Level: Low Tech

Everybody’s focus is on the security of PaaS services (such as AWS), but are we paying enough attention to the security of data in our SaaS applications?

We believe that the security of third-party integrations is an underestimated point of risk, given the general belief that vendors will take care of their applications’ security. However, the new world of interconnected SaaS applications creates new risks which have not yet been examined in sufficient detail. Even though your primary vendor may be secure, what if your data is leaked to vendors which are insecure or malicious? With the use of custom interconnectivity methods and limited protocols such as OAUTH2, the permissions of integrations are often questionable and hard to understand.

Do you use Jira? Slack? Have you looked at webhooks? Do you have unknown Google Integrations? Do you understand the permissions these apps can use?

These are just a few ways how apps may be unknowingly leaking your data to third parties. This talk will be focused on highlighting some of the lesser known ways to check if your SaaS application is leaking your data and also provide mitigation strategies to reduce these risks.

Want to know more? Then this talk is for you!

Boris Sieklik is a Senior Director of Information security at MongoDB and a strong believer in cybersecurity being a business enabler. He has more than 10 years of experience in cybersecurity leadership roles across different industries including Finance, Anti-malware and Tech and companies. Previously, he published a new DDoS amplification attack which was covered in international media. He holds a number of certifications including OSCP, CeH and others. Additionally, Boris holds a MSc with Distinction in Advanced Security and Digital Forensics from Edinburgh Napier University and First Class BSc. in Computer Networks from Middlesex University London.


[Slides (PDF)] [Recording (MP4)]

Comments are closed.