The Developer’s Guide to Cryptography: AES in Node.js

The Advanced Encryption Standard, or AES, is the standard chosen by the U.S. government to protect messages with symmetric encryption. Understanding what AES does and how it works is important. So is understanding how to use is practically in a real program. We’ll first take a look at the Node.js implementation of AES. For now, …

The Developer’s Guide to Cryptography: AES in Node.js Read More »

The Developer’s Guide to Cryptography: Symmetric Encryption

So we already discussed the basics of cryptography. Now let’s take a look at the first family of major cryptographic algorithms, symmetric encryption algorithms. First, we’ll take a look at what the term “symmetric encryption” actually means. What is Symmetric Encryption? The term symmetric means “made up of exactly similar parts”. This hints at the …

The Developer’s Guide to Cryptography: Symmetric Encryption Read More »

The Developer’s Guide to Cryptography: The Basics

It is rare that a developer will finish his or her career without seeing, hearing about, or using cryptography. In today’s connected world, some form of cryptography is almost certainly a requirement for most applications. While you may need to use cryptography, how much do you actually understand it? If someone tells you that they …

The Developer’s Guide to Cryptography: The Basics Read More »

Simple Programmer Contributor Post–Are DevOps and Security Compatible?

My latest contributor post for Simple Programmer is up! This month I discuss whether security and DevOps are at odds with each other. I describe The Three Ways of DevOps and how changing the way we think about application security will allow us to build even more secure software in the DevOps age. Check out …

Simple Programmer Contributor Post–Are DevOps and Security Compatible? Read More »

Breaking Down the OWASP Top 10 2017 RC Part 2: Numbers 6 Through 10

My previous post broke down the first five vulnerabilities listed in the OWASP Top 10 2017 RC. The last half of the list has many interesting entries that will be fun to break down. So let’s jump right into it. Sensitive Data Exposure This vulnerability describes not properly storing sensitive data or allowing it to …

Breaking Down the OWASP Top 10 2017 RC Part 2: Numbers 6 Through 10 Read More »

Breaking Down the OWASP Top 10 2017 RC Part 1: Numbers One Through Five

The Open Web Application Security Project (OWASP) is an open community whose mission is to enable organizations to develop, maintain, and use applications and APIs that can be trusted. They have many great resources for professionals to use to educate themselves on how to build secure web applications. One of OWASP’s flagship projects is the …

Breaking Down the OWASP Top 10 2017 RC Part 1: Numbers One Through Five Read More »

The Great Certificate Debate–Are Security Certifications Worth It?

I recently stumbled upon an article claiming, quite strongly, that security certifications are worthless and causing more harm than good. This struck a cord with me because I became Security+ certified last year and recently got my CSSLP. Did I just waste my time and money on these certifications? This is certainly not the first …

The Great Certificate Debate–Are Security Certifications Worth It? Read More »

5 Security Concepts All Developers Should Understand

I’m thrilled to announce that I have completed another guest post on Simple Programmer! This one deals with 5 Security Concepts All Developers Should Understand. Many developers understand basic security vulnerabilities such as XSS and CSRF. This post aims to outline the key security concepts that will help developers to build security in from the …

5 Security Concepts All Developers Should Understand Read More »