What do travel, food & health websites have in common? Auditing websites & apps for privacy leaks

May 26, 2019, 10:30 a.m. - 11:00 a.m.

Organizations with digital products that lack even the most basic data security practices are living in a utopian world where people leave their safe open and never expect a burglar to walk in. With the advent of SaaS, companies are relying more on more on third-party services for CDNs, analytics, recommendations, loyalty, advertisements, email marketing etc. But not so much effort is being put in ensuring what data is being shared with these third-parties.

As an example:
  • It is a common practice to load fonts from third-party CDNs. But is it necessary for the website to share sensitive data like users' booking IDs in order to load the fonts from a CDN?
  • We will also take a look at extreme cases of impact of security and privacy when it comes to using third-parties.
A data leak is bad in itself, but in the GDPR-era, companies could face huge penalties for such accidental leaks.

At PyConWeb 2019 I would like to showcase how you can use or build on top of mitmproxy, an open source interactive HTTPS proxy.

Takeaways for the audience:
  • Common pitfalls while using third-parties and how apps end up accidentally leaking sensitive data.
  • How can they audit partners before implementing them in production.
  • How they can audit their own apps and bring in privacy checks as part of their software life cycle.

Konark Modi


Get PyConWeb event announcements

No spam, 2 emails per year