View Categories

  • Diving into information security principles

    I'm interested in how information security can be better integrated into software development, and how services can be developed in a way that makes good security a natural part of the process. It'll take a lot of effort to get there, but continual improvement in security is achievable at any scale.

    There are new skills to develop and many segmented fields to learn from, which is both exciting and challenging, but the good thing is that there've been many lessons learned that we can take advantage of to develop more secure systems today.

    Continue reading...

  • Staging environments and deployment pipelines

    A staging environment mimics the environment our users interact with as closely as possible, so that we can verify changes and catch issues that may not occur on a local developer environment before promoting changes to production.

    Continue reading...

  • Enabling regular expressions in SQLite with Rails

    Recently I was looking into writing custom functions for SQLite in a Rails application, specifically to support regular expressions. It took a few attempts to find a good solution, so I thought it might be worth posting the end result.

    Continue reading...

  • Setting HTTP security headers in Rails

    HTTP security headers are easy to configure, and provide a flexible way to mitigate several types of cross-site scripting and sniffing attacks.

    Continue reading...

  • What's risk management?

    Risk management is one of the topics covered in the introductory computer security course at UBC, and it's relevant to many other fields including finance, engineering, and project management.

    The main idea is simple: when a project involves high-value assets, an effective approach is to identify all of the relevant risks and evaluate their impact and likelihood in order to prioritize them and determine appropriate countermeasures.

    Continue reading...

  • Improving authentication usability

    Usable security has become a more explicit goal, now that we've recognized that tools that are too challenging to use will not be widely accepted, no matter their utility. Usability and security in practise have become a mainstay at security conferences, and we can see some of the results in industry.

    For instance, we're seeing more experimentation with authentication methods that make passwords easier to use, or that do away with them entirely.

    Continue reading...

  • Waiting until Docker containers are initialized

    An issue that a lot of people run into when automating Docker builds is in figuring out how to wait for services to be set up before running subsequent commands.

    Continue reading...

  • Dijkstra's algorithm for finding the shortest path to other nodes

    Dijkstra's algorithm is a simple, elegant graph algorithm, and one of my favourites.

    The problem it solves is the following: given a graph with non-negative edge weights and a start node, how can we find the shortest path to other nodes in the graph?

    Continue reading...

subscribe via RSS