4 Ways to Identify Microservices Leaking Critical Data

The fastest growing problem in application security is data leakage. The adoption of microservices, combined with increasingly shorter development cycles, means that understanding how critical data flows into, within, and out of an application is more complex than ever. While microservice architectures have increased efficiency in innumerable ways, they can also silo developer knowledge such that understanding how every other service handles data, and what each service defines as sensitive, is incredibly difficult.

Hence, numerous examples of critical data leakages have lead to recent breaches:

• Uber - November 2017: 57 million records breached because developer credentials were accidentally leaked into GitHub
• Wag Labs - January 2018: On-demand dog walking service publicly leaked both customer’s addresses and lockbox key codes to their corporate website
• Mixpanel - February 2018: Exposed 25% of their customer’s credentials to potentially every system they’ve authenticated into while cookied  

Yet, despite the name, traditional Data Loss Prevention (DLP) approaches provide little help to developers. DLP solutions are focused on solving IT-centric problems generally initiated by users’ behavior. How can developers identify data leakages in the applications they build? And how can it be accomplished for every version of every microservice in every release? This webinar will cover:

• Why data leakage is increasing in its complexity
• How-to address underlying factors driving the challenge
• Traditional DLP approaches
• Web application firewalls
• Source code analysis
• Semantic graphing
• ShiftLeft overview & demo

Presenters of the Webinar

Chetan Conikee
Chetan Conikee
Etan Lightstone
Etan Lightstone