Weekly developer news – November 24th 2017

So, welcome to the 9th edition of developer news!

Apologies for this week’s news being a couple of days late, but here it is now:

1 : Troy Hunt on data breaches

In this first item, Microsoft MVP Troy Hunt, shares an article describing how he is testifying in front of congress on the impact of data breaches. It seems that data breaches, or at least news covering them are becoming increasingly more common.

This article provides a good overview of the impact of data breaches. There is also a good following discussion on this article on Hacker News, and Reddit.

2: Linus Torvalds

So another security related item, but this time Linux Torvalds voicing his opinion on security engineers, and approaches to managing security flaws on the Linux kernel mailing list. As ever, he is very vocal about his opinions, and certainly evokes a lot of reaction from around the web. This does serve to open up a lot of discussion into what we should be doing as software engineers to avoid security issues, and react responsibly.

See his comments here, and an example of some of the resulting discussions here and here.

3 : 77% of sites use vulnerable JS libraries

Sticking with the security theme for this week is a report that illustrates an analysis of over 400,000 web sites that found 77% of them were using JavaScript libraries with known security vulnerabilities.

It is a good reminder that even once our code is delivered and running in production, we should be aware of ongoing maintenance such as looking for updated packages that contain important security fixes.

See details on the report here.

4 : New OWASP Top 10

OWASP have just released their new top 10 application security vulnerability analysis. If you haven’t heard of their publications, they are a pretty popular thorough analysis of the top 10 most critical web application security risks.

This updated version shows the current state of security risks as well as compares this to their earlier publication.

Basically, if you are writing any publicly visible web application, you need to read this guide and the recommendations within.

5 : From Markdown to remote code execution

To conclude this week, and the security related theme, we have an illustrated walkthrough of what exploiting security vulnerabilities can look like.

This article takes a step by step approach, and walks through vulnerabilities in the Atom text editor, and shows how you can go from an issue in markdown handling to remote code execution.

So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Leave a Reply