SlideShare ist ein Scribd-Unternehmen logo

BrowserStack Security Breach. Lessons Learned.

Aditya Patawari
Aditya Patawari

How BrowserStack got hacked and what we learned from it?

Internet
1 von 11
Downloaden Sie, um offline zu lesen
We got hacked. Lessons learned. Aditya Patawari Lead of Systems Engineer at BrowserStack.com Fedora Ambassador and Contributor to Fedora Infra aditya@adityapatawari.com adimania on freenode irc http://blog.adityapatawari.com March 30, 2015 Aditya Patawari We got hacked. Lessons learned.
Topics Monitoring is good. Right monitoring is saviour. Wildcards! Get rid of them. How many machines you got? Who got access to them? Did you patch that? Where is your backup? Logging is on! You need an amazing team. Aditya Patawari We got hacked. Lessons learned.
Monitoring is good. Right monitoring is saviour. Multi location monitoring Monitor unlikely situations like table locks Monitor IP addresses Aditya Patawari We got hacked. Lessons learned.
Wildcards! Get rid of them. Database grant statements will KILL you. Any wildcard ACL is a potential disaster. Aditya Patawari We got hacked. Lessons learned.
How many machines you got? Make an inventory. Make an automated inventory. Aditya Patawari We got hacked. Lessons learned.
Who got access to them? Did you generate generic api keys? Two-factor is amazing How similar is your staging to production? Aditya Patawari We got hacked. Lessons learned.
Did you patch that? So many CVEs CI for security updates? Look at OpenVAS Aditya Patawari We got hacked. Lessons learned.
Where is your backup? Onsite and Offsite, both are mandatory Another AWS region is not offsite Encrypt it Aditya Patawari We got hacked. Lessons learned.
Logging is on! Log your systems centrally Log actions on your hardware/service provider Aditya Patawari We got hacked. Lessons learned.
You need an amazing team. Aditya Patawari We got hacked. Lessons learned.
Questions? Now is your chance :) Aditya Patawari We got hacked. Lessons learned.

Empfohlen

Girl vs Girl
Girl vs GirlGirl vs Girl
Girl vs GirlBirdieasm Gladue
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecurityDeja vu Security
 
Nodeflux : A Distributed Computation Platform
Nodeflux : A Distributed Computation PlatformNodeflux : A Distributed Computation Platform
Nodeflux : A Distributed Computation PlatformTech in Asia ID
 
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdf
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdftechinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdf
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdfseotechinator
 
How AI used in cybersecurity
How AI used in cybersecurityHow AI used in cybersecurity
How AI used in cybersecurityArjitDas2
 
Ethichack 2012
Ethichack 2012Ethichack 2012
Ethichack 2012santhosh kumarRG
 
If i wake evil 360
If i wake evil 360If i wake evil 360
If i wake evil 360John Strand
 
Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Zigoo0
 

Empfohlen

Girl vs Girl
Girl vs GirlGirl vs Girl
Girl vs GirlBirdieasm Gladue
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecurityDeja vu Security
 
Nodeflux : A Distributed Computation Platform
Nodeflux : A Distributed Computation PlatformNodeflux : A Distributed Computation Platform
Nodeflux : A Distributed Computation PlatformTech in Asia ID
 
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdf
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdftechinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdf
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdfseotechinator
 
How AI used in cybersecurity
How AI used in cybersecurityHow AI used in cybersecurity
How AI used in cybersecurityArjitDas2
 
Ethichack 2012
Ethichack 2012Ethichack 2012
Ethichack 2012santhosh kumarRG
 
If i wake evil 360
If i wake evil 360If i wake evil 360
If i wake evil 360John Strand
 
Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Zigoo0
 
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattMicroservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattOpenCredo
 
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...AgileNetwork
 
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptxRole Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptxAmrit Chhetri
 
Metasploit with sholay kick
Metasploit with sholay kickMetasploit with sholay kick
Metasploit with sholay kickSatish Govindappa
 
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chump
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chumpDEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chump
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chumpFelipe Prado
 
The Future of Ops
The Future of OpsThe Future of Ops
The Future of OpsTyler Treat
 
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...DataTalks #4: Необходимый минимум инструментов для построения своей системы р...
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...WG_ Events
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)Patricia Aas
 
Lets make robots
Lets make robotsLets make robots
Lets make robotsSudar Muthu
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptShravan Sanidhya
 
D-Cipher
D-CipherD-Cipher
D-CipherVenkat Sandeep Manthi
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental iiSyaiful Ahdan
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
 
How to start a career in AI and Machine Learning?
How to start a career in AI and Machine Learning?How to start a career in AI and Machine Learning?
How to start a career in AI and Machine Learning?Intellipaat
 
How to Start a career in AI and Machine Learning?
How to Start a career in AI and Machine Learning?How to Start a career in AI and Machine Learning?
How to Start a career in AI and Machine Learning?Intellipaat
 
Ethical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu aroraEthical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu aroraVaishnaviKhandelwal6
 
Fluentd - Unified logging layer
Fluentd - Unified logging layerFluentd - Unified logging layer
Fluentd - Unified logging layerTreasure Data, Inc.
 
Arduino and robotics
Arduino and roboticsArduino and robotics
Arduino and roboticsAbdulazizAlzahrani56
 
How to build observability into Serverless (BuildStuff 2018)
How to build observability into Serverless (BuildStuff 2018)How to build observability into Serverless (BuildStuff 2018)
How to build observability into Serverless (BuildStuff 2018)Yan Cui
 
Networking Overview for Docker Platform
Networking Overview for Docker PlatformNetworking Overview for Docker Platform
Networking Overview for Docker PlatformAditya Patawari
 
Beginning mesos
Beginning mesosBeginning mesos
Beginning mesosAditya Patawari
 

Weitere ähnliche Inhalte

Ähnlich wie BrowserStack Security Breach. Lessons Learned.

Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattMicroservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattOpenCredo
 
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...AgileNetwork
 
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptxRole Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptxAmrit Chhetri
 
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chump
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chumpDEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chump
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chumpFelipe Prado
 
The Future of Ops
The Future of OpsThe Future of Ops
The Future of OpsTyler Treat
 
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...DataTalks #4: Необходимый минимум инструментов для построения своей системы р...
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...WG_ Events
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)Patricia Aas
 
Lets make robots
Lets make robotsLets make robots
Lets make robotsSudar Muthu
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptShravan Sanidhya
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental iiSyaiful Ahdan
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
 
How to start a career in AI and Machine Learning?
How to start a career in AI and Machine Learning?How to start a career in AI and Machine Learning?
How to start a career in AI and Machine Learning?Intellipaat
 
How to Start a career in AI and Machine Learning?
How to Start a career in AI and Machine Learning?How to Start a career in AI and Machine Learning?
How to Start a career in AI and Machine Learning?Intellipaat
 
Ethical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu aroraEthical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu aroraVaishnaviKhandelwal6
 
How to build observability into Serverless (BuildStuff 2018)
How to build observability into Serverless (BuildStuff 2018)How to build observability into Serverless (BuildStuff 2018)
How to build observability into Serverless (BuildStuff 2018)Yan Cui
 

Ähnlich wie BrowserStack Security Breach. Lessons Learned. (20)

Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattMicroservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
 
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...
Agile Mumbai 2022 - Adish Apte & Ashish Sharma | AI/ML Powered & Insights Fu...
 
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptxRole Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
 
Metasploit with sholay kick
Metasploit with sholay kickMetasploit with sholay kick
Metasploit with sholay kick
 
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chump
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chumpDEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chump
DEF CON 27 - ARIEL ADVERSARIEL HERBERT VOSS - don't red team ai like a chump
 
The Future of Ops
The Future of OpsThe Future of Ops
The Future of Ops
 
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...DataTalks #4: Необходимый минимум инструментов для построения своей системы р...
DataTalks #4: Необходимый минимум инструментов для построения своей системы р...
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
 
DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)
 
Lets make robots
Lets make robotsLets make robots
Lets make robots
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking ppt
 
D-Cipher
D-CipherD-Cipher
D-Cipher
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental ii
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 
How to start a career in AI and Machine Learning?
How to start a career in AI and Machine Learning?How to start a career in AI and Machine Learning?
How to start a career in AI and Machine Learning?
 
How to Start a career in AI and Machine Learning?
How to Start a career in AI and Machine Learning?How to Start a career in AI and Machine Learning?
How to Start a career in AI and Machine Learning?
 
Ethical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu aroraEthical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu arora
 
Fluentd - Unified logging layer
Fluentd - Unified logging layerFluentd - Unified logging layer
Fluentd - Unified logging layer
 
Arduino and robotics
Arduino and roboticsArduino and robotics
Arduino and robotics
 
How to build observability into Serverless (BuildStuff 2018)
How to build observability into Serverless (BuildStuff 2018)How to build observability into Serverless (BuildStuff 2018)
How to build observability into Serverless (BuildStuff 2018)
 

Mehr von Aditya Patawari

Networking Overview for Docker Platform
Networking Overview for Docker PlatformNetworking Overview for Docker Platform
Networking Overview for Docker PlatformAditya Patawari
 
Fault Tolerance with Kubernetes
Fault Tolerance with KubernetesFault Tolerance with Kubernetes
Fault Tolerance with KubernetesAditya Patawari
 
Project Atomic - rootconf2015
Project Atomic - rootconf2015Project Atomic - rootconf2015
Project Atomic - rootconf2015Aditya Patawari
 
