This week we wrap-up the top ten security risks compiled by OWASP, with discussion on topics including CSRF (Cross Site Request Forgery) and Known Component Vulnerabilities. Also included this week is a brief introduction to Hack and are thoughts on the programming language Go.
Monthly Archives: March 2014
Episode 42: Hacking Difficult People
For episode 42 we are blessed by the wonderful and talented Laura Thomson, Senior Engineering Manager at Mozilla. Laura drops science on managing engineers, Minimum Viable Bureaucracy, HHVM and Hack, and her mid-Atlantic coast accent. This is a must-listen for folks who manage tech teams.
- Check out our sponsors, Engine Yard and WonderNetwork
- Follow us on Twitter here.
- Rate us on iTunes here
Listen
Download now (MP3, 34.5MB, 1:17:38)
Links and Notes
16: Web Application Security – Part 1
With another two man crew this week we decided to make a start our discussion on all things Web Security. Directed at PHP developers, we go over the top five security risks compiled by OWASP (The Open Web Application Security Project).
Show Links
- Using Anonymous Functions (Lambdas) and Closures in PHP
- OWASP
- OWASP Top Ten Project
- OWASP PHP Security Cheat Sheet
- Linux: 25 PHP Security Best Practices For Sys Admins
- Cross-Site Scripting Attacks (XSS)
- Improve PHP session cookie security
- Secure Session Management Tips
- Laravel - helpers.php
- HTML Purifier
- Twig
- Smarty
15: Web Design with Justin DeLucia
This week we are lucky to have special guest and good friend of the show Justin DeLucia on to discuss all things web design. Starting off with background discussion on how he got into the industry, we move on to how designers and developers work (and should work) together. Finally, we wrap up with our longest quiz yet, which undoubtedly went off in many random tangents.
Show Links
Episode 41: Let Me Wet My Beak
This week we’re joined by David Rogers, aka @al_the_x, to hear how he’s teaching PHP in college courses for brand-new progammers. We also talk about what possessed Ed to develop his own unit testing framework.
- Check out our sponsors, Engine Yard and WonderNetwork
- Follow us on Twitter here.
- Rate us on iTunes here
Listen
Download now (MP3, 36.2MB, 1:21:23)
Links and Notes
14: Using Composer and the Command Line (CLI)
With only a two man crew this week we decided to have a little ramble about Composer and the Command Line. Initially discussing the benefits of Composer over alternatives (i.e. PEAR), we move onto some of the real-world issues that can arise from ‘depending’ on it. We then segue into discussing the Command Line and some of the key points new users should now about.