Blog: Developer Resource

Developer Resource Security Culture - Introducing OWASP Read More
January 8, 2022 -

In the latest video of our Security Culture series we give a 2 minute overview of OWASP.org, an amazing resource for developers. OWASP Resources OWASP resources include: The Top 10 ASVS Testing Guides Proactive Controls Glue, Dependency Check, Amass, ZAP and DefectDojo Conferences like Global AppSec, AppSec California, etc. Local chapter meetings

Read More
Developer Resource Security Culture - Testing Authorization Read More
February 27, 2020 -

In the latest video of our Security Culture series we talk about testing for authorization. You can also listen in on our podcast. Authorization Authorization is the idea that a user can only do what they should be able to based on their role. It is synonymous with access control. Consider the case of a […]

Read More
Developer Resource Security Culture - Secrets Read More
February 20, 2020 -

In the latest video of our Security Culture series we talk about handling secrets. You can also listen in on our podcast. What Is a Secret What is a secret? In this context, a secret could be any of the following: A database password An SSH Key A private key An API Key An AWS […]

Read More
Developer Resource Security Culture - Static Analysis Read More
February 13, 2020 -

In the latest video of our Security Culture series we talk about static analysis. You can also listen in on our podcast. There are a lot of static analysis tools out there. The simplest might be eslint, for which there are even security rulesets - the docs for which have some handy illustrations for the […]

Read More
Developer Resource Security Culture - Patching Read More
February 6, 2020 -

In the latest video of our Security Culture series we talk about why patching is so important. Patching is the process of updating software. This applies to laptops, phones and servers. It even applies to services running on our servers, like web servers or database servers. It can also refer to the libraries we use […]

Read More
Developer Resource Dependency Management — A nightmare scenario Read More
January 27, 2020 -

Dependency management has become a very important part of insuring the security of your applications. We’ve written about it many times in the past and even highlighted some horror stories from the Node community where it’s not uncommon for a single project to have hundreds or thousands of dependencies developed and maintained by a variety […]

Read More
Developer Resource Security Culture - Injection Read More
January 23, 2020 -

In the latest video of our Security Culture series we give a 2 minute overview of Injection, which is a serious class of vulnerability that can happen in any language. Injection happens when user inputted data is treated as part of an OS command or part of a query - usually through string concatenation. As […]

Read More
Developer Resource Security Code Review Tool - CRUSH Read More
January 15, 2020 -

We often do code review for companies. Code review is a great control whether or not you are running SAST or other tools, and we look for different things depending on the circumstances. Sometimes the review identifies gaps in authorization that tools can’t find anyway. Other times the language (eg. Clojure or Elixir) is poorly […]

Read More
Developer Resource Why Developers Matter For Security Read More
November 7, 2019 -

This post talks about the critical importance of actively engaging software developers in security activities and presents a few timely real world examples where this was not done sufficiently and companies paid the price. Robinhood Gold The first example this week is from Robinhood. Robinhood is a low cost trading platform. It turns out that […]

Read More
Developer Resource Using Github Pull Request Templates and Checks to Implement Security Checklists Read More
August 15, 2019 -

This blog post will show one way to build security checklists into your code review and pull request flows in GitHub. On almost every project we do with developer teams, one thing we recommend is a simple checklist to help keep security top of mind. Back in 2013 we helped a client implement this in […]

Read More
1 2 3 4
Menu
Menu
© 2019-2022 Jemurai. All rights reserved.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram