Profile picture
Ben Owen
@_benjaminowen
, 9 tweets, 1 min read Read on Twitter
A slightly different security talk from @KatyAnton next. #NDCOslo
Argh. I took loads of notes but the Twitter app crashed and I lost them :( From memory and in no particular order:
Use OWASP lists
Encapsulate third party libraries
Prevention is better than mitigation
Log exceptions, e.g. high rates of authentication failure, server-side validation failures where client-side validation should have caught the issue
A single security control (e.g. input / output encoding) may address multiple vulnerabilities
Injection attacks are still the most prevalent
Use parameterization to separate commands and data
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Ben Owen
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#NDCOslo

More from @_benjaminowen see all

Profile picture
Ben Owen
@_benjaminowen
My last session for #NDCOslo 2019 will be "Everything is Cyber-broken 2" by @troyhunt and @Scott_Helme. I missed their talk last year due to flight timings so I'm excited to finally see it!
Check out securityheaders.io, Report URI
Let's Encrypt is challenging traditional CAs
Read 7 tweets
Profile picture
Ben Owen
@_benjaminowen
Interested to hear "war stories from .NET team" by @ziki_cz. #ndcoslo
Debugging hardware errors is difficult. Always check whether a bug can be reproduced on more than one machine
Some bugs just aren't worth fixing
Read 8 tweets
Profile picture
Ben Owen
@_benjaminowen
Now it's time for "The visible developer: why you shouldn't blend in" by @quorralyne. #NDCOslo
Distill your bio down to key points
Talking yourself down makes others awkward. Be positive
Read 25 tweets

Related threads

Profile picture
Faceless Women For Popehat
@Women4Popehat
1/
Judge: Mr. Avenatti this Court will be appointing counsel for you.

Avenatti: Who?

The instrumental theme of @LRCkcrw ATPL plays louder and louder

Judge: I’ll appoint Ken White

Avenatti: But he’s a nobody! Everybody calls me and tells me so!
2/
Meanwhile somewhere in the greater LA, @Popehat is giddy in anticipation of the funnel cake he is about to order from the food truck.
Suddenly, Ken is struck by a sharp, stabbing pain behind his ey that will not relent causing him to return to his office without funnel cake.
3/ As our hero returns to his office to sit in the dark. He is informed that he has a call.

Judge: Ken, I have appointed you as counsel for Mr. Avenatti.

@Popehat: But your honor, that’s not a good—

Judge: I DONT CARE! ITS YOUR TURN!
Read 12 tweets
Profile picture
Richard James
@RichJamesBits
I have reached a whole new level of #PISSEDOFF.

I didnt think such a #dark and #scary state, or level, could be reached. It may top 12-14-17's causation. It's. That. Bad. So, I've prepared a statement...

docs.google.com/document/d/1_J…

#PascoSheriff #HaveYouAllNoShame @CigarCityBeer
Dear @FBI,
I must implore you ask your colleauges in @FBITampa to help research this new level of #PISSEDOFFNESS. As locals, they may offer a special indepth knowledge of this new level I have reached. This is not fair & law enforcement must #investigate. No one deserves this.
This is my #apogee of #Pissedoffness.
If #motherfuckers & #tears werent a noticable level.
If #HUSH or #INTIMIDATION tactics being deployed didnt strike a chord.
If #EVIDENCE, PROOF, or 30k Bonds didnt #WOW YOU.
If posting mom with no shred of investigatable value wasnt enough...
Read 463 tweets
Profile picture
Glen Peters
@Peters_Glen
THREAD

CO₂ emissions have declined (2005-2015) in 18 advanced economies (US & EU countries). What have they done differently to other countries & what can other countries learn?

1/ rdcu.be/bor0g
First, a preemptive strike. No, it is not because they outsourced their emissions.

In the 2000's, when China was growing rapidly, this was an issue. Since the Global Financial Crisis, this is not a problem. Consumption emissions are declining (fast)

2/ agupubs.onlinelibrary.wiley.com/doi/full/10.10…
The drivers of the decline vary by country, but three elements are consistent:
* A decline in total energy use (orange)
* An increase in non-fossil energy (green)
(other factors can be important in single countries)
* A plethora of energy & climate policies (not shown)
3/
Read 8 tweets
Profile picture
Taylor
@dtaylor5633
Trip down memory lane, in no particular order...

Remember during Indyref the rUK loved us that much that they would only campaign for No if they were getting paid for it? They had to bus astroturf activists
When the big hitters in the No campaign would hold rallies to literally thousands of people
When Glasgow had the Commonwealth games they banned the Scottish flag for being political, but allowed folk to bring Union Flags with "No!" etc on them
Read 11 tweets
Profile picture
James Barisic 🇪🇺 #FBPE
@jamesmb
It’s Time Twitter Cleaned Up The #Phishing Ads

I’ve just written this. I’m passionate about Twitter - always have been. I love how it is tackling fake accounts and hoping to reduce the amount of extremism online. But these adverts should be a priority.

link.medium.com/gCqRV3BVAR
Today’s scam has roped in @patheuk, @swansladies, @sarahscoop, @angola2411, @bookmyshow_sup - last time it was @monsterjobs, @GeoffroyDidier, @wsu_womensgolf, @CarteNoireUK and @rpsgmavericks - all without their knowledge and all trying to scam people out of their #bitcoin.
Each of the accounts used in the scams are @verified and, last time this happened, I copied in @TwitterSupport so they knew it was happening. It looks like it takes about 30 mins-1 hour to take down these scams but that is long and the damage to innocent accounts lasts longer.
Read 5 tweets
Profile picture
IMReturnsManager
@IMRiskManager
Unlimited Memory
by Kevin Horsley
Week 1
#WeekendReading
#LearningTogether
1 I am learning to use mind maps so will try to illustrate the broad theme of the book with them.
Will post a complete mind map when I finish reading it.
2. Your memory is the glue that binds your life together; everything you are today is because of your amazing memory. You are a data collecting being, and your memory is where your life is lived.
#memory
Read 31 tweets

Trending hashtags

#DavidKramer #Aleppo #MAGA #JustSaying #Tipperary #law #fundraising #Chinese #Bookmarks #madness #Google #impressions #Lightyears #BlackGirlMagic #Schiff #TickTock #MAGIC #tweetception #FBI #new #Why #MOTHER #Itsme #PascoCourtHouse #vicariouslearning
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!