Women Who Code Cybersecurity Speakers Session at Ground Labs

Data Breaches

22/07/2019

The Cybersecurity Speakers Session, organized by the Singapore chapter of Women Who Code (WWCode), took place on 9th July 2019 at Ground Labs’ Singapore office. The event offered a chance to hear from influential speakers on the subject of cybersecurity, privacy and personal data protection in today’s digital world. 

Choong Yue Lin – Director of Women Who Code Singapore Network – kicked off the event by introducing WWCode, a global non-profit organization with a mission to inspire women to excel in technology careers. WWCode has a special hashtag, #ApplaudHer, used to celebrate and acknowledge professional accomplishments of WWCode members. Yue Lin thanked Ground Labs for their support and invited Steve Cavey – Co-Founder of Ground Labs – to say a few words. Steve welcomed all guests and said it was an honor to host the event, praising WWCode as an “awesome movement”. Steve shared that Singapore was “Ground 0 where all the magic happens” as the bulk of the engineering team was currently based in Singapore, and encouraged guests to approach the team if they wished to learn more about Ground Labs. 

Magda Chelly, Ph.D – Managing Director at Responsible Cyber Pte. Ltd., CyberFeminist 

This session was about “Why Cybersecurity Matters to Developers?”. Magda asked the fifty-strong crowd a question: What does Cloud mean? “A computer or a server connected to someone else’s network” was a suggestion given. Magda prompted the audience to question who they trusted the most, and if a third party’s computer or server could be a trustworthy equipment to ensure the security and privacy of their digital assets? “It might be”, she stated. However, cloud security is a shared responsibility model, where the user also needs to understand his / her responsibilities.
Magda pointed out that Privacy and Security By Design (PSBD) needs to be embedded throughout the software development cycle. She stressed on the importance of the three pillars of Cybersecurity: People, Process and Technology, which need to be addressed for an efficient cyber strategy. She explained the importance of getting the fundamentals of Cybersecurity right, starting with secure coding practices from developers. Magda described Open Web Application Security Project (OWASP) Top 10 security controls as practicing basic hygiene, and did not constitute sufficient security measures. Additional security vulnerabilities that an application might be exposed to (e.g. user access privilege escalations) meant that the developers also needed to understand the business logic and data flows of the application itself in order to spot potential vulnerabilities that could be exploited by hackers and cybercriminals. Magda reiterated the need to have the right fundamentals to code an application that was resilient to attacks to ensure the confidentiality, integrity, and availability of data. She also described the importance of external testing, or penetration testing, before launching an application into production.
Before ending her session, Magda encouraged all the ladies in the audience to sign up for the Capture-The-Flag (CTF) for Girls event in Singapore, the very first hackathon for girls in Singapore.

Magda’s website: https://www.linkedin.com/in/m49d4ch3lly/ 

Ben Dechrai – Technologist, Developer Evangelist at Auth0 Inc.

Ben, a supporter of the WWCode movement, had flown in from Australia to be part of the event. His session, titled “Beyond Default CMS Logins”, comprised of a live demo using the Auth0 plugin to ramp up the security for WordPress where security traditionally has been a challenge, particularly when multiple WordPress plugins are used. A common problem for developers was achieving single-sign on, multi-factor authentication flows while meeting password complexity requirements in a short turnaround time. Using an authorization platform such as Auth0, different authentication flows could be configured easily within Auth0 without a single line of code change from developers, allowing developers to focus on making the (company’s) product better. Ben demonstrated how to use the Auth0 Management API to setup the Auth0 API as the identity manager for an application.

Ben’s website: https://bendechrai.com/

Alice Ou – Senior Software Development Engineer at Ground Labs Pte. Ltd.

It was fitting that Alice talked about “Personal Data Protection in Today’s World”. Alice shared a staggering statistic where more than 14 billion data records have been breached since year 2013, with only 4% of those incidents being Secure Breaches where data was encrypted. Data security breaches can cause extreme negative impact on individuals, including life threatening situations if an individual’s health data was manipulated. Lack of data protection measures also impacted an organization’s reputation, as demonstrated when an American credit rating agency downgraded a well known publicly listed data analytics and technology company from a stable to negative rating outlook due to the company’s cybersecurity issues. Alice noted that data security issues were so critical today that governments across the globe have started enforcing data protection legislation (e.g. GDPR, CCPA, PDPA etc…) to ensure organizations better protect customers’ data privacy and security. Alice discussed the most common causes of data breaches, with hacking, malware, and physical attacks identified as the top three causes. To avoid physical attacks, Alice’s advice was to be vigilant, strengthen your body with regular exercise, and to run away as fast as you can! Alice recommended fellow developers to adopt secure coding practices, including heeding compiler warnings instead of disabling them, perform code reviews, and applying the principle of least privilege. Alice closed with an image of a car park barrier in the middle of the street, with snow marks revealing how cars just drove around the barrier to avoid hitting it. The image nailed the point of Alice’s sharing: it is essential to implement truly secure systems with security measures that cannot be circumvented by users, instead of using a system that appears secure but contains vulnerabilities that can be easily exploited.

It was a great sharing session which would not have been possible without the dedicated organizers at WWCode, and the hospitality of Ground Labs, who also provided tasty refreshments for the event. Sarah Qin, a System Analyst, said the session was very informative. Deborah Cai, a DevOps Engineer, shared that it was an interesting session and looked forward to similar events in the future.

A quick video of the event highlights is available on YouTube:


wwc-play

More information


Ground Labs is a sensitive data discovery software company with a mission to help companies of all sizes avoid being the next data breach news headline.

Anne Chew

Author
Anne Chew

Stay ahead of hackers

Sign up for our monthly security
newsletter and stay ahead.



Copyright © 2019 Ground Labs Pte Ltd – All rights reserved | Legal | Privacy | EULA

It's time to find your data

Enterprise Recon User Interface

What kind of data do you want to protect?

Choose the software that matches your requirements. 1 or 100,000 systems? We have the products to help you.

Enterprise Recon

5 – 100,000 Systems
Enterprise-ready solution
priced for organisations of any size.
Includes PCI, GDPR, HIPAA and more.

Check Out Enterprise Recon

Card Recon

1 – 5 Systems
Stand-alone tool for manual
PCI scanning on single machines.

Check Out Card Recon

Resource Centre

Resources-image

Want to learn more?

Visit these pages for product support, knowledge base, case studies, events and more.

Support

Have a question or
looking for Docs?
Our dedicated support team are here to help.

Get Support

Case Studies
& White Papers

Detailed case studies from some of our current customers.

Learn more

Blog

Stay up-to-date with recent cybersecurity trends and topics.

Stay Up To Date

Events

We have a global events structure in place, click below to see where we are next.

Meet us

It's time to find your data

Enterprise Recon User Interface

What kind of data do you want to protect?

Choose the software that matches your requirements. 1 or 100,000 systems? We have the products to help you.

Enterprise Recon

5 – 100,000 Systems
Enterprise-ready solution
priced for organisations of any size.
Includes PCI, GDPR, HIPAA and more.

Check Out Enterprise Recon

Card Recon

1 – 5 Systems
Stand-alone tool for manual
PCI scanning on single machines.

Check Out Card Recon

Resource Centre

Resources-image

Want to learn more?

Visit these pages for product support, knowledge base, case studies, events and more.

Support

Have a question or
looking for Docs?
Our dedicated support team are here to help.

Get Support

Case Studies
& White Papers

Detailed case studies from some of our current customers.

Learn more

Blog

Stay up-to-date with recent cybersecurity trends and topics.

Stay Up To Date

Events

We have a global events structure in place, click below to see where we are next.

Meet us