“Do button suraksha ke: windows + L. Nadaan mat ban, button daba.”
“Check your cannon before a battle, it could backfire; so could a network”
“I 5ha!! u53 $Trong p@5sw0rdz!”
These are some witty poster lines conceived by different teams at MakeMyTrip during the recently concluded security awareness week, right after our first ever Hackathon. Apart from being India’s largest online travel company, MakeMyTrip has also carved a niche for itself when it comes to being a tech savvy E-commerce company. After days of ideation and garnering commitments from HR, the Leadership-Team members and some reputed internal and external speakers, we decided to put into motion some amazing security related ideas and concepts. The Content and Design teams deserve a special mention for cracking a logo which was - let’s say – AWeSOM!
Yes, the event was (christened) AWeSOM (Awareness Week On Security, Online & Mobile). It was held from 30th April to 4th May 2012 in Tripper’s Villa, Gurgaon. While the week is over, the extraordinary participation from the super innovative folks made it a memorable and hugely successful one.
AWeSOM began with changing the wallpaper of every computer of MakeMyTrip on a Monday morning. The witty and popular ‘security lakshman-rekha’ wallpaper was actually a poster made by Rohan Verma (from the UI team). Poster making competition, the first event of AWeSOM was surprisingly popular with over 16 posters, enough to decorate our display wall and cafeteria!
Day 1 kick-started with the session from Marc Bown (SpiderLabs). Marc spoke on ‘2012: Global threats and trends’, an engaging hour long session attended by participants over Web-ex. This was followed by a super-interactive session by Amit Somani on Privacy & Security.
The subsequent days saw a spree of really insightful and knowledgeable sessions touching areas like Social Hacks, New Wave Hacking Techniques(APT), top 10 OWASP vulnerabilities of most widely used web applications, payment related security, Design & Security (delivered by our UI Head, Dushyant, quite rightly, on Prezi), mobile security and the social media policy of MakeMyTrip. The best part of almost all these sessions was that they were as comprehendible to a techie as to a design, product or marketing guy.
There was an exclusive two-day long certification workshop on Java/J2EE & .NET secure code development that was attended by 48 developers. There were participants galore in this workshop and each participant received a certificate in recognition of his/her efforts.
Another first-time event was a hybrid ‘Capture the Flag’ where Trippers from all departments a) found and b) fixed bugs/improvement areas across the website and mobile apps of MakeMyTrip.
Friday was the grand finale of AWeSOM, a Panel Discussion on the topic: Personalisation & Privacy. The speakers in this 45-minute session were members from the L-team, Marketing, Product and Technology. We all heard them hashing out subjects like privacy, smart phones, call centre, vendor contracts, P3P Policy, customer data and personalisation of site and apps. This last session of AWeSOM was surely the most powerful and action-packed one.
Some more salient features of the week included real ethical hacks on our online products (yes we do that here!), a daily quiz competition and free passes of Super Fight League which were given to winners and participants across various categories.
On a thoughtful note, the effectiveness, participation and practicability of AWeSOM is cajoling us to do such security focused awareness events more frequently, with random awareness sessions in various avatars. After all, it’s better to be dead sure than sure dead!