Localhost Podcast

Hello from the internet! In this episode we welcome back Rob and don our black hats to take a look at the world of hacking. Enjoy the show!

Hello from the internet! In this episode we speak to Dylan Schiemann about more things Javascript. Enjoy the show!

Hello from the internet! In this episode we speak to Chris Ferdinandi about all things Javascript Enjoy the show!

Hello from the internet! In this episode we continue our exploration of identity, security and authorisation on the web... Enjoy the show!

Hello from the Internet! In this episode we discuss all that is web authentication and how we got here from the pre-cookie days of the internet! From Basic, to Form to Auth0 and WebAuthN we look at the different ways we can get into websites (legally of course!) Enjoy the show!

Hello from the internet! In this special edition podcast we are coming to you live from cfcamp for the yearly (or so it seems!) CodeMasters Quiz! We recorded a whole show and you can now watch it over at https://localhost.fm/codemasters2018 Enjoy the show!

022 - Payment Providers by Mark Drew and Rob Dudley

Hello from the Internet! We are back with a whole new season of the Localhost Podcast! In this episode we go over what changes we have planned! Enjoy the show!

Hello from the internet! In this special edition of the localhost podcast, we are live at the end of the awesome CFCamp Conference in Munich Germany , pondering and doing a retrospective about all the topics covered! It was a blast! Come join the fun!

Hello from the Internet! In this episode, we expand our discussion to the world of hackathons and Game Jams! Enjoy the episode!

Hello from the internet! In this episode we go retro and look at the origins of JavaScript and how we it has become so ubiquitous in the development of the web Enjoy the episode!

Hello from the internet! In this episode, we continue our walk in the badlands of development as we review the seemingly impossible task of securing our applications. Enjoy the episode!

Hello from the internet! In this episode we will be talking to a very special guest! Steve Streeting! If you are into source control, this episode is for you. Enjoy the episode!

Hello from the Internet In this we count down the OWASP TOP 10 and explore the implications of each of the issues that we should be looking at in securing our applications. Enjoy the show! ## Show Notes - [OWASP](https://www.owasp.org/index.php/Main_Page) - [OWASP TOP 10 for 2017](https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf) ### 10. Logs - Insufficient Logging and Monitoring - https://www.owasp.org/index.php/Top_10-2017_A10-Insufficient_Logging%26Monitoring - Graylog - https://www.graylog.org/ - Logstash (ELK) - https://www.elastic.co/elk-stack ### 09. Components - https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities - Safety - Python - https://pyup.io/safety/ - Ruby - http://guides.rubygems.org/security/ - Node - Node Security - https://github.com/nodesecurity/nsp ### 08. Deserialization - https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization ### 07. XSS - https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS) ### 06. Security Misconfiguration - https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration - How to harden a Linux server: - https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-123.pdf - https://medium.com/viithiisys/10-steps-to-secure-linux-server-for-production-environment-a135109a57c5 - https://www.cyberciti.biz/tips/linux-security.html ### 05. Broken Access Control - https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control - Firesheep - https://codebutler.com/projects/firesheep/ ### 04. XML External Entities - https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE) - Billion Laughs Attack - https://en.wikipedia.org/wiki/Billion_laughs_attack ### 03. Sensitive Data Exposure - https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure - PCI DSS - https://www.pcisecuritystandards.org/pci_security/ - GDPR - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ - Password Hashing - https://crackstation.net/hashing-security.htm - Best practice for SSL + TLS - https://www.ssllabs.com/ssltest/ - https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ - Let’s Encrypt - https://letsencrypt.org/ - CipherList - Strong config for Apache / Nginx https://cipherli.st/ ### 02. Broken Authentication - https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication - Horse staple - https://xkcd.com/936/ - NIST - https://www.passwordping.com/surprising-new-password-guidelines-nist/ - Rainbow tables - http://project-rainbowcrack.com/table.htm - Google 2FA - Authy - https://authy.com/ - Duo - https://duo.com/ ### 01. Injection - https://www.owasp.org/index.php/Top_10-2017_A1-Injection - Bobby Tables - https://xkcd.com/327/ - Misc - Nessus - https://www.tenable.com/products/nessus/nessus-professional - OpenVas - http://www.openvas.org/ - ZED Attack Proxy - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project - zxcvbn: realistic password strength estimation - https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/ - Be afraid, be very afraid - https://attack.mitre.org/wiki/Main_Page

Hello from the internet In this develop episode we have the pleasure of talking with Docker Captain Bret Fisher and with Grant Shepert about Docker, how it is used and the upcoming MuraCon Conference! Enjoy the show!

Hello from the internet! In this episode Rob and Mark discuss the use of Version Control and where it comes from, what are the best tactics and where we are going with it! Enjoy the show!

Hello from the internet! In this episode Rob and Mark explore the vast landscape of the "noSQL" category of software. Not Only SQL might not be the best name but we try to get a better handle on what it is. Enjoy the show!

Hello from the internet! In this episode Rob and Mark take a brief look back at Season 1 and what we managed to cover. We then take a sneak peek into what we will be talking about in this year's Season 2 Give us feedback on http://bit.ly/localhostfeedback

Hello from the Internet! In this episode we explore the idea of the "twelve factor application" which allow you to deploy scalabale applications or software as a service type systems.

Hello from the Internet! In this episode we discuss and explore the technical debt that can get stored in our projects. We go over what technical debt is, how it happens, and what we can do to mitigate it!