SlideShare a Scribd company logo

BrowserStack Security Breach. Lessons Learned.

Aditya Patawari
Aditya Patawari

The author discusses lessons learned after getting hacked. Key lessons include: implementing proper monitoring of systems and unlikely events; removing wildcard access controls; keeping an accurate inventory of machines and who has access; regularly patching systems for security vulnerabilities; maintaining onsite and offsite backups; enabling centralized logging of systems; and having an amazing security-focused team.

Internet
1 of 11
Download to read offline
We got hacked. Lessons learned. Aditya Patawari Lead of Systems Engineer at BrowserStack.com Fedora Ambassador and Contributor to Fedora Infra aditya@adityapatawari.com adimania on freenode irc http://blog.adityapatawari.com March 30, 2015 Aditya Patawari We got hacked. Lessons learned.
Topics Monitoring is good. Right monitoring is saviour. Wildcards! Get rid of them. How many machines you got? Who got access to them? Did you patch that? Where is your backup? Logging is on! You need an amazing team. Aditya Patawari We got hacked. Lessons learned.
Monitoring is good. Right monitoring is saviour. Multi location monitoring Monitor unlikely situations like table locks Monitor IP addresses Aditya Patawari We got hacked. Lessons learned.
Wildcards! Get rid of them. Database grant statements will KILL you. Any wildcard ACL is a potential disaster. Aditya Patawari We got hacked. Lessons learned.
How many machines you got? Make an inventory. Make an automated inventory. Aditya Patawari We got hacked. Lessons learned.
Who got access to them? Did you generate generic api keys? Two-factor is amazing How similar is your staging to production? Aditya Patawari We got hacked. Lessons learned.
Did you patch that? So many CVEs CI for security updates? Look at OpenVAS Aditya Patawari We got hacked. Lessons learned.
Where is your backup? Onsite and Offsite, both are mandatory Another AWS region is not offsite Encrypt it Aditya Patawari We got hacked. Lessons learned.
Logging is on! Log your systems centrally Log actions on your hardware/service provider Aditya Patawari We got hacked. Lessons learned.
You need an amazing team. Aditya Patawari We got hacked. Lessons learned.
Questions? Now is your chance :) Aditya Patawari We got hacked. Lessons learned.

Recommended

Girl vs Girl
Girl vs GirlGirl vs Girl
Girl vs Girl
Birdieasm Gladue
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu Security
Deja vu Security
 
Nodeflux : A Distributed Computation Platform
Nodeflux : A Distributed Computation PlatformNodeflux : A Distributed Computation Platform
Nodeflux : A Distributed Computation Platform
Tech in Asia ID
 
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdf
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdftechinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdf
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdf
seotechinator
 
How AI used in cybersecurity
How AI used in cybersecurityHow AI used in cybersecurity
How AI used in cybersecurity
ArjitDas2
 
Ethichack 2012
Ethichack 2012Ethichack 2012
Ethichack 2012santhosh kumarRG
 
If i wake evil 360
If i wake evil 360If i wake evil 360
If i wake evil 360
John Strand
 
Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!
Zigoo0
 

Recommended

Girl vs Girl
Girl vs GirlGirl vs Girl
Girl vs Girl
Birdieasm Gladue
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu Security
Deja vu Security
 
Nodeflux : A Distributed Computation Platform
Nodeflux : A Distributed Computation PlatformNodeflux : A Distributed Computation Platform
Nodeflux : A Distributed Computation Platform
Tech in Asia ID
 
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdf
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdftechinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdf
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdf
seotechinator
 
How AI used in cybersecurity
How AI used in cybersecurityHow AI used in cybersecurity
How AI used in cybersecurity
ArjitDas2
 
Ethichack 2012
Ethichack 2012Ethichack 2012
Ethichack 2012santhosh kumarRG
 
If i wake evil 360
If i wake evil 360If i wake evil 360
If i wake evil 360
John Strand
 
Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!
Zigoo0
 
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattMicroservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
OpenCredo
 
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...
AgileNetwork
 
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptxRole Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Amrit Chhetri
 
Metasploit with sholay kick
Metasploit with sholay kickMetasploit with sholay kick
Metasploit with sholay kick
Satish Govindappa
 
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chump
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chumpDEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chump
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chump
Felipe Prado
 
The Future of Ops
The Future of OpsThe Future of Ops
The Future of Ops
Tyler Treat
 
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...DataTalks #4: Необходимый минимум инструментов для построения своей системы р...
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...
WG_ Events
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
Haydn Johnson
 
DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)
Patricia Aas
 
Lets make robots
Lets make robotsLets make robots
Lets make robots
Sudar Muthu
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking ppt
Shravan Sanidhya
 
D-Cipher
D-CipherD-Cipher
D-Cipher
Venkat Sandeep Manthi
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental ii
Syaiful Ahdan
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
Positive Hack Days
 
How to Start a career in AI and Machine Learning?
How to Start a career in AI and Machine Learning?How to Start a career in AI and Machine Learning?
How to Start a career in AI and Machine Learning?
Intellipaat
 
How to start a career in AI and Machine Learning?
How to start a career in AI and Machine Learning?How to start a career in AI and Machine Learning?
How to start a career in AI and Machine Learning?
Intellipaat
 
Ethical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu aroraEthical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu arora
VaishnaviKhandelwal6
 
Fluentd - Unified logging layer
Fluentd - Unified logging layerFluentd - Unified logging layer
Fluentd - Unified logging layer
Treasure Data, Inc.
 
