Cybersecurity
It's for the web? Yes. It's for applications? Yes. It's for mobile? Yes. It's all code, anywhere, all the time.
But how do I understand how to secure such different codebases and platforms? I've said it before and I'll say it again: OWASP.
They have a compendium of cheat sheets to help you on your path. These are goldmines of direct actions you can take for better security when coding across platforms, toolsets, languages. I had forgotten how many morsels of immediately accessible techniques the cheat sheet series each contains.
For instance, Session Stealing is one of the vectors through which the Solar Winds hack was accomplished. Reduce the time period a session can be stolen in by reducing session timeout and removing sliding expiration. But how? Here's one .Net example, which makes it concrete:
ExpireTimeSpan = TimeSpan.FromMinutes(60),SlidingExpiration = false
OWASP is not just Top-10 lists and the place to find out about the latest things to worry about, but it's also for immediately actionable, educational information on what to be doing.
I'm aiming to code a little bit smarter and a little bit better everyday...
Comments