Social media is a new marketing currency for brands. That much is certain. Brands can engage directly with consumers in real-time allowing for the collection of unprecedented amount of data on the customer. This data is increasingly powerful to brands, their agencies, their customers and unfortunately, the unscrupulous among us. Hopefully, someone is thinking about security.
3. Security for social media is…
Data
Security
–
Man,
this
is
it’s
own
topic.
Understanding
poten%al
data
exposure
Firewalls
Privacy
Password
Security
Risk
Assessment
Code
Review
Thinking
like
a
hacker
4. Say yes to social apps. Say yes to security and
incorporate the following into your
development.
Applica%on
Risk
Test
Cases
Requirements
Assessment
Security
&
Code
Review
development
Firewall!!!
placed
together
5. Oh, data, your crazy.
Securing
a
Database
Securing
User’s
Data
Password
Security
Securing
your
What
data
do
Educate
the
user
server.
you
have
on
the
on
password
Protect
the
data.
user?
security.
Protect
the
How
is
data
Understand
how
system.
being
managed?
secure
the
user
Who
has
access
is
with
their
Perimeter
data.
firewall.
to
the
user
ID
and
other
user
Internal
firewall.
data?
6. Thinking like a hacker.
Where
are
the
Understand
the
Educa%ng
the
vulnerabili%es
in
data.
user.
the
applica%on?
Making
the
case
How
sensi%ve
is
for
complex
+
SQL
injec%on?
the
data?
unique
passwords.
What
can
a
Rainbow
Table?
Pos%ng
sensi%ve
criminal
do
with
data.
the
data?
7. Why NOT to eff with the privacy policy.
"Without
a
privacy
policy
to
review,
consumers
Andy
Hatch
may
not
have
the
ability
to
understand
and
control
the
use
of
their
personal
data
by
the
Apps,”
–
MediaPost
News
Nearly
three-‐quarters
of
the
most
popular
mobile
apps
lack
even
a
basic
privacy
policy,
according
to
a
new
survey
by
the
Future
of
Privacy
Forum.
9. "It
would
appear
that
security
experts
are
not
expertly
secured,"
Anonymous
wrote.
hZp://bit.ly/iUU0TS
10. Lessons from the HB Gary Case Study
• If you are not managing the security, know the
firm or person and understand their security
practices.
• Security assumptions are very dangerous.
• Diverse passwords!
• Know your vulnerabilities and understand
what will happen if your system is breached.
• Plan for a system breach.
11. "...this is a scary privacy issue. I can find the name of
pretty much every person on Facebook...Once I have
the name and URL of a user, I can view, by default,
their picture, friends, information about them, and
some other details…..
hZp://bit.ly/m8pKvI
hZp://bit.ly/kDnMIC
12. Lessons from the Facebook Case Study
• Understand the security practice around social
platforms like Facebook.
• Privacy Policy!
• What data is open, closed and how could un-
authorized folks access a users information.
• User ID’s are important to secure on some
level.
• Security around available API’s.
13. Thank
you
for
the
opportunity.
Tyler
Browning
@tylerbrowning
tbrowning@bluemodus.com
hZp://www.linkedin.com/in/tylerbrowning