From the course: Threat Modeling: Information Disclosure in Depth
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Metadata management
From the course: Threat Modeling: Information Disclosure in Depth
Metadata management
- [Instructor] The simplest defense is to not store metadata. If you have to have metadata, hide it where it won't be seen. A folder called Client 1 is less interesting than a folder called Blackmail Photos. If you're working on a search feature that works over many accounts, you need to think carefully about the use of non-public data for searching. For example, if I enter your phone number or email, do I get your profile? Do I get a list of your contacts? Do I get a list of people who have you in their contacts? I've been surprised to see doctors and lawyers who I'm working with start showing up in my social media feeds unexpectedly. Starting with phone numbers, test with random ones, that of a suicide prevention hotline, and your own. What's that, you're worried about what comes up with your phone number? Good, fix the problem, not the test case. There is an important variant here, which is what we might call…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.