Pragmatic Programmer Issues - pietrowski.info

Importance of Security

pedro — Thu, 01 Dec 2011 10:11:54 +0000

Everybody knows web application are now de facto standard in daily use. We go even further as we have more and more mobile devices.
We are building our apps in such a way we can access it from mobile phones, tablets and even e-book readers.

So nobody should be surprised that companies involved in web standards have published article focused on web application security.

Google: Browser Security Handbook
Google: Web Application Exploits and Defenses part one, part two , part three, part four, part five.
Great live step by step tutorial on Gruyere application. It is challenging
Mozilla : WebAppSec/Secure Coding Guidelines - Here are some quick wins.
- For all cookies set the HTTPOnly and Secure flag
- Make sure login pages are only served on HTTPS and all authenticated pages are only served on HTTPS
- Don’t trust any user data (input, headers, cookies etc). Make sure to validate it before using it
Last but not least OWASP site is one of the best security information site.

Happy Hacking your apps

Pedro Newsletter 30.11.2011

pedro — Tue, 29 Nov 2011 22:49:13 +0000

This is the last Pedro Newsletter. Hope you enjoyed it.

Atlassian OnDemand add Tempo plugin – time management and reporting is now easy.
smtproutes – simple SMTP server (Sinatra inspiration).
Spring Framework 3.1.0.RC2 was released.
Redis for autocomplete.
Alex’s Git Tip of The Week: Git submodules.
iOS 5.1 beta – Siri integration

Thanks for all, folks!

Pedro Newsletter 29.11.2011

pedro — Mon, 28 Nov 2011 22:03:20 +0000

How to write Confluence plugin for SaaS.
Google I/O 2012 extended to three days (June 27-29).
pagekite - Bring your localhost servers on-line. Sounds good, when you want to show current Scrum result for your client.
Solr/Lucene 3.5 was released.
Evolution of Google Search 14 years in six minutes.

Pedro Newsletter 28.11.2011

pedro — Mon, 28 Nov 2011 21:37:27 +0000

2011 Google Developers Days (slides).
GeoGebra - Free mathematics software for learning and teaching.
Rails Good practice 1.5 was released.
Five Hours with ThoughtWorks Go.
Node.js style guide

Pedro Newsletter 25.11.2011

pedro — Thu, 24 Nov 2011 22:15:24 +0000

Thoughts on 2011 ONCIX Report. Every security professional should read that.
Spring Roo 1.20.RC1 was released with PrimeFaces 3 support.
Faster Bamboo Dashboard with Plan Labels.
Grails: wildcard search on two fields.
Key announcements from Oracle World.