Arduino and robotics
Arduino and roboticsArduino and robotics
Arduino and robotics
AbdulazizAlzahrani56
 
How to build observability into Serverless (BuildStuff 2018)
How to build observability into Serverless (BuildStuff 2018)How to build observability into Serverless (BuildStuff 2018)
How to build observability into Serverless (BuildStuff 2018)
Yan Cui
 
Networking Overview for Docker Platform
Networking Overview for Docker PlatformNetworking Overview for Docker Platform
Networking Overview for Docker Platform
Aditya Patawari
 
Beginning mesos
Beginning mesosBeginning mesos
Beginning mesos
Aditya Patawari
 

More Related Content

Similar to BrowserStack Security Breach. Lessons Learned.

Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattMicroservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
OpenCredo
 
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...
AgileNetwork
 
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptxRole Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Amrit Chhetri
 
Metasploit with sholay kick
Metasploit with sholay kickMetasploit with sholay kick
Metasploit with sholay kick
Satish Govindappa
 
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chump
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chumpDEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chump
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chump
Felipe Prado
 
The Future of Ops
The Future of OpsThe Future of Ops
The Future of Ops
Tyler Treat
 
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...DataTalks #4: Необходимый минимум инструментов для построения своей системы р...
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...
WG_ Events
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
Haydn Johnson
 
DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)
Patricia Aas
 
Lets make robots
Lets make robotsLets make robots
Lets make robots
Sudar Muthu
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking ppt
Shravan Sanidhya
 
D-Cipher
D-CipherD-Cipher
D-Cipher
Venkat Sandeep Manthi
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental ii
Syaiful Ahdan
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
Positive Hack Days
 
How to Start a career in AI and Machine Learning?
How to Start a career in AI and Machine Learning?How to Start a career in AI and Machine Learning?
How to Start a career in AI and Machine Learning?
Intellipaat
 
How to start a career in AI and Machine Learning?
How to start a career in AI and Machine Learning?How to start a career in AI and Machine Learning?
How to start a career in AI and Machine Learning?
Intellipaat
 
Ethical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu aroraEthical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu arora
VaishnaviKhandelwal6
 
Fluentd - Unified logging layer
Fluentd - Unified logging layerFluentd - Unified logging layer
Fluentd - Unified logging layer
Treasure Data, Inc.
 
Arduino and robotics
Arduino and roboticsArduino and robotics
Arduino and robotics
AbdulazizAlzahrani56
 
How to build observability into Serverless (BuildStuff 2018)
How to build observability into Serverless (BuildStuff 2018)How to build observability into Serverless (BuildStuff 2018)
How to build observability into Serverless (BuildStuff 2018)
Yan Cui
 

Similar to BrowserStack Security Breach. Lessons Learned. (20)

Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattMicroservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
 
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...
 
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptxRole Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
 
Metasploit with sholay kick
Metasploit with sholay kickMetasploit with sholay kick
Metasploit with sholay kick
 
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chump
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chumpDEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chump
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chump
 
The Future of Ops
The Future of OpsThe Future of Ops
The Future of Ops
 
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...DataTalks #4: Необходимый минимум инструментов для построения своей системы р...
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
 
DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)
 
Lets make robots
Lets make robotsLets make robots
Lets make robots
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking ppt
 
D-Cipher
D-CipherD-Cipher
D-Cipher
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental ii
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 
How to Start a career in AI and Machine Learning?
How to Start a career in AI and Machine Learning?How to Start a career in AI and Machine Learning?
How to Start a career in AI and Machine Learning?
 
How to start a career in AI and Machine Learning?
How to start a career in AI and Machine Learning?How to start a career in AI and Machine Learning?
How to start a career in AI and Machine Learning?
 
Ethical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu aroraEthical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu arora
 
Fluentd - Unified logging layer
Fluentd - Unified logging layerFluentd - Unified logging layer
Fluentd - Unified logging layer
 
Arduino and robotics
Arduino and roboticsArduino and robotics
Arduino and robotics
 
How to build observability into Serverless (BuildStuff 2018)
How to build observability into Serverless (BuildStuff 2018)How to build observability into Serverless (BuildStuff 2018)
How to build observability into Serverless (BuildStuff 2018)
 

More from Aditya Patawari

Networking Overview for Docker Platform
Networking Overview for Docker PlatformNetworking Overview for Docker Platform
Networking Overview for Docker Platform
Aditya Patawari
 
Beginning mesos
Beginning mesosBeginning mesos
Beginning mesos
Aditya Patawari
 
Fault Tolerance with Kubernetes
Fault Tolerance with KubernetesFault Tolerance with Kubernetes
Fault Tolerance with Kubernetes
Aditya Patawari
 
