Security Tips
Security Tip: Canary Tokens
[Tip#31] These are my favourite simple security trick to let you know if someone is poking around in your stuff.
Security Tips
OWASP Tip: A10:2021 – Server-Side Request Forgery (SSRF)
Our final entry in the OWASP Top 10 series - be aware of what your servers can access!
Security Tips
OWASP Tip: A09:2021 – Security Logging and Monitoring Failures
You do have logging enabled, right?
Security Tips
OWASP Tip: A07:2021 – Identification and Authentication Failures
Don't get confused with authorisation, we're talking authENTICation this week.
Security Tips
OWASP Tip: A06:2021 – Vulnerable and Outdated Components
Keep your stuff updated!!
Security Tips
OWASP Tip: A04:2021 – Insecure Design
It's hard to build a secure system if the design is inherently insecure.
Security Tips
OWASP Tip: A03:2021 – Injection
i.e. Cross-Site Scripting (XSS), SQL injection (SQLi), and Command Injection
Security Tips
OWASP Tip: A02:2021 – Cryptographic Failures
QmFzZSA2NCBpc24ndCBlbmNyeXB0aW9uIQ==
Security Tips
Security Tip: Finding Secrets
[Tip#30] Who wants to go on a treasure hunt for secrets, credentials, and API keys?
Security Tips
Security Tip: Protecting Production APIs
[Tip#29] Protecting the integrity of your data is just as important as stopping hackers.
Security Tips
Security Tip: composer audit
[Tip#28] Composer 🥰
Security Tips
Security Tip: Leaking Model Existence
[Tip#27] Observing the existence of something you can't access still tells you something important, even if you can't access it.