Exact Dependencies, Insecure Design, How To Learn Stuff Quickly and more
Description
How to Learn Stuff Quickly: https://www.joshwcomeau.com/blog/how-...
Learning how to learn is a crucial skill of the security professional and developer
Never Update Anything: https://blog.kronis.dev/articles/neve...
"In my eyes, it could be pretty nice to have a framework version that's supported for 10-20 years and is so stable that it can be used with little to no changes for the entire expected lifetime of a system."
Bridges fall down due to insecure design - make sure your web applications don't: https://www.securityjourney.com/post/...
This principle also applies to web applications, which is why the new #4 on the OWASP Top 10 2021 list is Insecure Design.
Pin exact dependency versions: https://betterdev.blog/pin-exact-depe...
Use a dependency manager that creates a lock file and commits it to the repository. Even then, pin your dependencies - explicitly specify their exact versions.
Financial services need to prioritize API security to protect their customers: https://www.helpnetsecurity.com/2021/...
Given this growing trend, Knight focused her vulnerability research on the financial services and FinTech companies and was able to access 55 banks through their API's, giving her the ability to change customers' PIN codes and move money in and out of customers accounts.
United States
