A podcast about web design and development.
…
continue reading
Contenido proporcionado por Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.
Similar a Three Devs and a Maybe
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 13 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell (@jcutrell), co-founder of Spec and Director of Engineering at PBS. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Twitter: @developertea :: Email: deve ...
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
1
Syntax - Tasty Web Development Treats
Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
Full Stack Developers Wes Bos and Scott Tolinski dive deep into web development topics, explaining how they work and talking about their own experiences. They cover from JavaScript frameworks like React, to the latest advancements in CSS to simplifying web tooling.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Player FM : aplicación de podcast
¡Desconecta con la aplicación Player FM !
¡Desconecta con la aplicación Player FM !
))
141: Web Application Security, Part 2 with Scott Arciszewski
Manage episode 214305873 series 2410493
Contenido proporcionado por Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.
In this weeks episode we continue our discussion with Scott Arciszewski about all things Security and Cryptography. We start off the show by highlighting what a SQL injection attack is and the differences between (emulated) prepared statements. This leads us on to look into how to securely handle file uploads, what a reverse shell is and how to defend yourself against XSS/CSRF attacks. From here we touch upon the recent inclusion of libsodium into PHP, why mcrypt should be avoided, and the side-channel vulnerabilities that brought way to Meltdown and Spectre. Finally, we mention how computers generate seemingly random numbers, what a Web Application Firewall (WAF) is, and how WARD goes about protecting your systems.
Show Links
- Scott Arciszewski on Twitter
- Paragon Initiative Enterprises
- The 2018 Guide to Building Secure PHP Software
- Are PDO prepared statements sufficient to prevent SQL injection?
- Preventing SQL Injection in PHP Applications
- paragonie/easydb - Easy-to-use PDO wrapper for PHP projects.
- Security at the expense of usability comes at the expense of security.
- Security B-Sides Orlando 2017
- TimThumb WebShot Code Execution Exploit (Zeroday)
- Reverse shell !?!
- paragonie/anti-csrf - Full-Featured Anti-CSRF Library
- Using Libsodium in PHP Projects
- paragonie/sodium_compat - Pure PHP polyfill for ext/sodium
- libsodium
- It Turns Out, 2017 is the Year of Simply Secure PHP Cryptography
- The ECB Penguin
- Cache-timing attacks on AES
- Side-Channel Attacks on Everyday Applications
- Meltdown and Spectre
- PCID is now a critical performance/security feature on x86
- If You’re Typing the Word MCRYPT Into Your PHP Code, You’re Doing It Wrong
- Myths about /dev/urandom
- PHP - random_bytes
- PHP - random_int
- Ward - Web Application Realtime Defender
164 episodios
Compartir
Manage episode 214305873 series 2410493
Contenido proporcionado por Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.
In this weeks episode we continue our discussion with Scott Arciszewski about all things Security and Cryptography. We start off the show by highlighting what a SQL injection attack is and the differences between (emulated) prepared statements. This leads us on to look into how to securely handle file uploads, what a reverse shell is and how to defend yourself against XSS/CSRF attacks. From here we touch upon the recent inclusion of libsodium into PHP, why mcrypt should be avoided, and the side-channel vulnerabilities that brought way to Meltdown and Spectre. Finally, we mention how computers generate seemingly random numbers, what a Web Application Firewall (WAF) is, and how WARD goes about protecting your systems.
Show Links
- Scott Arciszewski on Twitter
- Paragon Initiative Enterprises
- The 2018 Guide to Building Secure PHP Software
- Are PDO prepared statements sufficient to prevent SQL injection?
- Preventing SQL Injection in PHP Applications
- paragonie/easydb - Easy-to-use PDO wrapper for PHP projects.
- Security at the expense of usability comes at the expense of security.
- Security B-Sides Orlando 2017
- TimThumb WebShot Code Execution Exploit (Zeroday)
- Reverse shell !?!
- paragonie/anti-csrf - Full-Featured Anti-CSRF Library
- Using Libsodium in PHP Projects
- paragonie/sodium_compat - Pure PHP polyfill for ext/sodium
- libsodium
- It Turns Out, 2017 is the Year of Simply Secure PHP Cryptography
- The ECB Penguin
- Cache-timing attacks on AES
- Side-Channel Attacks on Everyday Applications
- Meltdown and Spectre
- PCID is now a critical performance/security feature on x86
- If You’re Typing the Word MCRYPT Into Your PHP Code, You’re Doing It Wrong
- Myths about /dev/urandom
- PHP - random_bytes
- PHP - random_int
- Ward - Web Application Realtime Defender
164 episodios
Усі епізоди
×
Bienvenido a Player FM!
Player FM está escaneando la web en busca de podcasts de alta calidad para que los disfrutes en este momento. Es la mejor aplicación de podcast y funciona en Android, iPhone y la web. Regístrate para sincronizar suscripciones a través de dispositivos.
Similar a Three Devs and a Maybe
A podcast about web design and development.
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 13 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell (@jcutrell), co-founder of Spec and Director of Engineering at PBS. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Twitter: @developertea :: Email: deve ...
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
1
Syntax - Tasty Web Development Treats
Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
Full Stack Developers Wes Bos and Scott Tolinski dive deep into web development topics, explaining how they work and talking about their own experiences. They cover from JavaScript frameworks like React, to the latest advancements in CSS to simplifying web tooling.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Player FM : aplicación de podcast
¡Desconecta con la aplicación Player FM !
¡Desconecta con la aplicación Player FM !
