Passionate technical leader with a proven success record architecting and implementing high-impact software systems for companies ranging from startups to large companies. Participated as an executive, architect, and developer for over 150 projects. In-depth knowledge and experience architecting Microservices (nee SOA), containers, CMS and portal solutions on various platforms. At present, re-architecting a Linux Distribution for more flexibility in a containerized world. Evangelist and implementer of the “perpetual beta,” the promise of DevOps, and the hybrid cloud as ways to create more resilient and usable web applications. Published and spoken at professional and industry conferences.
Authorization and Authentication are both important aspects to secure development. Come check out our latest video in the secure development series and learn about often overlooked authorization events in your applications. The video also discusses Cross-Site Request Forgeries ( CSRF ), what they are and how to avoid them (e.g. OWASP CSRF Prevention Cheat Sheet ).
The next secure development video is out! Come check out a quick video on the impact of numeric errors during your development process. The video covers such problems as Integer Overflows , and Array Index Errors (like Bounds Checking and Index Checking ). You can also find more information about overflows and security in general at The Open Web Application Security Project ( OWASP ). Please leave us your feedback or suggestions for other secure development topics you would like...
Software Developers always know they are supposed to be paying attention to security when they program. However, developers also know that without regular reminders both of the things they know and new threats, secure development practices can suffer. As a result, you might find the new series of videos from the Red Hat Product Security Team useful. The first two videos cover that age old topic, “Input Validation” with the first video a bit of an intro and covering XSS...
Unfortunately, not every application is packaged for every distribution. What do you do when you can't find it packaged for Red Hat Enterprise Linux? If you are like most people, you give up or attempt to install it from source. What happens when installing from source goes badly? If you are like most people, you definitely give up. How do you keep up with application improvements or, perhaps more importantly, security fixes? If you are like most people, you periodically...
Recently, I needed to get Django installed with Python 2.7 on Red Hat Enterprise Linux 6. As this is not a directly supported activity, I wanted to document how I went about it. As you might imagine, the generally expected method for install would be to grab the Python 2.7 source tree and then build it. Obviously, that can be a lot of work; is not particularly repeatable; and, potentially, exposes you to more security flaws. As a result, I...
Article
