The headlines are filled with credential breaches. One way to avoid being those headlines is to not store credentials. Instead, use a 3rd party to authenticate your users. While this cuts a lot of work out of your development time, it is important to understand the pros and cons to each method. James talks through some of these risks to help better understand which method might be right for you. Links from show: Ep. 92: 2-Factor Authentication - … [Read more...] about Ep. 103: Is 3rd Party Authentication Right For Your Application?
security
Checking npm packages using npm-audit
Our applications rely more and more on external packages to enable quick deployment and ease of development. While these packages help reduce the code we have to write ourselves, it still may present risk to our application. If you are building Nodejs applications, you are probably using npm to manage your packages. For those that don't know, npm is the node package manager. It is a direct source to quickly include functionality within your application. For example, say you want to hash your … [Read more...] about Checking npm packages using npm-audit
Installing BeEF on ubuntu 18.04
While working on a VM for a class, I had the opportunity to install BeEF for the students. This was the first VM I have built using Ubuntu 18.04, so I expected there to be a few hiccups along the way. The good news is that the process was pretty straight forward and simple. Here are the steps to getting this up and running on Ubuntu 18.04. https://youtu.be/hD_JRo7YPcg I started off by creating a new virtual machine using Ubuntu 18.04. I won't go through the steps of creating a new virtual … [Read more...] about Installing BeEF on ubuntu 18.04
Ep. 101: You’re not always right and that is ok
In this episode, James shares a story of learning from a mistake and how we can't be right every time. Hear what he learned and how you can learn too. For more info go to https://www.developsec.com or follow us on twitter (@developsec). DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. … [Read more...] about Ep. 101: You’re not always right and that is ok
Ep. 100: Choosing Security Tools
In this episode we talk about choosing the right security tools for your environment. There are lots of vendors offering solutions to help identify security issues within our applications. The trick is to learn to identify which ones make the most sense for your environment. For more info go to https://www.developsec.com or follow us on twitter (@developsec). DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to … [Read more...] about Ep. 100: Choosing Security Tools
Choosing Application Security Tools
There are lots of security tools available, so how do you know which one to pick? If your security team is not including the application teams in the decision, you run a big risk of failure. The security team does get the ability to form relationships with vendors. We see them at conferences. We know people that work there. Because our focus is on security, we know the tools that exist in our space and we have an idea of which ones may be better than others. Of course, this is often due to … [Read more...] about Choosing Application Security Tools