“Intro to basic web application security” is an excellent overview of the most common mistakes web developers make when it comes to security. The article provides practical examples (including code snippets and screenshots), which illustrate the problems and ways to solve them. The list includes:
SQL injection (of course! no such guide would be complete without it)
Cross-site scripting (XSS)
Cross-site Request Forgery (CSRF/XSRF)
Local file inclusion (LFI)
Insufficient password hashing
Man in the middle (MITM)
XML external entity (XXE)
Sensitive data exposure (including error messages and exceptions)
Login rate limits
and a variety of other, small, but potentially dangerous issues.
Today I came across this GitHub repository, which makes this resource even better specifically for PHP developers. Yup, that’s right, the GitHub repository features all code examples written in PHP 7.3, making it super easy to jump into coding.
And if you aren’t a PHP developer, have a look at the other repositories, which do the same for a few other programming languages.
awslabs/aws-cloudformation-templates is an extensive collection of Amazon AWS CloudFormation templates for a wide range of resources and services. Some of these can be used as is for deploying production infrastructure, others are good starting points for those of us who are still learning.
“How To Speed Up The Code Review” is a collection of excellent tips and strategies on how to make your Pull Requests easier to review. These work equally well for Open Source projects and for proprietary repositories.
The gist of this article is: don’t make large pull requests, and don’t mix different types of changes within the same pull request. Read the whole thing for suggestions on how to actually do that.