Security
Secure by Design: Google’s Blueprint for a High-Assurance Web Framework
“Learn about how Google has created and deployed a high-assurance web framework that almost completely eliminates exploitable web vulnerabilities.” (from CloudSecList #274)
Common OAuth Vulnerabilities
“A comprehensive guide on known attacks against OAuth implementations, together with a checklist that should prove useful for testers and developers alike to quickly assess whether their implementation is secure.” (from CloudSecList #274)
Weaponizing Dependabot: Pwn Request at its finest
“TL;DR: Your trusty Dependabot (and other GitHub bots) might be an unwitting accomplice. Through “Confused Deputy” attacks, they can be tricked into merging malicious code. It can escalate to full command injection via crafted branch names and even bypass branch protection rules.”
Where Warlocks Stay Up Late
“Where Warlocks Stay Up Late is an interview series dedicated to documenting the history of cybersecurity. This interview series aims to capture the stories, insights, and legacies of the pioneering figures who shaped the field of cybersecurity from its inception to the present day.”
Software development
Developer philosophy
Good article of personal software development philosophies which shares years of experience.
- Avoid, at all costs, arriving at a scenario where the ground-up rewrite starts to look attractive
- Aim to be 90% done in 50% of the available time
- Automate good practice
- Think about pathological data
- There is usually a simpler way to write it
- Write code to be testable
- It is insufficient for code to be provably correct; it should be obviously, visibly, trivially correct
Leave a Reply