Episode 08: Web application security

Explicit content warning

09/22/21 • 47 min

Today, Off Script hosts Josh and James discuss all things web application security. It’s something that is getting more and more important to get right. More cyber attacks. More ransomware attacks. They address good application hygiene and the common pitfalls they are seeing people fall for. Big data breaches can lead to losing customer trust so it’s so important to makes sure you’re running a tight ship with security.

Basic security maintenance is essential but what can companies and individuals be doing to make sure their web applications are secure during a time of high value bug bounties being offered to people for finding vulnerabilities?

Bug bounties. The positives, negatives and relevancy to different sized agencies
The use of bots to find MongoDB vulnerabilities
Encrypted vaults
The Slack issue
How hard is it to put secure processes in place from the start?
Canary and environment variables
If you’re a security researcher, what do you do with responsible disclosure?
The fine line between helping the hackers and helping the community
What makes a good, secure app?
Package managers
Modern libraries making it obvious when you are doing a bad thing
Open pull requests
Get your house in order with OWASP
Frameworks and the early standards they set with password management and security hygiene
Importance of rotating keys
Human interfaces and the floors surrounding them
What can we learn from Twelve-Factor?
Github Workspaces and recreatable environments
The issues of convenience
Macs vs dev accessibility and Windows catching up
Github and Atom
Good, automated test suites
How to have a good view on what makes a good security test
Falling into the trap of feeling productive
Sitting down with the team to discuss testing value and priorities
The creativity of SQL injection
Reinventing the wheel
Dangers of writing an encryption tool and importance of getting an external security company

Resources:

Find out more about Stac and Parallax:

Bug bounties. The positives, negatives and relevancy to different sized agencies
The use of bots to find MongoDB vulnerabilities
Encrypted vaults
The Slack issue
How hard is it to put secure processes in place from the start?
Canary and environment variables
If you’re a security researcher, what do you do with responsible disclosure?
The fine line between helping the hackers and helping the community
What makes a good, secure app?
Package managers
Modern libraries making it obvious when you are doing a bad thing
Open pull requests
Get your house in order with OWASP
Frameworks and the early standards they set with password management and security hygiene
Importance of rotating keys
Human interfaces and the floors surrounding them
What can we learn from Twelve-Factor?
Github Workspaces and recreatable environments
The issues of convenience
Macs vs dev accessibility and Windows catching up
Github and Atom
Good, automated test suites
How to have a good view on what makes a good security test
Falling into the trap of feeling productive
Sitting down with the team to discuss testing value and priorities
The creativity of SQL injection
Reinventing the wheel
Dangers of writing an encryption tool and importance of getting an external security company

Resources:

Find out more about Stac and Parallax:

Previous Episode

Episode 07: Career progression

We’re happy to welcome James Hall to Off Script as a new co-host alongside Josh Nesbitt in our new podcast format! The topic today is ‘Career progression’.

Josh and James have known each other for many years and have a lot of professional experience in tech at the top level between them, ranging from agency work through to consulting. Josh runs Leeds-based software consultancy Stac whilst James runs Parallax - a digital agency specialising in websites, apps and much more. This gives our co-hosts different perspectives on the tech topics they’ll be getting into in the coming episodes and gives the listener a balanced take on today’s top topics in tech.

If you enjoy this episode, make sure to subscribe so you don’t miss the next one! In today’s episode, Josh and James explore:

How do you define a career path?
The changes you experience as a developer as you progress up the career ladder within an agency and as a consultant.
Knowing where to invest your time as a junior in tech to ensure suitable progression for yourself.
What opportunities and challenges does remote working create for employees and employers?
What can employers do to retain employees and create a rewarding career path for their staff?
How often should companies speak to employees about progression and what frameworks are effective for this?
Zoom fatigue and remote working.
What does the future look like for offices with a mixture of remote working and people wishing to spend their time around people in person?

Find out more about Stac and Parallax:

Next Episode

Episode 09: Application performance

What would your first steps be when working on application performance? What tools can you use to help you through this process? What are the challenges when you overly optimise your application? Our hosts James and Josh dive into these questions and outline their thoughts on the following and much more: