The Bad News:
Last year OWASP published a new top 10, with some surprising changes. Broken access control rocketed from #5 to #1, and cryptographic failures moved up from #3 to #2.
Data breaches are costing organisations more than ever. According to IBM, the average cost of a data breach has climbed 12.7% since 2020.
APIs are at the centre of many of these attacks. Either through misuse or exploitation by attackers.
| #!/bin/sh | |
| HOME_NETWORK_NAME="MI WIFI SU WIFI" | |
| function currentWifiNetworkName() { | |
| /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I | awk -F: '($1 ~ "^ *SSID$"){print $2}' | cut -c 2- | |
| } | |
| log stream --predicate 'subsystem contains "com.apple.UVCExtension" and composedMessage contains "Post PowerLog"' | | |
| while read event; do |
| title Next.js on Vercel | |
| anchor Customer [1.0, 0.75] | |
| component Browser [0.9, 0.72] | |
| component Next.js Frontend [0.79, 0.3] label [15, 5] | |
| component Serverless Functions [0.4, 0.39] label [10, -25] | |
| component Datahopper [0.3, 0.71] label [10, -25] | |
| component Prisma [0.25, 0.75] label [20, -20] | |
| component Postgres [0.15, 0.8] |
| " Much of this cribbed from https://github.com/JoshCheek/dotfiles/blob/908ad88eec6bbcc2bb64beba1b8b1a189dcb46a6/vimrc | |
| " | |
| " Load in plugins | |
| execute pathogen#infect() | |
| " ===== Smallest Viable Configuration ===== | |
| set nocompatible " Behave more usefully at the expense of backwards compatibility (this line comes first b/c it alters how the others work) | |
| set encoding=utf-8 " Format of the text in our files (prob not necessary, but should prevent weird errors) | |
| filetype plugin on " Load code that configures vim to work better with whatever we're editing | |
| filetype indent on " Load code that lets vim know when to indent our cursor |
Anthony Macdonald, Yolanda Redrup and Kanika Sood
Oct 22, 2021 – 1.03pm
Encrypted data storage technology start-up CipherStash has added AirTree Ventures and Nexus Venture Partners to its register in an oversubscribed seed round. The company, which raised $3.3 million, also scored the support of Linktree CTO Zak Islam, as well as Buildkite’s Keith Pitt.
CipherStash CEO and founder Dan Draper has raised $3.3 million.
Cryptography forms the backbone of how we securely use information online, but most developers don’t have more than a surface level understanding of cryptography.
Shannon's maxim states that “one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them”. Open source makes this feasible for cryptography, with open source cryptographic libraries handling a huge proportion of information on the internet in flight and at rest.
Developers place a lot of trust in the authors of these libraries to get the cryptography engineering right.
But when basic usability issues result in developers using the libraries incorrectly, that trust and painstaking cryptography engineering can be for naught. Worse still, developers often believe they have used the libraries to build something that is secure. But that belief is often mistaken — their use of these libraries is actually insecur
2020 saw an escalation in the volume, intensity, and tempo of cyber attacks against critical information systems. In Australia, data breaches cost $3.9m on average. Globally, ransomware cost $20B+.
One contributing factor is how we build systems to handle data about our users. No matter if you're using SQL or NoSQL — you're likely still using many of the same techniques from the advent of the web to read and write data.
The last five years have seen big leaps in how developers are designing and building APIs. What if we apply those same techniques to databases? What sort of security improvements can we unlock?
In this talk, attendees will learn about:
Theme:
Extensions:
Background:
Why the CSCP + CCSL existed:
| #!/bin/bash | |
| if [ $# == 0 ]; then | |
| echo "Usage: $0 <filename>" | |
| exit 1 | |
| fi | |
| source_filename=$1 | |
| target_filename="$(mktemp -d)/$(basename $1)-highlight.html" |