Skip to content

Instantly share code, notes, and snippets.

:octocat:
https://scoold.com

Alex Bogdanovski albogdano

:octocat:
https://scoold.com
Block or report user

Report or block albogdano

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View Security Checklist.md

Database

  • Use encryption for data identifying users and sensitive data like access tokens, email addresses or billing details if possible (this will restrict queries to exact match lookups).
  • If your database supports low cost encryption at rest (like AWS Aurora), then enable that to secure data on disk. Make sure all backups are stored encrypted as well.
  • Use minimal privilege for the database access user account. Don’t use the database root account and check for unused accounts and accounts with bad passwords.
  • Store and distribute secrets using a key store designed for the purpose. Don’t hard code in your applications.
  • Fully prevent SQL injection by only using SQL prepared statements. For example: if using NPM, don’t use npm-mysql, use npm-mysql2 which supports prepared statements.

Development

  • Ensure that all components of your software are scanned for vulnerabilities for every version pushed to production. This means O/S, libraries and packages. This should be automated
@albogdano
albogdano / GenericOAuth2Filter.java
Last active Dec 2, 2016
Authentication filter for Para, for handling authentication requests to a generic OAuth 2.0 identity provider
View GenericOAuth2Filter.java
/*
* Copyright 2013-2016 Erudika. https://erudika.com
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
View albogdano.zsh-theme
#!/usr/bin/env zsh
#local return_code="%(?..%{$fg[red]%}%? ↵%{$reset_color%})"
#
# Oh My Zsh! theme
#
setopt promptsubst
autoload -U add-zsh-hook
View gist:9462392
# First verify the version of Java being used is not SunJSK.
java -version
# Get the latest Sun Java SDK from Oracle http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html
wget http://download.oracle.com/otn-pub/java/jdk/7u51-b13/jdk-7u51-linux-x64.rpm
# Install Java
sudo rpm -i jdk-7u51-linux-x64.rpm
# Check if the default java version is set to sun jdk
You can’t perform that action at this time.