The Developer’s Guide to Encryption: Symmetric Encryption

So we already discussed the basics of cryptography. Now let’s take a look at the first family of major cryptographic algorithms, symmetric encryption algorithms. First, we’ll take a look at what the term “symmetric encryption” actually means. What is Symmetric Encryption? The term symmetric means “made up of exactly similar parts”. This hints at the …

Continue reading The Developer’s Guide to Encryption: Symmetric Encryption

Advertisements

The Developer’s Guide to Cryptography: The Basics

It is rare that a developer will finish his or her career without seeing, hearing about, or using cryptography. In today’s connected world, some form of cryptography is almost certainly a requirement for most applications. While you may need to use cryptography, how much do you actually understand it? If someone tells you that they …

Continue reading The Developer’s Guide to Cryptography: The Basics

Simple Programmer Contributor Post–Are DevOps and Security Compatible?

My latest contributor post for Simple Programmer is up! This month I discuss whether security and DevOps are at odds with each other. I describe The Three Ways of DevOps and how changing the way we think about application security will allow us to build even more secure software in the DevOps age. Check out …

Continue reading Simple Programmer Contributor Post–Are DevOps and Security Compatible?

Secure Your API in Node.js

The OWASP Top 10 2017 RC has two new entries that should be of great interest to any REST API developer. A4 – Broken Access Control A10 – Underprotected APIs Broken access control is a major problem. OWASP rates it as easily detectable, easily exploitable, and widespread across the Internet. Underprotected APIs refers to the …

Continue reading Secure Your API in Node.js

Breaking Down the OWASP Top 10 2017 RC Part 2: Numbers 6 Through 10

My previous post broke down the first five vulnerabilities listed in the OWASP Top 10 2017 RC. The last half of the list has many interesting entries that will be fun to break down. So let’s jump right into it. Sensitive Data Exposure This vulnerability describes not properly storing sensitive data or allowing it to …

Continue reading Breaking Down the OWASP Top 10 2017 RC Part 2: Numbers 6 Through 10

Breaking Down the OWASP Top 10 2017 RC Part 1: Numbers One Through Five

The Open Web Application Security Project (OWASP) is an open community whose mission is to enable organizations to develop, maintain, and use applications and APIs that can be trusted. They have many great resources for professionals to use to educate themselves on how to build secure web applications. One of OWASP’s flagship projects is the …

Continue reading Breaking Down the OWASP Top 10 2017 RC Part 1: Numbers One Through Five

The Great Certificate Debate–Are Security Certifications Worth It?

I recently stumbled upon an article claiming, quite strongly, that security certifications are worthless and causing more harm than good. This struck a cord with me because I became Security+ certified last year and recently got my CSSLP. Did I just waste my time and money on these certifications? This is certainly not the first …

Continue reading The Great Certificate Debate–Are Security Certifications Worth It?