A road with START and FINISH painted on it.

Building better security: Part 1

According to the UK IT Governance blog, 148 million records were breached in December 2020!

As stories of data breaches hit the news each day, many companies are trying to patch the security of their systems as quickly as possible.

That’s a start, but it’s not enough. Security is not a one-time task. It has to be built into your development process, not added on as an after-thought.

Continue reading
Photo of red plastic bag in green grass

Environmentally-friendly XML

There’s a reason you pay for plastic shopping bags. It is to protect the environment. Durable shopping bags can be re-used, and don’t pollute our oceans and landfills.

Re-use is a good thing – and not just for the environment. We know that code re-use is important. And that also applies to data. If we have data that is used in many places, we only want to store it in one place and have one source.

That’s the same principle behind XML external entities (XEE). Unfortunately, there’s a potential security loop hole.

Continue reading
Illustration of thief with bag over his shoulder and the word XSS

The X in XSS

I’ve mentioned Cross-Site Scripting, aka XSS, in some of my previous posts. And I’m sure you’ve heard of it as well.

XSS is often categorised as either reflected XSS or stored XSS. And then DOM-based XSS was added. OWASP now categorises XSS as:

  • Client XSS
  • Server XSS

Both of these can be either reflected or stored, which can make it all a little confusing.

Continue reading
Squirrel monkey in a tree eating a cookie

Who stole the cookies?

No, we are not talking about delicious double-chocolate cookies. Although I’ve really missed the fabulous Incus Data cookies during lockdown.

As you know, cookies are small text files. They are usually created by the web server, but are saved and managed by your browser.

Cookies can be harmless or incredibly dangerous. It all depends on how you use them.

Continue reading
Carton of eggs with one broken egg

One broken egg…

I believe in code re-use. You believe in code re-use. No-one wants to re-invent the wheel, especially not if there is a really great, aero-dynamic, ultra-fast wheel available.

That’s why we use libraries and components. But those libraries and components are not written by super-humans. They are written by people like you and me – people who make mistakes.

Continue reading
Hand holding disinfectant and spraying it

How clean is your data?

You might have heard the term “data sanitisation” applied to devices. We need to permanently remove data on portable storage devices and hard drives before we get rid of them.

But today I want to talk about a different form of data sanitization: input sanitisation.

The question you need to answer is this:
How clean is the data that you are saving in your application?

Continue reading