InfoSec is a lot more fun when it's like a spy thriller. Defending apps from attackers and creating security measures to prevent attacks is pretty much on-par with some of our favorite blockbusters. But which came first? Did our favorite movies borrow from InfoSec, or did we get these ideas from the movies? Either way...
Here are our top 7 movies that have great InfoSec practices.
1) Encrypt sensitive disks: Johnny Mnemonic had to find the key to unlock the data in his head before it ate his brain.
2) Alert on app errors: In Conspiracy Theory, Jerry Fletcher balances a bottle on the door knob to alert him of intruders testing to see if it's locked.
3) Deploy good monitoring and alerting: Kevin McCallister did it best in Home Alone when he set up triggers around the doors and windows, wherever it's easy to get in. In the InfoSec world, PagerDuty and Datadog would be a great place to start.
4) Run periodic internal and external port scans and pen tests: The best hackers will always find a way in unless your Blue Team is as thorough as Danny Ocean in Ocean's 11.
5) Test access revocation and internal password rotation: Speaking of changing passwords, better to be safe than sorry by testing your user access revocation process. You definitely don't want to run into a user that looks legit but is really malicious like this awkward run-in from Oblivion.
6) Run your app(s) as an unprivileged user: A great slight-of-hand trick for any AppSec aficionado. Your attacker thinks they've got access to your app, but it's really a trap like in Now You See Me 2. They thought they were escaping into their getaway car but ended up captured and in China. The easiest way to get this done on your app is to write a start script which de-escalates privileges and tada!
7) Finally, never authenticate with your body: Ok, so maybe they didn't get this right, but it's good advice. You never want to give someone a reason to cut out your eyeball like in Minority Report. Ouch, just ouch.