Exact Dependencies, Insecure Design, How To Learn Stuff Quickly and more

Security Journey's hi/5

17-02-2022 • 3 mins

How to Learn Stuff Quickly: https://www.joshwcomeau.com/blog/how-...
Learning how to learn is a crucial skill of the security professional and developer

Never Update Anything: https://blog.kronis.dev/articles/neve...
"In my eyes, it could be pretty nice to have a framework version that's supported for 10-20 years and is so stable that it can be used with little to no changes for the entire expected lifetime of a system."

Bridges fall down due to insecure design - make sure your web applications don't: https://www.securityjourney.com/post/...
This principle also applies to web applications, which is why the new #4 on the OWASP Top 10 2021 list is Insecure Design. ​

Pin exact dependency versions: https://betterdev.blog/pin-exact-depe...
Use a dependency manager that creates a lock file and commits it to the repository. Even then, pin your dependencies - explicitly specify their exact versions.

Financial services need to prioritize API security to protect their customers: https://www.helpnetsecurity.com/2021/...
Given this growing trend, Knight focused her vulnerability research on the financial services and FinTech companies and was able to access 55 banks through their API's, giving her the ability to change customers' PIN codes and move money in and out of customers accounts.

You Might Like

Darknet Diaries
Darknet Diaries
Jack Rhysider
Fortnite Emotes
Fortnite Emotes
Lawrence Hopkinson
Double Tap
Double Tap
Accessible Media Inc.
This Week in Retro
This Week in Retro
Neil from RMCretro - The Cave, Chris from 005 AGIMA and Dave
The Vergecast
The Vergecast
The Verge
TechStuff
TechStuff
iHeartPodcasts
Smashing Security
Smashing Security
Graham Cluley & Carole Theriault
Hard Fork
Hard Fork
The New York Times
Waveform: The MKBHD Podcast
Waveform: The MKBHD Podcast
Vox Media Podcast Network
13 Minutes to the Moon
13 Minutes to the Moon
BBC World Service