Organizations with digital products that lack even the most basic data security practices are living in a utopian world where people leave their safe open and never expect a burglar to walk in. With the advent of SaaS, companies are relying more on more on third-party services for CDNs, analytics, recommendations, loyalty, advertisements, email marketing etc. But not so much effort is being put in ensuring what data is being shared with these third-parties.
As an example:
- It is a common practice to load fonts from third-party CDNs. But is it necessary for the website to share sensitive data like users' booking IDs in order to load the fonts from a CDN?
- We will also take a look at extreme cases of impact of security and privacy when it comes to using third-parties.
A data leak is bad in itself, but in the GDPR-era, companies could face huge penalties for such accidental leaks.
At PyConWeb 2019 I would like to showcase how you can use or build on top of mitmproxy
, an open source interactive HTTPS proxy.
Takeaways for the audience:
- Common pitfalls while using third-parties and how apps end up accidentally leaking sensitive data.
- How can they audit partners before implementing them in production.
- How they can audit their own apps and bring in privacy checks as part of their software life cycle.