.
  • 13. Thank  you  for  the   opportunity.   Tyler  Browning   @tylerbrowning   tbrowning@bluemodus.com   hZp://www.linkedin.com/in/tylerbrowning