Articles By Justin Boyer

Is Your Security Team an Enabler or a Disabler?

What is the purpose of sending your children to school? Apart form compliance with truancy laws, you want your children to learn what is required to become productive members of society. Challenges will come up in this process. It's how you meet these challenges that has a large impact on [Read more...]

By | 2019-01-14T10:55:25+00:00 January 22nd, 2019|

The Difference Between Being Compliant and Being Effective: How to Train Developers Without Getting in the Way

Compliance is about measurement. You measure your effectiveness against a standard so you can later present those measurements to a third party as proof of your compliance. One common measurement for companies requiring PCI compliance is security training. PCI Requirement 6.5 (PDF link) states that companies holding cardholder data must [Read more...]

By | 2018-12-10T16:10:07+00:00 December 10th, 2018|

The Great Escape: Avoiding XSS in Angular Templates

You're not likely to find a web application that doesn't use a sophisticated front-end framework like Angular. One of the selling points of front-end frameworks like Angular has been their best effort to prevent Cross-site Scripting (XSS) by escaping characters that could be interpreted as code. These efforts are commendable, [Read more...]

By | 2018-11-26T14:35:55+00:00 November 26th, 2018|

Security Training’s Place in a Secure SDLC

The software development life cycle (SDLC) is a common sight to those who work on software projects. Whether you're a developer or a security engineer or even a project manager or QA tester, you know all of the pieces by heart. You begin by creating requirements so you know what [Read more...]

By | 2018-10-31T21:59:31+00:00 October 31st, 2018|

5 Reasons Your App is Insecure

I'll let you in on a little secret. Most hacks are boring. They aren't the crazy, complicated "Ocean's Eleven" style plan within a plan hacks you might see on TV or in the movies. To most people, actually hacking a website would be pretty boring. There are pieces of software [Read more...]

By | 2018-10-08T12:51:04+00:00 October 8th, 2018|

Zero to Hashing in Under 10 Minutes: Argon2 in Nodejs

    View a screencast walkthrough of the material in this post here. Those who work with the Agile methodology expect change. The security field is no different. It’s hard for developers to keep up with all of the changes in application security practices. In fact, it’s sometimes difficult for security experts [Read more...]

By | 2018-09-20T16:07:12+00:00 September 20th, 2018|