Your App is Leaking Data, Its Just a Question of How Badly

If data leakage isn’t the fastest growing problem in AppSec, I don’t know what is. In our experience, 100% of customer environments are leaking data. The adoption of microservices, combined with increasingly shorter development cycles, means that understanding how critical data flows into, within, and out of an application is more complex than ever. While microservice architectures have increased efficiency in innumerable ways, they can also silo developer knowledge such that understanding how every other service handles data, and what each service defines as sensitive, is incredibly difficult. This is reflected in several recent breaches:

• Uber — November 2017: 57 million records breached because developer credentials were accidentally leaked into GitHub
• Wag Labs — January 2018: On-demand dog walking service publicly leaked both customer’s addresses and lockbox key codes to their corporate website
• Mixpanel — February 2018: Exposed 25% of their customer’s credentials to potentially every system they’ve authenticated into while cookied

Yet, despite the name, traditional Data Loss Prevention (DLP) solutions provide little help to developers. DLP solutions are focused on solving IT-centric problems that are generally initiated by users. How can developers identify data leaks in the applications they build? And how can data leaks be prevented for every version of every microservice in every release?

At ShiftLeft, we’re here to help! We’re offering a free data leakage assessment. It requires minimal effort and you’ll get a wealth of knowledge to harden your app’s security posture. Sign up here:

https://go.shiftleft.io/data-leakage-assessment


Your App is Leaking Data, Its Just a Question of How Badly was originally published in ShiftLeft Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.



This is a Security Bloggers Network syndicated blog post authored by Andrew Fife. Read the original post at: ShiftLeft Blog - Medium