Category Archives: Development

Discover the OWASP Cheat Sheets for improving security in applications

OWASP has started building a library of cheat sheets, information that summarizes a lot of the knowledge around managing, reviewing, building and testing software and services.

No doubt you as a developer or the development organization you work with already know about OWASP, the top-10 list and coding guidelines. OWASP also provides the Cheat Sheet series, high value information on specific topics written by security professionals who have expertize in these topics.

Cheat Sheets for your QA and Requirements

The Web Application Security Testing Cheat Sheet, currently published as a draft, provides hints for QA on how to address initial high level security testing of a service. Among other things, it lists a number of injection attacks, and even if there of course are more it will give the tester the basis on how to set up a test plan. The  Authentication Cheat Sheet is great for helping a product manager or architect to find requirements on how to log in to the service.

References

[1] https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series
[2] https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet
[3] https://www.owasp.org/index.php/Authentication_Cheat_Sheet

Rickard Schoultz
I work at Digital River World Payments at the Principal Architect, but all views are my own. I write about technologies related to payments, security, network infrastructure and information management.

Developer MacBook setup

I recently got myself a MacBoook Pro, using it for both working when at home but primarily for my side projects. These are the tools I am using  for that. It is not an exhaustive list, as most of the work is done in linux, either remotely or virtualized on the machine and there are quite a few online services that I use as well. However, this maybe can help someone with getting started when switching to Mac OS X.

Java Development

Mobile Development

  • Install XCode for iOS development projects.
  • Install Android Studio for all things android.
  • Install Unity.

Modeling

  • Install Modelio for systems design.
  • Install OmniGraffle.
  • Install Microsoft Visio. This is comparably expensive, but is needed for several projects.

General Development

  • Use Emacs for mostly everything.
  • Install Sublime for occasional web development.
  • Install iTerm to replace the terminal.
  • Install Brew, a mac os x package manager.
  • Install Bower, for web development.
  • Install NodeJS.
  • Install Yarn.
  • Install Grunt.
  • Install Microsoft Remote Desktop.
  • Install Chrome.
  • Install Firefox.
  • Install Oracle VirtualBox.
  • Install vagrant.
  • Install docker.
  • Install Kubernetes.
  • Install Keka. Free mac file archiver.
  • Install git.
  • Install SourceTree from Atlassian.
  • Install zsh – highly customizable command shell.
  • Install MenuMeters

Utilities

  • Install Scroll Reverser 2 (Karabiner does not work with macos Sierra)
  • Install keybase.io
  • Install OVPN
  • Install SpectacleApp for Windows management.
  • Install Airdroid for file transfers locally
  • Install Greenshot – a better screen clipper
  • Get USB Overdrive for support of mouse buttons…

Other development related

  • Setup bash completion
  • Install Licecap. Screen to animated GIF.
  • Install Chrome.
  • Install Firefox.
  • Install Adobe Creative Cloud.

Chrome plugins

  • Install Postman. A very good REST API development tool.
  • Install Ghostery. Know what they know about you.
  • Install getpocket. Saving stuff for later read.
  • Install LastPass. Keep track of your secrets.
  • Install Evernote clipper.
  • Install Tampermonkey when you need that extra functionality on someone else’s website.
  • Install OneTab to close all tabs but keeping track of them for later.
  • Install The Great Suspender to save memory even though you cannot let go of browser tabs.

Looking at my local Network

  • Install Wireshark
  • Install PacketPeeper

On Virtual Machines

Using Vagrant/VirtualBox,

  • Install CentOS
  • Depending on the project at hand, set up the instance with what is needed (Cassandra, Hadoop, Zabbix etc).

Other things that I use the MacBook for

  • Install HandyLock
  • Install Little Snitch
  • Install Spotify.
  • Install Sonos for the speakers.
  • Install Dropbox
  • Install Google Drive
  • Install Microsoft OneNote
  • Install Microsoft Office.

 

Rickard Schoultz
I work at Digital River World Payments at the Principal Architect, but all views are my own. I write about technologies related to payments, security, network infrastructure and information management.