The document discusses the growing threats of cybercrime and importance of security by design in software development. It notes that data has become the new gold and cybercrime damages reached $3 trillion worldwide in 2016. The document advocates storing only necessary data and limiting access. It provides examples of how software systems can expose private data if not designed securely from the start. Throughout, it emphasizes close collaboration between developers and security experts to implement controls like centralized logging, strong passwords, and automated security testing in development practices.
10. CYBERCRIME
REAL THREAT
AND IT IS GROWING
ORGANISED AND PROFESSIONAL
IT’S A BUSINESS
RISKS ARE LOW
WE ARE NOT READY
LOT OF MONEY INVOLVED
11. HOW PROFITABLE IS CYBERCRIME?
US Military and Defence Expanses
(2015)
600 Billion dollars
Cyber crime damage world wide
(2016)
3 Trillion dollars
Bank of Iraq Heist (2003)
1 Billion dollars
22. DON’T BE A TROJAN
DATA STORAGE
▸ WHAT DATA DO WE STORE?
▸ WHAT DATA DO WE NEED?
▸ HOW LONG DO WE NEED TO KEEP THIS
DATA?
▸ HOW DOES THIS DATA TRACE BACK TO AN
INDIVIDUAL?
▸ WHO HAS ACCESS TO THIS DATA
30. EXAMPLE
PROFILE
SERVICE
CREATE PROFILE
UPDATE PREFERENCES
GET PROFILE BY UUID
PROFILE
- UUID
- EMAIL
- LIST OF PREFERENCES
MYHOME
SERVICE
CLAIM A HOUSE
UPDATE YOUR HOUSE
FIND ALL HOUSES
MyHOUSE
- UUID
- HOUSE ADDRESS
- HOUSE PICTURES
SECURED LOGIN
31. EXAMPLE
PROFILE
SERVICE
GET PROFILE BY UUID
PROFILE
- UUID
- EMAIL
- LIST OF PREFERENCES
MYHOME
SERVICE
FIND ALL HOUSES
MyHOUSE
- UUID (EXPOSED)
- HOUSE ADDRESS
- HOUSE PICTURES
43. TEXT
PASSWORD PROTECTION
▸ Use a password policy
▸ Use a cryptographically strong credential-specific salt
▸ Use a cryptographic hash algorithm (e.g. PBKDF2 / bCrypt)
▸ Use a HMAC (keyed-hash message authentication code), HMAC-SHA256
▸ Review algorithms