Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Nội dung được cung cấp bởi Localhost Podcast. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Localhost Podcast hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
Tương tự như Localhost Podcast
Three nerds discussing tech, Apple, programming, and loosely related matters.
…
continue reading
Discover a whole new take on Artificial Intelligence with Squirro's educational podcast! Join host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and their incredible impact on society, and y ...
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Marc Fennell and a team of people far smarter than him (his words, not ours) take a fun deep dive into how technology is reshaping our lives.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Monday through Friday, Marketplace demystifies the digital economy in less than 10 minutes. We look past the hype and ask tough questions about an industry that’s constantly changing.
…
continue reading
Get the most out of your home theater with the latest advances, product reviews, and all things audio and video. Every Thursday, Scott Wilkinson shares his expertise, energy, and enthusiasm about how to make your A/V system sound and look its best. In this short-format podcast, Scott brings you news, reviews, interviews, and commentary, and answers your questions. You can join Club TWiT for $7 a month and get ad-free audio and video feeds for all our shows plus everything else the club offer ...
…
continue reading
Player FM - Ứng dụng Podcast
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
))
014 - OWASP Top 10
Manage episode 205025637 series 1354553
Nội dung được cung cấp bởi Localhost Podcast. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Localhost Podcast hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
Hello from the Internet In this we count down the OWASP TOP 10 and explore the implications of each of the issues that we should be looking at in securing our applications. Enjoy the show! ## Show Notes - [OWASP](https://www.owasp.org/index.php/Main_Page) - [OWASP TOP 10 for 2017](https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf) ### 10. Logs - Insufficient Logging and Monitoring - https://www.owasp.org/index.php/Top_10-2017_A10-Insufficient_Logging%26Monitoring - Graylog - https://www.graylog.org/ - Logstash (ELK) - https://www.elastic.co/elk-stack ### 09. Components - https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities - Safety - Python - https://pyup.io/safety/ - Ruby - http://guides.rubygems.org/security/ - Node - Node Security - https://github.com/nodesecurity/nsp ### 08. Deserialization - https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization ### 07. XSS - https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS) ### 06. Security Misconfiguration - https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration - How to harden a Linux server: - https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-123.pdf - https://medium.com/viithiisys/10-steps-to-secure-linux-server-for-production-environment-a135109a57c5 - https://www.cyberciti.biz/tips/linux-security.html ### 05. Broken Access Control - https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control - Firesheep - https://codebutler.com/projects/firesheep/ ### 04. XML External Entities - https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE) - Billion Laughs Attack - https://en.wikipedia.org/wiki/Billion_laughs_attack ### 03. Sensitive Data Exposure - https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure - PCI DSS - https://www.pcisecuritystandards.org/pci_security/ - GDPR - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ - Password Hashing - https://crackstation.net/hashing-security.htm - Best practice for SSL + TLS - https://www.ssllabs.com/ssltest/ - https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ - Let’s Encrypt - https://letsencrypt.org/ - CipherList - Strong config for Apache / Nginx https://cipherli.st/ ### 02. Broken Authentication - https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication - Horse staple - https://xkcd.com/936/ - NIST - https://www.passwordping.com/surprising-new-password-guidelines-nist/ - Rainbow tables - http://project-rainbowcrack.com/table.htm - Google 2FA - Authy - https://authy.com/ - Duo - https://duo.com/ ### 01. Injection - https://www.owasp.org/index.php/Top_10-2017_A1-Injection - Bobby Tables - https://xkcd.com/327/ - Misc - Nessus - https://www.tenable.com/products/nessus/nessus-professional - OpenVas - http://www.openvas.org/ - ZED Attack Proxy - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project - zxcvbn: realistic password strength estimation - https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/ - Be afraid, be very afraid - https://attack.mitre.org/wiki/Main_Page
…
continue reading
32 tập
Chia sẻ
Manage episode 205025637 series 1354553
Nội dung được cung cấp bởi Localhost Podcast. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Localhost Podcast hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
Hello from the Internet In this we count down the OWASP TOP 10 and explore the implications of each of the issues that we should be looking at in securing our applications. Enjoy the show! ## Show Notes - [OWASP](https://www.owasp.org/index.php/Main_Page) - [OWASP TOP 10 for 2017](https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf) ### 10. Logs - Insufficient Logging and Monitoring - https://www.owasp.org/index.php/Top_10-2017_A10-Insufficient_Logging%26Monitoring - Graylog - https://www.graylog.org/ - Logstash (ELK) - https://www.elastic.co/elk-stack ### 09. Components - https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities - Safety - Python - https://pyup.io/safety/ - Ruby - http://guides.rubygems.org/security/ - Node - Node Security - https://github.com/nodesecurity/nsp ### 08. Deserialization - https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization ### 07. XSS - https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS) ### 06. Security Misconfiguration - https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration - How to harden a Linux server: - https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-123.pdf - https://medium.com/viithiisys/10-steps-to-secure-linux-server-for-production-environment-a135109a57c5 - https://www.cyberciti.biz/tips/linux-security.html ### 05. Broken Access Control - https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control - Firesheep - https://codebutler.com/projects/firesheep/ ### 04. XML External Entities - https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE) - Billion Laughs Attack - https://en.wikipedia.org/wiki/Billion_laughs_attack ### 03. Sensitive Data Exposure - https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure - PCI DSS - https://www.pcisecuritystandards.org/pci_security/ - GDPR - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ - Password Hashing - https://crackstation.net/hashing-security.htm - Best practice for SSL + TLS - https://www.ssllabs.com/ssltest/ - https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ - Let’s Encrypt - https://letsencrypt.org/ - CipherList - Strong config for Apache / Nginx https://cipherli.st/ ### 02. Broken Authentication - https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication - Horse staple - https://xkcd.com/936/ - NIST - https://www.passwordping.com/surprising-new-password-guidelines-nist/ - Rainbow tables - http://project-rainbowcrack.com/table.htm - Google 2FA - Authy - https://authy.com/ - Duo - https://duo.com/ ### 01. Injection - https://www.owasp.org/index.php/Top_10-2017_A1-Injection - Bobby Tables - https://xkcd.com/327/ - Misc - Nessus - https://www.tenable.com/products/nessus/nessus-professional - OpenVas - http://www.openvas.org/ - ZED Attack Proxy - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project - zxcvbn: realistic password strength estimation - https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/ - Be afraid, be very afraid - https://attack.mitre.org/wiki/Main_Page
…
continue reading
32 tập
Minden epizód
×
Chào mừng bạn đến với Player FM!
Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.
Tương tự như Localhost Podcast
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Three nerds discussing tech, Apple, programming, and loosely related matters.
…
continue reading
Discover a whole new take on Artificial Intelligence with Squirro's educational podcast! Join host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and their incredible impact on society, and y ...
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Marc Fennell and a team of people far smarter than him (his words, not ours) take a fun deep dive into how technology is reshaping our lives.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Monday through Friday, Marketplace demystifies the digital economy in less than 10 minutes. We look past the hype and ask tough questions about an industry that’s constantly changing.
…
continue reading
Get the most out of your home theater with the latest advances, product reviews, and all things audio and video. Every Thursday, Scott Wilkinson shares his expertise, energy, and enthusiasm about how to make your A/V system sound and look its best. In this short-format podcast, Scott brings you news, reviews, interviews, and commentary, and answers your questions. You can join Club TWiT for $7 a month and get ad-free audio and video feeds for all our shows plus everything else the club offer ...
…
continue reading
Player FM - Ứng dụng Podcast
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
