A podcast about web design and development.
…
continue reading
Content provided by Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to Three Devs and a Maybe
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 13 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell (@jcutrell), co-founder of Spec and Director of Engineering at PBS. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Twitter: @developertea :: Email: deve ...
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
1
Syntax - Tasty Web Development Treats
Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
Full Stack Developers Wes Bos and Scott Tolinski dive deep into web development topics, explaining how they work and talking about their own experiences. They cover from JavaScript frameworks like React, to the latest advancements in CSS to simplifying web tooling.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
141: Web Application Security, Part 2 with Scott Arciszewski
Manage episode 214305873 series 2410493
Content provided by Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
In this weeks episode we continue our discussion with Scott Arciszewski about all things Security and Cryptography. We start off the show by highlighting what a SQL injection attack is and the differences between (emulated) prepared statements. This leads us on to look into how to securely handle file uploads, what a reverse shell is and how to defend yourself against XSS/CSRF attacks. From here we touch upon the recent inclusion of libsodium into PHP, why mcrypt should be avoided, and the side-channel vulnerabilities that brought way to Meltdown and Spectre. Finally, we mention how computers generate seemingly random numbers, what a Web Application Firewall (WAF) is, and how WARD goes about protecting your systems.
Show Links
- Scott Arciszewski on Twitter
- Paragon Initiative Enterprises
- The 2018 Guide to Building Secure PHP Software
- Are PDO prepared statements sufficient to prevent SQL injection?
- Preventing SQL Injection in PHP Applications
- paragonie/easydb - Easy-to-use PDO wrapper for PHP projects.
- Security at the expense of usability comes at the expense of security.
- Security B-Sides Orlando 2017
- TimThumb WebShot Code Execution Exploit (Zeroday)
- Reverse shell !?!
- paragonie/anti-csrf - Full-Featured Anti-CSRF Library
- Using Libsodium in PHP Projects
- paragonie/sodium_compat - Pure PHP polyfill for ext/sodium
- libsodium
- It Turns Out, 2017 is the Year of Simply Secure PHP Cryptography
- The ECB Penguin
- Cache-timing attacks on AES
- Side-Channel Attacks on Everyday Applications
- Meltdown and Spectre
- PCID is now a critical performance/security feature on x86
- If You’re Typing the Word MCRYPT Into Your PHP Code, You’re Doing It Wrong
- Myths about /dev/urandom
- PHP - random_bytes
- PHP - random_int
- Ward - Web Application Realtime Defender
164 episodes
Share
Manage episode 214305873 series 2410493
Content provided by Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Michael Budd, Fraser Hart, Lewis Cains, Edd Mann, Michael Budd, Fraser Hart, Lewis Cains, and Edd Mann or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
In this weeks episode we continue our discussion with Scott Arciszewski about all things Security and Cryptography. We start off the show by highlighting what a SQL injection attack is and the differences between (emulated) prepared statements. This leads us on to look into how to securely handle file uploads, what a reverse shell is and how to defend yourself against XSS/CSRF attacks. From here we touch upon the recent inclusion of libsodium into PHP, why mcrypt should be avoided, and the side-channel vulnerabilities that brought way to Meltdown and Spectre. Finally, we mention how computers generate seemingly random numbers, what a Web Application Firewall (WAF) is, and how WARD goes about protecting your systems.
Show Links
- Scott Arciszewski on Twitter
- Paragon Initiative Enterprises
- The 2018 Guide to Building Secure PHP Software
- Are PDO prepared statements sufficient to prevent SQL injection?
- Preventing SQL Injection in PHP Applications
- paragonie/easydb - Easy-to-use PDO wrapper for PHP projects.
- Security at the expense of usability comes at the expense of security.
- Security B-Sides Orlando 2017
- TimThumb WebShot Code Execution Exploit (Zeroday)
- Reverse shell !?!
- paragonie/anti-csrf - Full-Featured Anti-CSRF Library
- Using Libsodium in PHP Projects
- paragonie/sodium_compat - Pure PHP polyfill for ext/sodium
- libsodium
- It Turns Out, 2017 is the Year of Simply Secure PHP Cryptography
- The ECB Penguin
- Cache-timing attacks on AES
- Side-Channel Attacks on Everyday Applications
- Meltdown and Spectre
- PCID is now a critical performance/security feature on x86
- If You’re Typing the Word MCRYPT Into Your PHP Code, You’re Doing It Wrong
- Myths about /dev/urandom
- PHP - random_bytes
- PHP - random_int
- Ward - Web Application Realtime Defender
164 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Three Devs and a Maybe
A podcast about web design and development.
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 13 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell (@jcutrell), co-founder of Spec and Director of Engineering at PBS. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Twitter: @developertea :: Email: deve ...
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
1
Syntax - Tasty Web Development Treats
Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
Full Stack Developers Wes Bos and Scott Tolinski dive deep into web development topics, explaining how they work and talking about their own experiences. They cover from JavaScript frameworks like React, to the latest advancements in CSS to simplifying web tooling.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
