Week 1: Lab Attack Simulation
Choice made | Why |
---|---|
I choose to use a 3rd party pentester to try to find any vulnerabilities with the application. | This wouldn't delay the launch of the app as much as working on it internally. If they leak any sensitive information we can sue them if they break contract. |
I choose to pick the middle priced solution which was a 3rd party team that was recommended by an internal employee. | They have a good reputation and were vouched for by an internal employee. It doesn't cost too much either. |
Use internal active directory to enforce strict access policies. | This prevents unwanted access from non authorized employees. It is also the cheapest option. |
I choose to encrypt my intellectual property because IP can be one of the must valuable things a company has. | In the case of an attack the attacker would be able to only steal our encrypted data. |
I choose to invest in breach technology. | This means we can see and respond to a breach in data as soon as possible. |
I choose to let the journalist test the app in a controlled environment. | This gives us the press coverage we need for the app but also limits what the journalist can do in the app. |
I choose to refuse to the let the journalist test the application outside of the company environment. | This is to reduce any risk of unwanted individuals finding day one exploits of my application. |
Use the breach detection software. | We payed for it so we are gonna use it. |
We deployed our app with no security issues!!!!! |
Last updated