Off Script

Episode 08: Web application security

Listen Later

Today, Off Script hosts Josh and James discuss all things web application security. It’s something that is getting more and more important to get right. More cyber attacks. More ransomware attacks. They address good application hygiene and the common pitfalls they are seeing people fall for. Big data breaches can lead to losing customer trust so it’s so important to makes sure you’re running a tight ship with security.

Basic security maintenance is essential but what can companies and individuals be doing to make sure their web applications are secure during a time of high value bug bounties being offered to people for finding vulnerabilities?

  • Bug bounties. The positives, negatives and relevancy to different sized agencies
  • The use of bots to find MongoDB vulnerabilities
  • Encrypted vaults
  • The Slack issue
  • How hard is it to put secure processes in place from the start?
  • Canary and environment variables
  • If you’re a security researcher, what do you do with responsible disclosure?
  • The fine line between helping the hackers and helping the community
  • What makes a good, secure app?
  • Package managers
  • Modern libraries making it obvious when you are doing a bad thing
  • Open pull requests
  • Get your house in order with OWASP
  • Frameworks and the early standards they set with password management and security hygiene
  • Importance of rotating keys
  • Human interfaces and the floors surrounding them
  • What can we learn from Twelve-Factor?
  • Github Workspaces and recreatable environments
  • The issues of convenience
  • Macs vs dev accessibility and Windows catching up
  • Github and Atom
  • Good, automated test suites
  • How to have a good view on what makes a good security test
  • Falling into the trap of feeling productive
  • Sitting down with the team to discuss testing value and priorities
  • The creativity of SQL injection
  • Reinventing the wheel
  • Dangers of writing an encryption tool and importance of getting an external security company

    • Resources:

    • GitHub Security Bug Bounty
    • snyk
    • Yarn
    • The Open Web Application Security Project
    • 12 Factor
    • Hyper

      • Find out more about Stac and Parallax:

      • Stac
      • Parallax
        • ...more
        View all episodesView all episodes
        Download on the App Store
        Off ScriptBy Hey! Presents

        More shows like Off Script

        View all
        Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

        Syntax - Tasty Web Development Treats

        990 Listeners

        The Recruitment Mentors Podcast by Hishem Azzouz

        The Recruitment Mentors Podcast

        23 Listeners

        The Rest Is Politics by Goalhanger

        The Rest Is Politics

        3,290 Listeners