Unit 1-3 Discussion Summary

Yusuf
Written by Yusuf on
Unit 1-3 Discussion Summary

Creating proper data management should be an important matter in software development. In the 2017 top ten list, Sensitive Data Exposure (SDE) were included. Although it’s not on the list anymore, sensitive data issues are still happening in my home country Indonesia no matter who owns the application – governments, even modern start-ups.

There are several ways to mitigate this issue, even OWASP detailed a list of actions to prevent SDE from happening. I also received feedback from my peers on my initial post that address this issue. To summarize, the best way to prevent this issue, it’s all about putting attention to the problems and strategising about them.

One of my classmates, Ian Wollof, said to use a technology called row-level security, which will restrict access to sensitive data while keeping the non-sensitive data accessible. My other classmate, Yin Ping, suggested developers should differ queries for different users. On the other hand, my argument is to model the database into different layers (e.g. secured, public) and set up the read or write access properly.

From this discussion, I can conclude that no matter what, putting attention to data is the most important step. About how the strategy is, we can be creative about it, as we all know also there’s no one solution for all. We have to adjust according to our current situation. And it might be different from one place to another.

There are tons of services we can use nowadays. Amazon Macie from AWS, Cloud Data Loss Prevention, or OLS from Oracle is several examples of those tools.

It’s also important to mention that during user testing, cases to test should not only be about making sure the end-user features are working properly, but also security measurements testing.

Yusuf

Yusuf

My world spins around data and games. Currently helping an eSport team to sit on the SEA throne through data and a master student.

Comments

comments powered by Disqus

Explore more like this

ssd
SSD Reflection

SSD Reflection

As technology advances, there is a security trade-off along with it – that is new vulnerabilities (Scheneier, 2014). An article said that the rate of cybercrime is growing consistently with...

Yusuf Yusuf 30 May 2022
Final Project Evaluation

Final Project Evaluation

Our final product is different from our design proposal document. Several features that we committed earlier was deprioritized. Those features are Trust-based authorization and encrypt-decrypt based on user key. Trust-based...

Yusuf Yusuf 28 May 2022
Unit 8-10: Collaborative Discussion 2 Summary - TrueCrypt

Unit 8-10: Collaborative Discussion 2 Summary - TrueCrypt

From the report, we can see that there are vulnerabilities contained within TrueCrypt ranging from low to medium severity (Junestam & Guigo, 2014),. In addition, these issues are bugs rather...

Yusuf Yusuf 26 May 2022