57: PubNub on Web Crypto


Jay Oster (@KodeWerx), Core Engineer at PubNub talks with us about working with Web Crypto as well as the landscape of Cryptography today. What is on the horizon for client side security & Web Crypto?



Angular Remote Conf

Do you want to attend a conference with top level Angular speakers but can afford the cost and inconvenience in travelling? Angular Remote Conf is an online conference Sept. 24th through the 25th with live interactions, a dedicated forum, respected leaders in Angular, and best of all you never have to leave the comfort of your own home to attend.


The Web Platform Podcast listeners receive a 20% discount for https://angularremoteconf.com/. All you have to do is use "webplatform" as the coupon code at checkout to  get your 20% off. This works for group tickets, standard tickets, and early bird as well. Head over to angularremoteconf.com and sign up ASAP to get the maximum savings

DevFestDC 2015

The Web Platform Podcast is a proud media sponsor of DevFest 2015. DevFest is a conference  with Great Sessions and Code Labs on Android, Wearables, Polymer, AngularJS, Google Cloud Platform, Meteor and many others.


Show hosts Danny Blue & Erik Isaksen will be speakers and the event will be held at AOL Headquarters in Dulles VA Friday Sept 11th 2015 & Saturday Sept 12th 2015. For event registration details check out devfestdc.org and click on the eventbrite link. www.eventbrite.com/e/devfestdc-2015-google-developer-group-dc-tickets-17538373748 now!




Direct download: episode-57_pubnub-on-webcrypto.mp3
Category:security -- posted at: 11:47am EST

45: SSO, Open ID, & Anvil Connect

Identity is the missing link that connects all your users, apps, services, and devices to each other and the rest of the world. Christian Smith (@anvilhacks) is founder of Anvil Research (@AnvilResearch) and the creator of Anvil Connect, an open source authorization server built with Node.js to authenticate your users and protect your APIs.


Anvil Connect simplifies security when you have many apps and services to integrate. It acts as a broker between your apps, APIs, and a long list of OAuth providers like Google, Facebook, Twitter, and GitHub. The server works with apps written in any programming language that speaks HTTP. The code is MIT licensed and implements open standards like OAuth 2.0, OpenID Connect, and JSON Web Tokens.



Direct download: episode-45_sso-openid-and-anvil-connect.mp3
Category:security -- posted at: 10:30am EST

42: Human Hacking & Social Engineering

What is Social Engineering (SE) and why should developers care? It is the ability to manipulate. It is the power to influence, elicit, and misdirect. It is a means hackers can use, for better or worse, to breach or protect companies, start or stop cyber wars, commit or prevent cyber crimes, and steal or secure your data.


Social Engineer, hacker, & author Chris Hadnagy (@humanhacker) discusses the dangers technology companies & developers are exposed to everyday. Social Engineering has become an art form. It can be used to help or hinder others. Those that help prevent SE attacks like Chris are known as White Hats. Those that seek to harm and take from others with malicious intent are known as Black Hats.


To Black Hats, we are just obstacles standing in the way of their goals. These individuals will do whatever they must to get us to reveal our secrets. Most times we even do this willingly, without ever realizing we have been hacked until it’s too late. Seemingly trivial information to us may just be the last crucial piece of information a Black Hat needs.


All the firewalls & countermeasures in the world can’t protect us from ourselves. We can’t afford to have our applications, our money, our lives hacked to bits because of our human nature. Chris talks with us on how we can prevent this from happening to us and our teams.

Upcoming Events with Chris Hadnagy



Direct download: episode-42_human-hacking-and-social-engineering.mp3
Category:security -- posted at: 11:56am EST

28: Securing our Web Applications

Gary McGraw (@cigitalgem), CTO of the security giant Cigital, chats with us about how web developers, and software engineers in general, can best secure applications we are building today. We dive into best practices, team collaboration techniques, where to go for further information, and what companies like Cigital are doing for the web security community.



Direct download: episode-28_securing-our-web-applications.mp3
Category:security -- posted at: 1:40pm EST

26 : Ruby on Rails Security & OWASP RailsGoat

While working to secure Rails applications in a truly Agile development environment, it became clear to Ken Johnson (@cktricky), CTO of nVisium Security, and Mike McCabe (@mccabe615) that the Rails community needed attention to security in the form of free and open training. The events that have transpired this past year have only reinforced that belief. RailsGoat, an OWASP project, is an attempt to bring attention to both the problems that most frequently occur in Rails, solutions for remediation, and common attack scenarios. Ken, Mike, and their contributors built a vulnerable Rails application that aligns with the OWASP Top 10 and can be used as a training tool for Rails-based development shops.



Direct download: episode-26_rails-security-and-railsgoat.mp3
Category:security -- posted at: 12:27pm EST