The work on the application that deals with FinTech, MedTech or other kinds of sensitive PII (personal identifying information) requires high attention to security. There are different kinds of threats: risk of internal data leakage, a risk of infrastructure hacking, a risk of vulnerabilities inside the app e.t.c. This becomes even more complicated if the development or QA are outsourced.
In this talk I will cover the following topics:
— Protecting PII using data obfuscation during development and QA.
— Secure alternatives for storing the credentials in the config files or environment variables.
— Various techniques of encrypting data inside your app.