5 Reasons You Need Application Security Champions

Have you ever felt that your developers and your application security team don’t see eye-to-eye? Do your developers hold feelings of dread at the mention of “the security guys”? This is a common problem with culture in the industry. There has long been a cultural divide between security and application teams. Developers want to deliver …

5 Reasons You Need Application Security Champions Read More »

Your Security Perimeter is a Living Cell, Not a Castle Wall

Editor’s Note: This post was originally posted on Cobalt’s blog. Check out the original post here. Check out their site if you are interested in a new way to pen test your application. You’ve heard the analogy before. Your enterprise is a fortress. Protect it with towers. Build stone walls to protect your data. Build …

Your Security Perimeter is a Living Cell, Not a Castle Wall Read More »

The Developer’s Guide to Cryptography: Hash Functions and HMACs

So far, we’ve discussed the basics of encryption and symmetric encryption algorithms. Encryption is used to protect the confidentiality of data. Let’s now take a small turn and look at protecting the integrity and authenticity of data. Encryption can protect data from being read while in transit. However, this does not prevent the data from …

The Developer’s Guide to Cryptography: Hash Functions and HMACs Read More »

The Developer’s Guide to Cryptography: Why ASP.NET Core 2 Gets It Right

Last time, we discussed what AES encryption looks like in Node.js. Now, to get a flavor of what other languages and frameworks do for AES encryption, we’ll take a look at ASP.NET Core 2. I am excited with what ASP.NET Core and .NET Core in general do for C# and other Microsoft technologies. ASP.NET Core …

The Developer’s Guide to Cryptography: Why ASP.NET Core 2 Gets It Right Read More »

The Developer’s Guide to Cryptography: AES in Node.js

The Advanced Encryption Standard, or AES, is the standard chosen by the U.S. government to protect messages with symmetric encryption. Understanding what AES does and how it works is important. So is understanding how to use is practically in a real program. We’ll first take a look at the Node.js implementation of AES. For now, …

The Developer’s Guide to Cryptography: AES in Node.js Read More »

The Developer’s Guide to Cryptography: Symmetric Encryption

So we already discussed the basics of cryptography. Now let’s take a look at the first family of major cryptographic algorithms, symmetric encryption algorithms. First, we’ll take a look at what the term “symmetric encryption” actually means. What is Symmetric Encryption? The term symmetric means “made up of exactly similar parts”. This hints at the …

The Developer’s Guide to Cryptography: Symmetric Encryption Read More »

The Developer’s Guide to Cryptography: The Basics

It is rare that a developer will finish his or her career without seeing, hearing about, or using cryptography. In today’s connected world, some form of cryptography is almost certainly a requirement for most applications. While you may need to use cryptography, how much do you actually understand it? If someone tells you that they …

The Developer’s Guide to Cryptography: The Basics Read More »

Simple Programmer Contributor Post–Are DevOps and Security Compatible?

My latest contributor post for Simple Programmer is up! This month I discuss whether security and DevOps are at odds with each other. I describe The Three Ways of DevOps and how changing the way we think about application security will allow us to build even more secure software in the DevOps age. Check out …

Simple Programmer Contributor Post–Are DevOps and Security Compatible? Read More »