Security Journey's hi/5

Exact Dependencies, Insecure Design, How To Learn Stuff Quickly and more


Listen Later

How to Learn Stuff Quickly: https://www.joshwcomeau.com/blog/how-...
Learning how to learn is a crucial skill of the security professional and developer

Never Update Anything: https://blog.kronis.dev/articles/neve...
"In my eyes, it could be pretty nice to have a framework version that's supported for 10-20 years and is so stable that it can be used with little to no changes for the entire expected lifetime of a system."

Bridges fall down due to insecure design - make sure your web applications don't: https://www.securityjourney.com/post/...
This principle also applies to web applications, which is why the new #4 on the OWASP Top 10 2021 list is Insecure Design. ​

Pin exact dependency versions: https://betterdev.blog/pin-exact-depe...
Use a dependency manager that creates a lock file and commits it to the repository. Even then, pin your dependencies - explicitly specify their exact versions.

Financial services need to prioritize API security to protect their customers: https://www.helpnetsecurity.com/2021/...
Given this growing trend, Knight focused her vulnerability research on the financial services and FinTech companies and was able to access 55 banks through their API's, giving her the ability to change customers' PIN codes and move money in and out of customers accounts.

...more
View all episodesView all episodes
Download on the App Store

Security Journey's hi/5By Security Journey