A road with START and FINISH painted on it.

Building better security: Part 1

According to the UK IT Governance blog, 148 million records were breached in December 2020!

As stories of data breaches hit the news each day, many companies are trying to patch the security of their systems as quickly as possible.

That’s a start, but it’s not enough. Security is not a one-time task. It has to be built into your development process, not added on as an after-thought.

Continue reading
Photo of red plastic bag in green grass

Environmentally-friendly XML

There’s a reason you pay for plastic shopping bags. It is to protect the environment. Durable shopping bags can be re-used, and don’t pollute our oceans and landfills.

Re-use is a good thing – and not just for the environment. We know that code re-use is important. And that also applies to data. If we have data that is used in many places, we only want to store it in one place and have one source.

That’s the same principle behind XML external entities (XEE). Unfortunately, there’s a potential security loop hole.

Continue reading
Illustration of thief with bag over his shoulder and the word XSS

The X in XSS

I’ve mentioned Cross-Site Scripting, aka XSS, in some of my previous posts. And I’m sure you’ve heard of it as well.

XSS is often categorised as either reflected XSS or stored XSS. And then DOM-based XSS was added. OWASP now categorises XSS as:

  • Client XSS
  • Server XSS

Both of these can be either reflected or stored, which can make it all a little confusing.

Continue reading