CybelAngel - Top 10 tips to avoid being the next big data leak
1.
2. Top 10 tips to avoid being the
next big Data Leak
(Cyber)Security for Software Engineers, Topito style...
3. Thomas Garnier
Head of Product
@ CybelAngel since 2014
Academics in software engineering
Switched to the Dark side
(they had cookies)
Who ?
Gilles d’Arco
CTO
First employee @ CybelAngel
Lived in China, Tunisia and now in
Nantes
Lua Programmer from time to time
5. Where exactly do we find the data ?
Clear Web
Social networks, forums, paste sites ...
Dark Web
Everything on Tor-like networks : markets, message boards, etc.
Connected Storage
Unprotected connected storage devices
8. And we detect data leak for our clients
everyday...
We will show you real life examples, and we’ll try
to learn something from it !
9. Wrap up !
1 Don’t share access points like chats, proxy, VPNs online (even if they are secured)
2 Don’t hard code your secret keys
3 Don’t store passwords unencrypted
4 Don’t use public Github as cloud storage
5 Apply the same (good) security policy on prod and test environment
6 Ensure that all databases require authentication
7 Never do non-encrypted backups (especially for active directory)
8 Change the default passwords of your FTP/SMB/etc
9 Make sure your cloud configuration is not open by default
10. But most importantly ...
10 Don’t be too paranoid, keep building awesome stuffs !
True, but a bit cheesy though ….