LinkedIn is among the world’s most popular social networking platforms with over 300 million members. With all those members, there is a whole lot of personal data and many reasons why attackers might see LinkedIn as an attractive target. Protecting LinkedIn and its members is the job of Cory Scott, director of information security at LinkedIn, and his team, and it’s a job that involves integrating security throughout the LinkedIn platform.
In a video interview with eWEEK, Scott details the process and some of the security technologies used by LinkedIn.
“It’s not our data; it’s our members’ data and we always evaluate products through that lens,” Scott said.
Scott explained that it’s important that members who have a legitimate need get access to data, while at the same time making sure that data is not scraped wholesale. LinkedIn also supports multiple forms of access control, including two-factor authentication (2FA), to help further protect user accounts. Going a step further, Scott commented that if LinkedIn notices that a member’s credentials have shown up somewhere on the Internet in a password dump, LinkedIn will proactively reset the user’s password.
From a platform perspective, Scott said that LinkedIn’s security staff has the concept of “office hours” where product groups can come to his team with questions or concerns. Additionally, LinkedIn products go through a security evaluation as part of the production deployment process.
In an effort to further help its developers, LinkedIn also has taken some proactive steps to improve Web security. One of those steps is found in LinkedIn’s site template.
“Our template language for LinkedIn automatically escapes all active content to prevent cross-site scripting [CSS] vulnerabilities,” Scott said. “So the developers don’t have to worry about that.”
Watch the full video interview with Cory Scott below:
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.