Project Atomic [rootconf2015]
Project Atomic [rootconf2015]Project Atomic [rootconf2015]
Project Atomic [rootconf2015]Aditya Patawari
 
An introduction to Docker and Project Atomic
An introduction to Docker and Project AtomicAn introduction to Docker and Project Atomic
An introduction to Docker and Project AtomicAditya Patawari
 
Orchestration with Ansible at Fedora Project
Orchestration with Ansible at Fedora ProjectOrchestration with Ansible at Fedora Project
Orchestration with Ansible at Fedora ProjectAditya Patawari
 
Introduction to Puppet and Usage In Cloud
Introduction to Puppet and Usage In CloudIntroduction to Puppet and Usage In Cloud
Introduction to Puppet and Usage In CloudAditya Patawari
 
Foss.in Fedora Mini Conf
Foss.in Fedora Mini ConfFoss.in Fedora Mini Conf
Foss.in Fedora Mini ConfAditya Patawari
 

Mehr von Aditya Patawari (12)

Networking Overview for Docker Platform
Networking Overview for Docker PlatformNetworking Overview for Docker Platform
Networking Overview for Docker Platform
 
Beginning mesos
Beginning mesosBeginning mesos
Beginning mesos
 
Fault Tolerance with Kubernetes
Fault Tolerance with KubernetesFault Tolerance with Kubernetes
Fault Tolerance with Kubernetes
 
Project Atomic - rootconf2015
Project Atomic - rootconf2015Project Atomic - rootconf2015
Project Atomic - rootconf2015
 
Project Atomic [rootconf2015]
Project Atomic [rootconf2015]Project Atomic [rootconf2015]
Project Atomic [rootconf2015]
 
An introduction to Docker and Project Atomic
An introduction to Docker and Project AtomicAn introduction to Docker and Project Atomic
An introduction to Docker and Project Atomic
 
Orchestration with Ansible at Fedora Project
Orchestration with Ansible at Fedora ProjectOrchestration with Ansible at Fedora Project
Orchestration with Ansible at Fedora Project
 
Git
GitGit
Git
 
Introduction to Puppet and Usage In Cloud
Introduction to Puppet and Usage In CloudIntroduction to Puppet and Usage In Cloud
Introduction to Puppet and Usage In Cloud
 
Koji and pulp
Koji and pulpKoji and pulp
Koji and pulp
 
Foss.in Fedora Mini Conf
Foss.in Fedora Mini ConfFoss.in Fedora Mini Conf
Foss.in Fedora Mini Conf
 
Linux and lamp
Linux and lampLinux and lamp
Linux and lamp
 

Kürzlich hochgeladen

Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...SUHANI PANDEY
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceDelhi Call girls
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...SUHANI PANDEY
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 

Kürzlich hochgeladen (20)

Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 

BrowserStack Security Breach. Lessons Learned.

  • 1. We got hacked. Lessons learned. Aditya Patawari Lead of Systems Engineer at BrowserStack.com Fedora Ambassador and Contributor to Fedora Infra aditya@adityapatawari.com adimania on freenode irc http://blog.adityapatawari.com March 30, 2015 Aditya Patawari We got hacked. Lessons learned.
  • 2. Topics Monitoring is good. Right monitoring is saviour. Wildcards! Get rid of them. How many machines you got? Who got access to them? Did you patch that? Where is your backup? Logging is on! You need an amazing team. Aditya Patawari We got hacked. Lessons learned.
  • 3. Monitoring is good. Right monitoring is saviour. Multi location monitoring Monitor unlikely situations like table locks Monitor IP addresses Aditya Patawari We got hacked. Lessons learned.
  • 4. Wildcards! Get rid of them. Database grant statements will KILL you. Any wildcard ACL is a potential disaster. Aditya Patawari We got hacked. Lessons learned.
  • 5. How many machines you got? Make an inventory. Make an automated inventory. Aditya Patawari We got hacked. Lessons learned.
  • 6. Who got access to them? Did you generate generic api keys? Two-factor is amazing How similar is your staging to production? Aditya Patawari We got hacked. Lessons learned.
  • 7. Did you patch that? So many CVEs CI for security updates? Look at OpenVAS Aditya Patawari We got hacked. Lessons learned.
  • 8. Where is your backup? Onsite and Offsite, both are mandatory Another AWS region is not offsite Encrypt it Aditya Patawari We got hacked. Lessons learned.
  • 9. Logging is on! Log your systems centrally Log actions on your hardware/service provider Aditya Patawari We got hacked. Lessons learned.
  • 10. You need an amazing team. Aditya Patawari We got hacked. Lessons learned.
  • 11. Questions? Now is your chance :) Aditya Patawari We got hacked. Lessons learned.