As an Advisory CISO – Global for Duo Security and founder of Liquidmatrix Security Digest, Dave Lewis understands only too well the risks posed by the web.
In his talk at Codemotion Berlin, The Se7en Deadly Sins Of Web Security, Dave discussed how not all websites take security as seriously as they should.
Greater security these days tends to lead to greater vigilance. So Dave’s views on security versus privacy were quite unexpected.
“I fully endorse both. I do not see them as working at odds with each other. There are governments who would seriously disagree with me on that particular point. But I’m very much a champion of protecting folks, making sure their privacy, their data is secure. I do not believe in giving unfettered access to data by third parties.”
Dave cited his own experience of seeing websites for financial services organisations that only permitted a four-character password, ones that would expose customer data with a simple trick.
He added that these are just some examples of the errors that can happen when deploying a site. In his talk, he provided examples of poor implementations, code errors and how security can be better deployed.