Posts marked with “security”

The Art of Data

by · December 2, 2021

0
 

This month, we dive into Libsodium, discuss gatekeeping, learn more about data access, and why even something that might be considered a “small bug” can cause massive damage. I’m not sure how many people read these Editorials. It’s even been explained to me that this isn’t an “Editorial.” Ha, the joke’s on them; I’m not […]

 

Interview with Vinícius Campitelli

by · November 26, 2021

0
 

Eric Van Johnson and John Congdon interview feature contributor Vinícius Campitelli about his article Cryptography with Libsodium. According to the just-released 2021 version of OWASP Top 10 (a curated list of the most critical web application security risks out there), “Cryptographic Failures” are the 2nd most important of the many security concerns we should have […]

 

The Art of Data

by · November 11, 2021

0
 

This month, we dive into Libsodium, discuss gatekeeping, learn more about data access, and why even something that might be considered a “small bug” can cause massive damage.

 

Security Corner: No Bug Too Small

by ·

0
 

Every bug report, even the innocuous-looking ones, could be evidence of a fatal flaw in your application. You owe it to yourself and your customers to vet and audit any report, even if it lacks proof-of-concept, exploits code, or feels like an extremely hypothetical edge case. by Eric Mann

 

Cryptography with Libsodium

by ·

0
 

According to the just-released 2021 version of OWASP Top 10 (a curated list of the most critical web application security risks out there), “Cryptographic Failures” are the 2nd most important of the many security concerns we should have as web developers. These concerns include a lot of misuses of cryptographic systems, like choosing weak algorithms, […]

 

Security Corner: Updating the OWASP Top Ten

by · October 20, 2021

0
 

The Open Web Application Security Project (OWASP) is a non-profit that focuses on web security research, training, and documentation to help developers make the world a safer place. They regularly collate application security risks seen in the wild and publish a list of the most frequently encountered issues. This list, the OWASP Top Ten, is […]

 

Security Corner: The Pit of Success

by · September 11, 2021

0
 

Security is often difficult to get right, even for those who are experts in the field. Mistakes are easy to make and result in our users falling into a pit. All developers should practice a stance of “security by default.” Doing so means ensuring that any mistakes land users in a pit of success rather […]

 

Security Corner: Multifactor Authentication

by · August 14, 2021

0
 

A modern security best practice is to both implement and require a form of authentication beyond a simple password. This practice is known as “multifactor” authentication, as users will have a primary factor—their password—and a secondary factor to successfully authenticate to an application. Proper implementation of a multifactor authentication scheme keeps your application and its users safe and secure by […]

 

Security Corner: Evaluating Password Strength

by · July 14, 2021

0
 

An application is only as strong as the authentication systems used to gate entry and protect the data it contains. So long as your users leverage passwords, the weakest link in your security stance is the strength of those passwords. This month we take a deeper look at the strength of passwords and guidance to keep your users’ data […]

 

Education Station: Approaches to API Security

by · June 10, 2021

0
 

The last few months have been a whirlwind of API work. If you’ve been following along, you have a solid grasp of the history of APIs, tools to help design your APIs, and a good lump of tips on how to turn that API design into reality. But, for the sake of space, I left […]