Editor’s Note: This post originally appeared on HackerOne’s blog. Migrating your digital assets to the cloud can seem overwhelming at times. But you’re not alone. AWS has done a good job of meeting you halfway to help with security. AWS calls it the Shared Responsibility Model. Both you and AWS are each responsible for the… Read More

7 Common Security Pitfalls to Avoid When Migrating to the Cloud

Editor’s Note: This post originally appeared on HackerOne. So you want to move to the cloud. It’s okay. You’re not alone. 96 percent of decision makers in one survey have cloud initiatives underway. Enterprise IT teams will soon reach the tipping point, spending over 50 percent on cloud apps and services instead of on-premises deployments for the first… Read More

How to Secure Your Feature-Flag-Based Application

Editor’s Note: This post originally appeared on You can’t wait for next week. You’ve sold your management on the importance and usefulness of feature flags for your application. Your development team is ready to deliver its first experiments with feature flags and next week is when you’ll turn them on. Then you get a phone call.… Read More

DevOps Security Means Moving Fast, Securely

Editor’s Note: This post originally appeared on Scalyr’s blog. Check them out if you need operational monitoring to help your DevOps go. In this world of lightning-fast development cycles, MVPs, and DevOps, it may intuitively feel like security gets left behind. You might be thinking, “Aren’t the security guys the ones who want to stop everything… Read More

Security as Code: Why a Mental Shift is Necessary for Secure DevOps

Editor’s Note: This post originally appeared at Simple Programmer. They help make the complicated simple. Inertia is “the tendency to do nothing or remain unchanged.” It is a strong force in physics. It also often holds sway in the technology industry. By 1996, the first official definitions of Internet Protocol Version 6 (IPv6) were created. Over 20… Read More

The Developer’s Guide to Cryptography: Hash Functions and HMACs

So far, we’ve discussed the basics of encryption and symmetric encryption algorithms. Encryption is used to protect the confidentiality of data. Let’s now take a small turn and look at protecting the integrity and authenticity of data. Encryption can protect data from being read while in transit. However, this does not prevent the data from… Read More

The Developer’s Guide to Cryptography: Why ASP.NET Core 2 Gets It Right

Last time, we discussed what AES encryption looks like in Node.js. Now, to get a flavor of what other languages and frameworks do for AES encryption, we’ll take a look at ASP.NET Core 2. I am excited with what ASP.NET Core and .NET Core in general do for C# and other Microsoft technologies. ASP.NET Core… Read More