059 RR – Security with Rein Henrichs

    0
    395

    02:04 – Ruby on Ales

    04:09 – Don't Underestimate the Risks of Being Hacked

    • Loss of Revenue
    • Legal Liability
    • Loss of Reputation

    04:40 – Secure Sockets Layer Certificate (SSL)

    • Think Like a Hacker

    05:58 – Security Is a Practice, Not a Product

    06:20 – RailsCasts on Session Hijacking

    07:20 – FireSheep

    09:00 – Storing Passwords

    09:53 – Avoid the SQL Injection Vulnerability

    10:16 – Rails vs Sinatra

    12:56 – CSRF Tokens

    14:30 – Make a List of the Inputs Into Your System

    • URL Bar
    • Forms
    • API's
    • Containment
    • LinkedIn Incident

    17:14 – Big Red Button

    18:49 – League of Legends compromise & Last.fm compromise

    20:43 – SCrypt

    22:03 – Password Strength Meters

    23:48 – What To Do When You're Hacked:

    • Take the Affected Systems Offline
    • Keep the Affected Systems Around for Forensic Analysis
    • Fix the Problem, Deploy, Nuke

    26:08 – Disclose As Soon As You Know You Are Hacked

    27:18 – Don't Try to Hide Things

    • Get Second Opinions

    28:41 – You Are NOT the Victim. Your Users Are the Victims

    29:10 – Amazon Network Outage Write-up

    31:39 – Brute Forcing is a Numbers Game

    • Exponential Decay
    • Maximum Failure Lockout

    34:58 – SQL Injection

    35:50 – Metasploit

    37:34 – Professional Penetration Testing

    39:33 – Github Public Key Vulnerability Commit

    46:25 – Protect Your Users and Protect Yourself

    47:25 – Engineering Failures vs Culture Failures

    Book Club

    We're reading Growing Object Oriented Software Guided by Tests for the book club. We'll be reviewing it sometime in August.