Mastodawn

Hey #infosec / #cybersecurity fediverse!

I'm looking for resources on writing secure code, or security best practices for software development, etc. Anything specifically for #javascript / #typescript / #web is a plus!

Please #boost for reach! Thanks!

Show thread

xyhhx Jan 13, 2023

It'd be suuuuuper cool if I can get some books that cover newer APIs and the security implications therein

Show thread

Tae’lur Alexis Jan 13, 2023

@xyhhx have you heard about Hacking APIs published by NoStarch?

Show thread

xyhhx Jan 13, 2023

@taelur Oooo good call. I think I actually have a copy somewhere

I actually was thinking more along the lines of newer web APIs and how to securely handle all these new interfaces with the OS and users' hardware, etc in my last post, but now I'm wondering about how the usual stuff when securing REST / GraphQL APIs applies to frameworks like remix.run

*hits blunt*

Show thread

Tae’lur Alexis Jan 13, 2023

@xyhhx AHHHH Oops lol my bad 😅

@taelur all good lol

@taelur i actually got to thinking about it while i was using the #grapheneos web based installer. It literally flashes your phone from a web browser!

There are huge implications with all these new APIs and I'm sure someone smarter than me has written about

Show thread

Nick Lupien Jan 12, 2023

@xyhhx The Art of Software Security Assessment provides a number of these concepts. It's a bit old now but still very relevant. https://www.oreilly.com/library/view/the-art-of/0321444426/

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

“There are a number of secure programming books on the market, but none that go as deep as this one. The depth and detail exceeds all books that I know … - Selection from The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities [Book]

O’Reilly Online Learning

Show thread

xyhhx Jan 12, 2023

@loops thanks!

Show thread

Juanlu Sanz Jan 13, 2023

@xyhhx I have used Secure code warrior before https://www.securecodewarrior.com/ which shows fake code reviews with vulnerable code and you have to find it and fix it.

I know a lot of people (myself included) that have found it useful to learn via this method!

Hope it helps! #securecode #securecodewarrior

Secure Code Training for Developers | Secure Code Warrior

Secure Code Warrior helps developers write more secure code. We are focused on bringing an innovative approach to developer security training. Contact us today.

Show thread

xyhhx Jan 13, 2023

@juanlu_sanz Woah that's very cool. Thanks!

Show thread

ArneBab Jan 13, 2023

@xyhhx The stating page is https://developer.mozilla.org/en-US/docs/Web/Security

If there’s only one thing you’ll read this morning, start with OWASP: https://owasp.org/

Security on the web | MDN

Websites contain several different types of information. Some of it is non-sensitive, for example the copy shown on the public pages. Some of it is sensitive, for example customer usernames, passwords, and banking information, or internal algorithms and private product information.

MDN Web Docs

Show thread

xyhhx Jan 13, 2023

@ArneBab Thanks! Yeah, those are great resources.

Show thread