Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
We Hack Purple Podcast - We Hack Purple Podcast Episode 73 with Amanda Crawley

We Hack Purple Podcast Episode 73 with Amanda Crawley

We Hack Purple Podcast

05/08/23 • 51 min

plus icon
bookmark
Share icon

In episode 73 of the We Hack Purple Podcast, host Tanya Janca talks to guest Amanda Crawley of 1Password! We talked about how developers need special tools to help them do their jobs, securely, then we chatted about several things that can help them, especially password managers! Developers are huge targets for malicious actors and Amanda shared TONS of ways devs can protect themselves, and their companies they work for:
• Keep everything up to date - phones, computers, routers, all software (apple just released an update to fix actively exploited vulnerabilities!)
• Use strong, unique passwords. Change passwords when:
◦ The respective service recommends a password change, or;
◦ The password has been shared with individuals who are no longer authorized to use the password, or;
◦ The password has been used for another service.
• Use encryption
• Follow your company’s security policies
• Don’t disable your operating system’s malware detection (Windows Defender, XProtect)
• Vet your third party libraries and dependencies, and then keep an eye on them to make informed decisions about updating
• Follow the principle of least privilege - people can’t be compromised for things they don’t have access to
• Consider non-SMS based 2FA (google authenticator, 1Password, yubikey), but any MFA is better than none
◦ Something you know (pin, password)
◦ Something you have (token, hardware key)
◦ Something you are (biometrics)
• Don’t store user data locally (if you need it, delete immediately after you’re done with it)
Things you can do today!
• Audit connected oauth apps (to social media platforms, github, etc)
• Delete old accounts
• Check haveibeenpwned.com
• Check your router for firmware updates (I did this yesterday)
Developer hack examples
https://thehackernews.com/2023/03/lastpass-hack-engineers-failure-to.html
https://www.upguard.com/blog/what-caused-the-uber-data-breach
https://en.wikipedia.org/wiki/2017_Equifax_data_breach
https://www.zdnet.com/article/anatomy-of-the-target-data-breach-missed-opportunities-and-lessons-learned/
https://www.synopsys.com/blogs/software-security/heartbleed-bug/
Links From Amanda:
· https://1password.com/developers
· https://1password.com/developer/student
· https://education.github.com/pack
· https://hashnode.com/hackathons/1password
Very special thanks to our sponsor: Women’s Society of Cyberjutsu!
Women’s Society of Cyberjutsu are hosting CYBERJUTSU CON 4.0 and the 10th Annual Cyberjutsu Awards on June 24, 2023!!! The con Con will consist of Hands-on Workshops, Capture The Flag (CTF) Competitions, Professional Headshots, Recruiting
Opportunities, Celebration, and more. Participants will walk away with hands-on knowledge that can be applied immediately on the job. You can check out the event here:

05/08/23 • 51 min

plus icon
bookmark
Share icon

Generate a badge

Get a badge for your website that links back to this episode

Select type & size
Open dropdown icon
share badge image

<a href="https://goodpods.com/podcasts/we-hack-purple-podcast-273079/we-hack-purple-podcast-episode-73-with-amanda-crawley-33009545"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to we hack purple podcast episode 73 with amanda crawley on goodpods" style="width: 225px" /> </a>

Copy