Project Atomic - rootconf2015
Project Atomic - rootconf2015Project Atomic - rootconf2015
Project Atomic - rootconf2015
Aditya Patawari
 
Project Atomic [rootconf2015]
Project Atomic [rootconf2015]Project Atomic [rootconf2015]
Project Atomic [rootconf2015]
Aditya Patawari
 
An introduction to Docker and Project Atomic
An introduction to Docker and Project AtomicAn introduction to Docker and Project Atomic
An introduction to Docker and Project Atomic
Aditya Patawari
 
Orchestration with Ansible at Fedora Project
Orchestration with Ansible at Fedora ProjectOrchestration with Ansible at Fedora Project
Orchestration with Ansible at Fedora ProjectAditya Patawari
 
Git
GitGit
Git
Aditya Patawari
 
Introduction to Puppet and Usage In Cloud
Introduction to Puppet and Usage In CloudIntroduction to Puppet and Usage In Cloud
Introduction to Puppet and Usage In Cloud
Aditya Patawari
 
Koji and pulp
Koji and pulpKoji and pulp
Koji and pulp
Aditya Patawari
 
Foss.in Fedora Mini Conf
Foss.in Fedora Mini ConfFoss.in Fedora Mini Conf
Foss.in Fedora Mini Conf
Aditya Patawari
 

More from Aditya Patawari (12)

Networking Overview for Docker Platform
Networking Overview for Docker PlatformNetworking Overview for Docker Platform
Networking Overview for Docker Platform
 
Beginning mesos
Beginning mesosBeginning mesos
Beginning mesos
 
Fault Tolerance with Kubernetes
Fault Tolerance with KubernetesFault Tolerance with Kubernetes
Fault Tolerance with Kubernetes
 
Project Atomic - rootconf2015
Project Atomic - rootconf2015Project Atomic - rootconf2015
Project Atomic - rootconf2015
 
Project Atomic [rootconf2015]
Project Atomic [rootconf2015]Project Atomic [rootconf2015]
Project Atomic [rootconf2015]
 
An introduction to Docker and Project Atomic
An introduction to Docker and Project AtomicAn introduction to Docker and Project Atomic
An introduction to Docker and Project Atomic
 
Orchestration with Ansible at Fedora Project
Orchestration with Ansible at Fedora ProjectOrchestration with Ansible at Fedora Project
Orchestration with Ansible at Fedora Project
 
Git
GitGit
Git
 
Introduction to Puppet and Usage In Cloud
Introduction to Puppet and Usage In CloudIntroduction to Puppet and Usage In Cloud
Introduction to Puppet and Usage In Cloud
 
Koji and pulp
Koji and pulpKoji and pulp
Koji and pulp
 
Foss.in Fedora Mini Conf
Foss.in Fedora Mini ConfFoss.in Fedora Mini Conf
Foss.in Fedora Mini Conf
 
Linux and lamp
Linux and lampLinux and lamp
Linux and lamp
 

Recently uploaded

原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
VivekSinghShekhawat2
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
GTProductions1
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 

Recently uploaded (20)

原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 

BrowserStack Security Breach. Lessons Learned.

  • 1. We got hacked. Lessons learned. Aditya Patawari Lead of Systems Engineer at BrowserStack.com Fedora Ambassador and Contributor to Fedora Infra aditya@adityapatawari.com adimania on freenode irc http://blog.adityapatawari.com March 30, 2015 Aditya Patawari We got hacked. Lessons learned.
  • 2. Topics Monitoring is good. Right monitoring is saviour. Wildcards! Get rid of them. How many machines you got? Who got access to them? Did you patch that? Where is your backup? Logging is on! You need an amazing team. Aditya Patawari We got hacked. Lessons learned.
  • 3. Monitoring is good. Right monitoring is saviour. Multi location monitoring Monitor unlikely situations like table locks Monitor IP addresses Aditya Patawari We got hacked. Lessons learned.
  • 4. Wildcards! Get rid of them. Database grant statements will KILL you. Any wildcard ACL is a potential disaster. Aditya Patawari We got hacked. Lessons learned.
  • 5. How many machines you got? Make an inventory. Make an automated inventory. Aditya Patawari We got hacked. Lessons learned.
  • 6. Who got access to them? Did you generate generic api keys? Two-factor is amazing How similar is your staging to production? Aditya Patawari We got hacked. Lessons learned.
  • 7. Did you patch that? So many CVEs CI for security updates? Look at OpenVAS Aditya Patawari We got hacked. Lessons learned.
  • 8. Where is your backup? Onsite and Offsite, both are mandatory Another AWS region is not offsite Encrypt it Aditya Patawari We got hacked. Lessons learned.
  • 9. Logging is on! Log your systems centrally Log actions on your hardware/service provider Aditya Patawari We got hacked. Lessons learned.
  • 10. You need an amazing team. Aditya Patawari We got hacked. Lessons learned.
  • 11. Questions? Now is your chance :) Aditya Patawari We got hacked. Lessons learned.