I’m very happy and proud to share that the Open Web Application Security Project (OWASP) Web Security Testing Guide v4.2 is now available! This update is the result of a lot of hard work by the repository team and many dedicated contributors. With a team like this, I’m honored to be a core maintainer and co-author.
Here’s a reprint of the announcement I wrote for owasp.org. If you’re interested in security testing for web applications and APIs, this is an update you’ll definitely want to check out!
You can become a contributor yourself by joining us on GitHub!
The OWASP Web Security Testing Guide team is proud to announce version 4.2 of the Web Security Testing Guide (WSTG)! In keeping with a continuous delivery mindset, this new minor version adds content as well as improves the existing tests. …
If you happen to visit my website, you may notice I’ve spruced it up a bit. Victoria.dev can now better respond to your devices and preferences!
prefers-color-scheme media feature can be queried to serve up your user’s color scheme of choice. The
light option is the go-to version if no active preference is set, and it has decent support across modern browsers.
Additionally, users reading on certain devices can also set light and dark color themes based on a schedule. For example, my phone uses light colors throughout its UI during the daytime and dark colors at night. …
Here’s how I lovingly built a subscription signup flow with email confirmation that doesn’t suck. You can too.
If you’re interested in managing your own mailing list or newsletter, you can set up Simple Subscribe on your own AWS resources to collect email addresses. This open source API is written in Go and runs on AWS Lambda. Visitors to your site can sign up to your list, which is stored in a DynamoDB table and ready to be queried or exported at your leisure.
When someone signs up, they’ll receive an email asking them to confirm their subscription. This is sometimes called “double opt-in,” although I prefer the term “verified.” Simple Subscribe works on serverless infrastructure and uses an AWS Lambda to handle subscription, confirmation, and unsubscribe requests. …
Setting up new Wi-Fi? Picking the type of password you need can seem like an arbitrary choice. After all, WEP, WPA, WPA2, and WPA3 all have mostly the same letters in them. A password is a password, so what’s the difference?
About 60 seconds to billions of years, as it turns out.
All Wi-Fi encryption is not created equal. Let’s explore what makes these four acronyms so different, and how you can best protect your home and organization Wi-Fi.
In the beginning, there was WEP.
Readers of my blog typically know more about technology and cybersecurity than most people. This article is for most people. If someone you know could benefit from a simple and straightforward cybersecurity starter pack, please share this article with them — it benefits everyone!
My articles are evergreen, but this note is not. If you’re reading this, it means you can still get 3 extra months free with ExpressVPN for Black Friday.
If you’ve ever said to yourself:
“There’s no one targeting lil ol’ me.”
“I have nothing to hide, anyway.”
“I’m too busy to learn all this stuff. Why can’t someone just give me a simple summary of best practices that I can skim in approximately seven minutes?” …
Most people know that a VPN is meant to protect your privacy on public or open Wi-Fi. A lesser-known purpose is to protect your privacy right in your own home, from your own internet service provider (ISP).
A set of Federal Communications Commission (FCC) rules entitled “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services” were unfortunately struck down in 2017. These rules would have prevented ISPs from using and selling your sensitive personal data, such as precise geographic location, health and financial information, web browsing history, and even the content of the messages you send.
I’m not comfortable having that data stored anywhere. Handing it over to my ISP makes me even less comfortable, since these treasure troves of sensitive personal data are a frequent and profitable target for ill-intentioned hackers as well. …
If you regard writing tests as a lame checkbox task, nothing could be farther from the truth. Done correctly, tests are one of your application’s most valuable assets.
The Django framework, in particular, offers your team the opportunity to create an efficient testing practice based on the Python standard library
unittest. Proper tests in Django are fast to write, faster to run, and can offer you a seamless continuous integration solution for taking the pulse of your developing application.
With comprehensive tests, developers have higher confidence when pushing changes. I’ve seen firsthand in my own teams that good tests can boost development velocity as a direct result of a better developer experience. …
Do you want your team to enjoy your development workflow? Do you think building software should be fun and existentially fulfilling? If so, this is the article for you!
I’ve been developing with Django for years, and I’ve never been happier with my Django project setup than I am right now. Here’s how I’m making a day of developing with Django the most relaxing and enjoyable experience possible for myself and my engineering team.
Instead of typing:
python3 -m venv env
pip install -r requirements.txt
python3 manage.py makemigrations
python3 manage.py migrate
python3 manage.py collectstatic
python3 manage.py runserver
Wouldn’t it be much nicer to type
make start and have all that happen for you? I think so! We can do that with a self-documenting Makefile! Here’s one I frequently use when developing my Django applications, like…
Growing, successful applications are a lovely problem to have. As a product develops, it tends to accumulate complications the way your weekend cake project accumulates layers of frosting. Thankfully Django, my favorite batteries-included framework, handles complexity pretty well.
Django models help humans work with data in a way that makes sense to our brains, and the framework offers plenty of classes you can inherit to help you rapidly develop a robust application from scratch. As for developing on existing Django applications, there’s a feature for that, too. …
If you want to have a confidential conversation with someone you know, you might meet up in person and find a private place to talk. If you want to send data confidentially over the internet, you might have a few more considerations to cover.
TLS, or Transport Layer Security, refers to a protocol. “Protocol” is a word that more or less means “the way we’ve agreed to do things around here.” The “transport layer” part of TLS simply refers to host-to-host communication, such as how a client and a server interact, in the Internet protocol suite model.
The TLS protocol attempts to solve these fundamental…