In my post about wanting a professional hacker (which I now know to be a process called penetration testing), @Dave pointed out that often the issue isn’t about your site being targetted, but your own storage of information about the site - passwords, auth keys, .pem files etc.
So I’m curious to know what lengths you go to and what techniques you use to protect those things, while at the same time not losing them if you have a device go down.
I was referring to the larger organsisations out there as an example of how it is sometimes easier to go after the teams of engineers and gain access to the core of the project. For us small time developers it would be unusual to be targeted in such a manner. But then again if you have something that interferes with an established business and is valuable you could also become a target. Social Engineering is the most successful type of attack in this circumstance. It is far easier to target a human then to target a corporate network. Its not difficult to find individuals involved in large projects or teams. If the requirement is such they will be monitored. Where they go for lunch. What type of woman they like, the clubs they attend, where they live, what car they drive. This is a costly route to source but for some money is not an issue when it comes to business and threats that could harm that business.
Connection details and keys should always be secured. Use development areas to stage projects before deployment. Any confidential information should be stored safely. If it is so important you probably shouldn’t have it on your work box. Maybe an air gap set-up whereby you have a single machine offline with no wi-fi or network connectivity… Then transport the data by USB from one to another system. You could go so far as to become ridiculously paranoid about all this but for most of us it is a far off concern.
So many factors Antony. I really don’t want to scare monger as the rarity of these types of attack on the average Joe-Blogs stay at home coder are not really a threat…
Too much shared information on forums, Stack Overflow, Social Media… Great material to build the basis for an attack. More often then not its all too common to find quite critical details in this way. Think about Silk Road and how that all came crashing down (a simple email on a forum lead back to DPR). Similar situations often arise. The information is already out there in some circumstances. You just have to be persistent in locating it. In essence never share too much nor ask questions that can lead back to you and your assets or reveal too much of its inner workings, structure, and deployment.
I like that idea, Dave.
If successful with my app, I probably will rattle the cages of some big players in a few years time… so I’m keen to have all the right procedures in place from the start! 
Work locally until the project is complete and then deploy. Monitor and record all your core file sizes, then regularly scan for any changes. Know your code. Clean up after yourself. Don’t upload test files or incomplete code. Do this all locally. If it is in development keep it in development and don’t upload it until it is out of development. Don’t just grab every library that makes things easy. Investigate them, research them to locate any possible issues before simply deploying them with little knowledge other than knowing it does what you want. Protect the database! This is obviously where all your information is and should be secure. Even the best of the best make mistakes, often very simple yet with massive consequences. And learn about what you are trying to protect against! Learn how to read log files, where they are located, what details they record. All basic stuff for system administrators. Not usually something a designer/developer has to think about, but when you are the team, you undertake all the roles, it then becomes your responsibility.
An example of a tool we would employ, just one tool in a big toolbox, just to give you a small idea…
Then you have an OS like Kali Linux with a multitude of tools including the Metasploit project. Maybe a good place to start with the many auditing tools contained within Kali…?
Hahahah and finally:
Sort of sums it up really!
I still can’t understand why they didn’t continue producing it. What a loss!
Also…WTF with the title of this topic??? 
Hahahahaha man when I used to discuss my job with people outside of the industry the looks I got when I said I worked as a Penetration Tester were priceless!
Well sad they stopped making it. So many story-lines could be created with such an awesome cast. The fridge incident is among my most favored though. The lengths a hacker will go to satisfy the mind and self is absurd, including using a cluster to brute force a fridge. I’ve known people to get so obsessed they would do the same as Gilfoyle!
It’s so good that I know I will see it again one day. It’s a shame indeed. One of my favorites scenes was when they were going to pivot and Jared surveyed people outside the convention place.