InfoSec for Web Developers with Kim Carter
On today's episode, Charles Max Wood and Aimee Knight discuss InfoSec for Web Developers with Kim Carter. Kim is a senior software engineer/architect, an information security professional, and the founder of binarymist.io. He is currently working on his book called Holistic InfoSec for Web Developers. Tune in to learn more on what his book is all about.
Most security concerns are dealt at the back-end. However, front-end developers could also worry about getting hacked depending on the app they are building.
There are things in the front-end that you can do such as usability, which enable good user experience. As the app is built, such security issues need to be addressed at the front-end before back-end are notified about it.
There are tools that help assess an app's front-end security. One is the browser exploitation framework (BeEF). It focuses on the browser to look after malicious threats.
To implement BeEF, you visit other places online to kickoff some exploits. Afterwards, you break into a network through the browser to test its security.
Dealing with Malicious Attacks
A virus can do anything it wants once it is activated, but can be dealt with using reliable programs. One example is Windows' exploitation via Parashell, which it explicitly trusts. Once a virus affects something, it bypasses the virus and beats the attack.
Stay in touch with Kim:
To hear about InfoSec for Web Developers with Kim Carter, download and listen to the entire episode.
If you’re short on time, here are the highlights of InfoSec for Web Developers with Kim Carter:
Security threat to front-end developers? (1:49)
Social engineering? (8:37)
Things to look out for at the front-end? (14:42)
What is OWASP all about? (18:13)
Tools in using evaluation? (28:56)
Vulnerabilities in captions? (30:30)
Training teams in building a new feature? (33:53)
Aimee: Computer Science Video Courses (GitHub) and Tiny Buddha
Charles: Autonomous Desks
Kim: Summer 25-30 degree days, Vibiemme Domobar Super Lever with Mazzer Mini, Coffee Machine in Gordon, and Christchurch Hacker Conference