Profile picture
Ben Owen @_benjaminowen
, 6 tweets, 1 min read Read on Twitter
First up today is @fransrosen on Attacking Modern Web Technologies. #NDCOslo
AppCache can be exploited to redirect users to malicious content.
Service Workers are also a potential attack vector, though there are more limitations.
Allowing direct uploads to S3 buckets (and similar) secured by Upload Policies is easy to accidentally make insecure.
For example, omitting the key prefix from the policy allows the user to overwrite any file in the bucket. This could even be used to set up an attack using Service Workers.
Be careful about sending signed bucket URLs back to the client. These need to be validated to make sure users are not able to overwrite or read files that they shouldn't be able to access.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Ben Owen
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#NDCOslo

More from @_benjaminowen see all

Profile picture
Time for another @richcampbell talk already - this time on the history of .NET. #NDCOslo
Just realised that I've actually seen Richard deliver an earlier version of this talk at @ADNUGUK. Quite happy to listen again though!
Microsoft was originally a programming language company, not an OS company.
Read 9 tweets
Profile picture
Last session of the day at #ndcoslo - "Code phonology" by @Felienne.
Programmers are immersed in programming like fish in water - are they the best people to articulate what programming is?
Spreadsheets are functional programming - except so intuitive that people don't realise they are programing.
Read 6 tweets
Profile picture
.@adamralph giving a practical guide on finding service boundaries. Hoping this ties up earlier sessions on DDD, architecture and technical debt. #ndcoslo
Systems tend towards the Big Ball Of Mud architecture due to entropy.
This is often the gradual accretion of small, innocuous changes over a long period of time.
Read 16 tweets

Related threads

Profile picture
Who wants a year-in-review of the Nazis I doxed in 2018?
I'm not going to present these in any particular order, but I'll save the best for last.

First up, we have Shane Duffy, from the Chicago area.

Shane is a neo-Nazi and a former member of the Traditionalist Workers Party. He's noteworthy because he is one of the several people who openly discussed running down protesters in the Charlottesville planning Discord. He went by the name AltCelt.
Read 21 tweets
Profile picture
MAY: Anything in the morning papers?
LIDINGTON: Rees-Mogg says the ERG have almost got enough letters in
MAY: Ha! He said that on Friday too. Have you ever been to an ERG meeting?
LIDINGTON: God no
MAY: It's like someone injected liquefied YouTube comments into some ham
<At the ERG>

FIELD: ...And that's why Doctor Who should go back to being a man
REES-MOGG: Thank you Mark. Most enlightening. Next up Christopher Chope
CHOPE: It's time we had International Men's Day...
GOVE: ThErE aLReadY is OnE
CHOPE: Sorry what?
GOVE: nO ReALLY. iT's toDaY
GOVE: InTERNatIONal MeN'S dAY iS tODay
CHOPE: Must be new!
GOVE: iT's BEen ArOuND siNCE 1992
REES-MOGG: Good work all! Definitely new!
GOVE: iS mY HuMAn vOICE nOt wORKing? I sAId 1992
REES-MOGG: Well this is a bloody big victory for ERG political pressure!
GOVE: iS ThIS ThINg oN?
Read 19 tweets
Profile picture
Today, the @TXSBOE will hear public testimony on eliminating Helen Keller, Hillary Clinton and dozens of other people from the state's history curriculum.

Follow me for live tweets from the debate and read this for background: dallasnews.com/news/education… #txlege #txed
@TXSBOE And we're off!

The @TXSBOE has gaveled in. Chair Bahorich says live stream is down, so I'm glad I'm here in person!

First up today is public testimony on the changes to the social studies curriculum. 35 people have signed up to speak. #txlege #txed
@TXSBOE Some curriculum changes have gotten more attention than others.

Yes, Helen Keller and Hillary Clinton (both recommended, not required, to be taught) are on the chopping block.

But there are DOZENS of other proposed changes too.

dallasnews.com/news/education… #txlege
Read 87 tweets
Profile picture
Let's have our weekly #GlobalEChats and discuss the topic of #foodtech #delivery.

As #food is a necessity, it is natural that #entrepreneurs are lured into venturing in the F&B business. What more with #IR40, we often think of taking business one step ahead: by involving tech!
Now let's break this down into two types of niche within #fooddelivery and #fnb industry.

1. You own the restaurant and you are providing an additional delivery #service.

2. You don't own any restaurant and you are merely the delivery service.

The two are very different!
To help put points into perspective:

#1 is a classic example of pizza stores such as @DominosMY. Any #eatery can set up its own delivery system.

#2 is a rather new invention. Such examples would be @foodpanda_my and @GrabMY's GrabFood service!
Read 13 tweets
Profile picture
Dear @KamalaHarris and @SenFeinstein:

It is critical that you pass Senator Ron Wyden’s PAVE Act, which requires that states give all voters the option to mark their ballots by HAND and that they conduct Risk Limiting Audits for federal races. Thread. 1/
Although the PAVE Act has a 2020 effective date, the hand marked ballot clause must be accelerated to 2018. This CAN be done bc even most paperless counties already have scanners (for absentees), which can be used to count paper ballots in the midterms. 2/ usatoday.com/story/opinion/…
Relying on Touchscreens is too risky bc voters will be unable to vote if there is a widespread failure and an insufficient number of paper backup ballots at the polls. 3/ votetrust.verifiedvoting.org/index.php?opti…
Read 8 tweets
Profile picture
#Today's story to #EndFamilySeparation Four months ago, Dad and 4-month-old entered at the Texas/Mexico border and requested #asylum. Dad and child were immediately separated and the baby put in ORR custody. #FamiliesBelongTogether
Dad was detained in a #Texas detention center where @RAICESTEXAS consulted. Dad accepted a deportation to be quickly reunited w/ his infant child. However, the Dad was deported & NOT his child. The now 8-month-old baby has been in ORR custody for 4 months. #EndFamilySeparation
The Mom and Dad now have once weekly Skype calls with their 8-month-old baby. That's right, folks. They Skype with an infant. #EndFamilySeparation #FamiliesBelongTogether
Read 7 tweets

Trending hashtags

#Today #FLY #DirectorsCut #AWSreInvent #smarcities #OnAssignment #NBERday #InternetBillofRights #USMC #foodtech #TheResistance #2018MMM #GlobalEChats #WASP #betterfuture #PopCAANZ18 #president #ideals #whoa #txege #EyesOpen #saywhat #Vegas #smarticities #factories

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!