So, welcome to the 9th edition of developer news!
Apologies for this week’s news being a couple of days late, but here it is now:
1 : Troy Hunt on data breaches
In this first item, Microsoft MVP Troy Hunt, shares an article describing how he is testifying in front of congress on the impact of data breaches. It seems that data breaches, or at least news covering them are becoming increasingly more common.
2: Linus Torvalds
So another security related item, but this time Linux Torvalds voicing his opinion on security engineers, and approaches to managing security flaws on the Linux kernel mailing list. As ever, he is very vocal about his opinions, and certainly evokes a lot of reaction from around the web. This does serve to open up a lot of discussion into what we should be doing as software engineers to avoid security issues, and react responsibly.
3 : 77% of sites use vulnerable JS libraries
It is a good reminder that even once our code is delivered and running in production, we should be aware of ongoing maintenance such as looking for updated packages that contain important security fixes.
See details on the report here.
4 : New OWASP Top 10
OWASP have just released their new top 10 application security vulnerability analysis. If you haven’t heard of their publications, they are a pretty popular thorough analysis of the top 10 most critical web application security risks.
This updated version shows the current state of security risks as well as compares this to their earlier publication.
Basically, if you are writing any publicly visible web application, you need to read this guide and the recommendations within.
5 : From Markdown to remote code execution
To conclude this week, and the security related theme, we have an illustrated walkthrough of what exploiting security vulnerabilities can look like.
This article takes a step by step approach, and walks through vulnerabilities in the Atom text editor, and shows how you can go from an issue in markdown handling to remote code execution.
So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.