Hello from the internet!

In this episode we go retro and look at the origins of JavaScript and how we it has become so ubiquitous in the development of the web

Enjoy the episode!

Hello from the internet!

In this episode, we continue our walk in the badlands of development as we review the seemingly impossible task of securing our applications.

Enjoy the episode!

Hello from the internet!

In this episode we will be talking to a very special guest! Steve Streeting! If you are into source control, this episode is for you.

Enjoy the episode!

Hello from the Internet

In this we count down the OWASP TOP 10 and explore the implications of each of the issues that we should be looking at in securing our applications.

Enjoy the show!

## Show Notes

- [OWASP](https://www.owasp.org/index.php/Main_Page)

- [OWASP TOP 10 for 2017](https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf)

### 10. Logs

- Insufficient Logging and Monitoring - https://www.owasp.org/index.php/Top_10-2017_A10-Insufficient_Logging%26Monitoring

- Graylog - https://www.graylog.org/

- Logstash (ELK) - https://www.elastic.co/elk-stack

### 09. Components

- https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities

- Safety - Python - https://pyup.io/safety/

- Ruby - http://guides.rubygems.org/security/

- Node - Node Security - https://github.com/nodesecurity/nsp

### 08. Deserialization

- https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization

### 07. XSS

- https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS)

### 06. Security Misconfiguration

- https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration

- How to harden a Linux server:

- https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-123.pdf

- https://medium.com/viithiisys/10-steps-to-secure-linux-server-for-production-environment-a135109a57c5

- https://www.cyberciti.biz/tips/linux-security.html

### 05. Broken Access Control

- https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control

- Firesheep - https://codebutler.com/projects/firesheep/

### 04. XML External Entities

- https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE)

- Billion Laughs Attack - https://en.wikipedia.org/wiki/Billion_laughs_attack

### 03. Sensitive Data Exposure

- https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure

- PCI DSS - https://www.pcisecuritystandards.org/pci_security/

- GDPR - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

- Password Hashing - https://crackstation.net/hashing-security.htm

- Best practice for SSL + TLS

- https://www.ssllabs.com/ssltest/

- https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/

- Let’s Encrypt - https://letsencrypt.org/

- CipherList - Strong config for Apache / Nginx https://cipherli.st/

### 02. Broken Authentication

- https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication

- Horse staple - https://xkcd.com/936/

- NIST - https://www.passwordping.com/surprising-new-password-guidelines-nist/

- Rainbow tables - http://project-rainbowcrack.com/table.htm

- Google 2FA

- Authy - https://authy.com/

- Duo - https://duo.com/

### 01. Injection

- https://www.owasp.org/index.php/Top_10-2017_A1-Injection

- Bobby Tables - https://xkcd.com/327/

- Misc

- Nessus - https://www.tenable.com/products/nessus/nessus-professional

- OpenVas - http://www.openvas.org/

- ZED Attack Proxy - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

- zxcvbn: realistic password strength estimation - https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/

- Be afraid, be very afraid - https://attack.mitre.org/wiki/Main_Page

Hello from the internet

In this develop episode we have the pleasure of talking with Docker Captain Bret Fisher and with Grant Shepert about Docker, how it is used and the upcoming MuraCon Conference!

Enjoy the show!

Hello from the internet!

In this episode Rob and Mark discuss the use of Version Control and where it comes from, what are the best tactics and where we are going with it!

Enjoy the show!

Hello from the internet!

In this episode Rob and Mark explore the vast landscape of the "noSQL" category of software. Not Only SQL might not be the best name but we try to get a better handle on what it is.

Enjoy the show!

Hello from the internet!

In this episode Rob and Mark take a brief look back at Season 1 and what we managed to cover. We then take a sneak peek into what we will be talking about in this year's Season 2

Give us feedback on http://bit.ly/localhostfeedback

Hello from the Internet!

In this episode we explore the idea of the "twelve factor application" which allow you to deploy scalabale applications or software as a service type systems.

Hello from the Internet!

In this episode we discuss and explore the technical debt that can get stored in our projects.

We go over what technical debt is, how it happens, and what we can do to mitigate it!