Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 13 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell (@jcutrell), co-founder of Spec and Director of Engineering at PBS. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Twitter: @developertea :: Email: deve ...
…
continue reading
A tartalmat a Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann biztosítja. Az összes podcast-tartalmat, beleértve az epizódokat, grafikákat és podcast-leírásokat, közvetlenül a Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann vagy a podcast platform partnere tölti fel és biztosítja. Ha úgy gondolja, hogy valaki az Ön engedélye nélkül használja fel a szerzői joggal védett művét, kövesse az itt leírt folyamatot https://hu.player.fm/legal.
Hasonló a(z) Three Devs and a Maybe sorozathoz
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
The Fragmented Podcast is the leading Android developer podcast started by Kaushik Gopal & Donn Felker. Our goal is to help you become a better Android Developer through conversation & to capture the zeitgeist of Android development. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
A podcast about web design and development.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Player FM - Podcast alkalmazás
Lépjen offline állapotba az Player FM alkalmazással!
Lépjen offline állapotba az Player FM alkalmazással!
))
141: Web Application Security, Part 2 with Scott Arciszewski
Manage episode 214305873 series 2410493
A tartalmat a Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann biztosítja. Az összes podcast-tartalmat, beleértve az epizódokat, grafikákat és podcast-leírásokat, közvetlenül a Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann vagy a podcast platform partnere tölti fel és biztosítja. Ha úgy gondolja, hogy valaki az Ön engedélye nélkül használja fel a szerzői joggal védett művét, kövesse az itt leírt folyamatot https://hu.player.fm/legal.
In this weeks episode we continue our discussion with Scott Arciszewski about all things Security and Cryptography. We start off the show by highlighting what a SQL injection attack is and the differences between (emulated) prepared statements. This leads us on to look into how to securely handle file uploads, what a reverse shell is and how to defend yourself against XSS/CSRF attacks. From here we touch upon the recent inclusion of libsodium into PHP, why mcrypt should be avoided, and the side-channel vulnerabilities that brought way to Meltdown and Spectre. Finally, we mention how computers generate seemingly random numbers, what a Web Application Firewall (WAF) is, and how WARD goes about protecting your systems.
Show Links
- Scott Arciszewski on Twitter
- Paragon Initiative Enterprises
- The 2018 Guide to Building Secure PHP Software
- Are PDO prepared statements sufficient to prevent SQL injection?
- Preventing SQL Injection in PHP Applications
- paragonie/easydb - Easy-to-use PDO wrapper for PHP projects.
- Security at the expense of usability comes at the expense of security.
- Security B-Sides Orlando 2017
- TimThumb WebShot Code Execution Exploit (Zeroday)
- Reverse shell !?!
- paragonie/anti-csrf - Full-Featured Anti-CSRF Library
- Using Libsodium in PHP Projects
- paragonie/sodium_compat - Pure PHP polyfill for ext/sodium
- libsodium
- It Turns Out, 2017 is the Year of Simply Secure PHP Cryptography
- The ECB Penguin
- Cache-timing attacks on AES
- Side-Channel Attacks on Everyday Applications
- Meltdown and Spectre
- PCID is now a critical performance/security feature on x86
- If You’re Typing the Word MCRYPT Into Your PHP Code, You’re Doing It Wrong
- Myths about /dev/urandom
- PHP - random_bytes
- PHP - random_int
- Ward - Web Application Realtime Defender
164 epizódok
Megosztás
Manage episode 214305873 series 2410493
A tartalmat a Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann biztosítja. Az összes podcast-tartalmat, beleértve az epizódokat, grafikákat és podcast-leírásokat, közvetlenül a Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann vagy a podcast platform partnere tölti fel és biztosítja. Ha úgy gondolja, hogy valaki az Ön engedélye nélkül használja fel a szerzői joggal védett művét, kövesse az itt leírt folyamatot https://hu.player.fm/legal.
In this weeks episode we continue our discussion with Scott Arciszewski about all things Security and Cryptography. We start off the show by highlighting what a SQL injection attack is and the differences between (emulated) prepared statements. This leads us on to look into how to securely handle file uploads, what a reverse shell is and how to defend yourself against XSS/CSRF attacks. From here we touch upon the recent inclusion of libsodium into PHP, why mcrypt should be avoided, and the side-channel vulnerabilities that brought way to Meltdown and Spectre. Finally, we mention how computers generate seemingly random numbers, what a Web Application Firewall (WAF) is, and how WARD goes about protecting your systems.
Show Links
- Scott Arciszewski on Twitter
- Paragon Initiative Enterprises
- The 2018 Guide to Building Secure PHP Software
- Are PDO prepared statements sufficient to prevent SQL injection?
- Preventing SQL Injection in PHP Applications
- paragonie/easydb - Easy-to-use PDO wrapper for PHP projects.
- Security at the expense of usability comes at the expense of security.
- Security B-Sides Orlando 2017
- TimThumb WebShot Code Execution Exploit (Zeroday)
- Reverse shell !?!
- paragonie/anti-csrf - Full-Featured Anti-CSRF Library
- Using Libsodium in PHP Projects
- paragonie/sodium_compat - Pure PHP polyfill for ext/sodium
- libsodium
- It Turns Out, 2017 is the Year of Simply Secure PHP Cryptography
- The ECB Penguin
- Cache-timing attacks on AES
- Side-Channel Attacks on Everyday Applications
- Meltdown and Spectre
- PCID is now a critical performance/security feature on x86
- If You’re Typing the Word MCRYPT Into Your PHP Code, You’re Doing It Wrong
- Myths about /dev/urandom
- PHP - random_bytes
- PHP - random_int
- Ward - Web Application Realtime Defender
164 epizódok
Minden epizód
×
Üdvözlünk a Player FM-nél!
A Player FM lejátszó az internetet böngészi a kiváló minőségű podcastok után, hogy ön élvezhesse azokat. Ez a legjobb podcast-alkalmazás, Androidon, iPhone-on és a weben is működik. Jelentkezzen be az feliratkozások szinkronizálásához az eszközök között.
Hasonló a(z) Three Devs and a Maybe sorozathoz
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 13 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell (@jcutrell), co-founder of Spec and Director of Engineering at PBS. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Twitter: @developertea :: Email: deve ...
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
The Fragmented Podcast is the leading Android developer podcast started by Kaushik Gopal & Donn Felker. Our goal is to help you become a better Android Developer through conversation & to capture the zeitgeist of Android development. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
A podcast about web design and development.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Player FM - Podcast alkalmazás
Lépjen offline állapotba az Player FM alkalmazással!
Lépjen offline állapotba az Player FM alkalmazással!
