Cloud Security, DevOps, AppSec – The Week’s Best News – 2017.07.19

Demystifying Secure Database Development Myths (Application and Cybersecurity Blog, Jun 13 2017)
There are a set of best practices that can be used to build security into applications that use databases to send, retrieve, and store data including appropriate input validation and the use of prepared statements.  You can also increase database security by suppressing database error messages, reducing the attack surface of the database application, using the least privilege principle to deploy databases, and employing defense in depth – not to mention keeping the database system up‐to‐date with software patches….

JSON API’s Are Automatically Protected Against CSRF, And Google Almost Took It Away. (GitHub dxa4481/CORS (Dylan Ayrey), Jul 10 2017)
CORS outlines the policy which defines how a user visiting one origin can make requests to other origins and view the response to those requests. This policy is what defends against one origin from stealing another origin’s data. It prevents Facebook from being able to steal your Gmail contents….

How Do the Mega-Vendors’ Cloud Strategies Compare – Update (Gartner Blog, Jul 14 2017)
Back in April I started to compare the mega-vendor’s revenues and strategies related to how cloud changes everything.  With Oracle’s Q4 2017 out of the way, I thought I would……

Unix: How random is random? (Network World Security, Jul 17 2017)
On Unix systems, random numbers are generated in a number of ways and random data can serve many purposes. From simple commands to fairly complex processes, the question “How random is random?” is worth asking.EZ random numbers
If all you need is a casual list of random numbers, the RANDOM variable is an easy choice……

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn