Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
We got hacked. Lessons learned.
Aditya Patawari
Lead of Systems Engineer at BrowserStack.com
Fedora Ambassador and Contrib...
Topics
Monitoring is good. Right monitoring is saviour.
Wildcards! Get rid of them.
How many machines you got?
Who got acc...
Monitoring is good. Right monitoring is saviour.
Multi location monitoring
Monitor unlikely situations like table locks
Mo...
Wildcards! Get rid of them.
Database grant statements will KILL you.
Any wildcard ACL is a potential disaster.
Aditya Pata...
How many machines you got?
Make an inventory.
Make an automated inventory.
Aditya Patawari We got hacked. Lessons learned.
Who got access to them?
Did you generate generic api keys?
Two-factor is amazing
How similar is your staging to production...
Did you patch that?
So many CVEs
CI for security updates?
Look at OpenVAS
Aditya Patawari We got hacked. Lessons learned.
Where is your backup?
Onsite and Offsite, both are mandatory
Another AWS region is not offsite
Encrypt it
Aditya Patawari We...
Logging is on!
Log your systems centrally
Log actions on your hardware/service provider
Aditya Patawari We got hacked. Les...
You need an amazing team.
Aditya Patawari We got hacked. Lessons learned.
Questions?
Now is your chance :)
Aditya Patawari We got hacked. Lessons learned.
Upcoming SlideShare
Loading in …5
×

BrowserStack Security Breach. Lessons Learned.

833 views

Published on

How BrowserStack got hacked and what we learned from it?

Published in: Internet
  • Be the first to comment

  • Be the first to like this

BrowserStack Security Breach. Lessons Learned.

  1. 1. We got hacked. Lessons learned. Aditya Patawari Lead of Systems Engineer at BrowserStack.com Fedora Ambassador and Contributor to Fedora Infra aditya@adityapatawari.com adimania on freenode irc http://blog.adityapatawari.com March 30, 2015 Aditya Patawari We got hacked. Lessons learned.
  2. 2. Topics Monitoring is good. Right monitoring is saviour. Wildcards! Get rid of them. How many machines you got? Who got access to them? Did you patch that? Where is your backup? Logging is on! You need an amazing team. Aditya Patawari We got hacked. Lessons learned.
  3. 3. Monitoring is good. Right monitoring is saviour. Multi location monitoring Monitor unlikely situations like table locks Monitor IP addresses Aditya Patawari We got hacked. Lessons learned.
  4. 4. Wildcards! Get rid of them. Database grant statements will KILL you. Any wildcard ACL is a potential disaster. Aditya Patawari We got hacked. Lessons learned.
  5. 5. How many machines you got? Make an inventory. Make an automated inventory. Aditya Patawari We got hacked. Lessons learned.
  6. 6. Who got access to them? Did you generate generic api keys? Two-factor is amazing How similar is your staging to production? Aditya Patawari We got hacked. Lessons learned.
  7. 7. Did you patch that? So many CVEs CI for security updates? Look at OpenVAS Aditya Patawari We got hacked. Lessons learned.
  8. 8. Where is your backup? Onsite and Offsite, both are mandatory Another AWS region is not offsite Encrypt it Aditya Patawari We got hacked. Lessons learned.
  9. 9. Logging is on! Log your systems centrally Log actions on your hardware/service provider Aditya Patawari We got hacked. Lessons learned.
  10. 10. You need an amazing team. Aditya Patawari We got hacked. Lessons learned.
  11. 11. Questions? Now is your chance :) Aditya Patawari We got hacked. Lessons learned.

×