📬 Codestories Newsletter #84: Don’t Let Security be an Afterthought 🔐

Paweł Malita

Apr 1, 2021 • 12 min read

Codestories Newsletter is a regular dose of news, insights, and inspiration for technology enthusiasts, delivered every two weeks. You can subscribe here.

---

In the era of GDPR and other security-related compliance requirements, clients are worrying more and more about the security of their products.

Companies delivering software must address the client’s concerns in a cost-effective way to stay competitive in the market. 🔓

But who in the project team is responsible for the security?

Based on my experience, what really works is shifting security to a top priority. Think about security requirements and potential threats sas early on as possible in the software development life cycle. In such an approach, every team member is involved in bringing security into the project.

How to achieve it in practice? 🤔

Well, in this Codestories Newsletter you may find some tips. 📰

Paweł Malita
Senior Security Engineer

🏆 Weekly Highlights

  • Now you can buy a Tesla with Bitcoin
  • Tips for running a bug bounty
  • UX safety by design
  • Automated security response and remediation with the AWS Security Hub
  • The brilliant idea behind rapid threat modeling
  • Disruption Forum Fintech 2021 happening this April
  • Netguru is officially “Great Place To Work®” certified

🔥 News

Microsoft: 92% of Exchange servers safe from ProxyLogon attacks (Bleeping Computer)
The company has rushed to patch the vulnerabilities after announcing the breach early in March.

Announcing end of support for Python 2.7 in AWS Lambda (Amazon Web Services)
AWS is recommending that developers migrate functions to a supported runtime to receive security patches and remain eligible for technical support.

Astoria company data breach research (Have I Been Pwned)
The lead generation company suffered an extensive breach, which exposed over 11 million unique email addresses and other personal details.

Tesla cars can be bought in Bitcoin (BBC)
You can now skip using legacy money and go straight to Bitcoin for your next electric vehicle.

Italians see a chance to reverse brain drain amid pandemic (Politico)
The rise of remote work has given many Italians working outside the country a chance to return home while keeping their job.

Netguru officially “Great Place To Work®” certified
Netguru is officially “Great Place to Work®” certified and has joined the club of the world's biggest and best companies to share this title.

✅ Must-reads

Design for security (Increment)
Applying design thinking to security practices can create a more fluid and secure experience for your users.

Safe by design – an overview of UX security (Toptal)
Thinking through security during the UX design process will lead to better products with superior protection for users and companies.

Our Disruption Guide Fintech 2021 is here (Netguru)
This guide aims to be a go-to resource for the fintech community with insights from the brightest minds, in an easy-to-digest format.

🌱 Sustainable Tech

Meet the startup using data analytics from Mars to save our water (Sifted)
Utilis has raised $6m to scale its solution in helping infrastructure engineers gather data from deep underground.

How this 'artificial blowhole' aims to make wave energy mainstream
The UniWave 200 in Australia aims to solve the efficiency problems that have plagued earlier efforts to tap into the power of waver energy.

Car-clogged L.A. may build a space-age monorail (Forbes)
The project could further help the effort to reduce the number of cars that clog the region’s highways every day.

💡 Get inspired

Beware the hazards of online 'filter bubbles' (Eli Pariser TED Talk)
The Upworthy co-founder’s presentation from 2011 is a prophetic view into the current challenge democracies face.

Tanya Janca on Twitter (@shehackspurple)
The Best-selling author of Alice and Bob Learn Application Security tweets her observations on software security.

Disruption Forum Fintech 2021
Learn what’s next for payments and how to leverage robots, APIs, and design to boost your product from our digital event.

GitLab’s Top 5 Tips for Running a Bug Bounty Program (The New Stack)
Application Security Team Manager gives advice that allowed GitLab’s bug bounty program to succeed.

⚙ Tips & tricks

Scanning web application with OWASP ZAP (DEV Community)
A walkthrough of using the popular web security tool.

Deploying AWS for security hub automated response and remediation (AWS)
This blog post provides the essential details of this AWS security solution.

iOS security analysis with MobSF (Netguru)
The Netguru iOS security team worked with MobSF to offer Swift support for the company’s security tool.

Announcing Checkov — prevent cloud misconfigurations during build time (bridgecrew)
Checkov is a new, open-source project for cloud infrastructure security. Discover more about the project and how to test drive it.

Validating leaked passwords with k-Anonymity (Cloudflare)
Cloudflare shares its contributions to support the Pwned Passwords report and some key security concepts to think through.

👀 Must-sees

🎥 Videos

What is Banking-as-a-Service? (Netguru)
Florian Redeker, VP of Product for Solarisbank, joined us to share about his company and vision for the future of banking.

Instant threat modeling (SecuRingPL)
Check out real-world, threat modeling examples that cover all kinds of situations where things can go awry.

Is the entertainment industry on the brink of a revolution? (Netguru)
The co-founder of EveryOne Entertainment, Thierry Bezier-Membrey, offers up a series of predictions on changes in store for the entertainment world in the next decade.

🖼 Design of the issue

Design of the issue 84 Codestories

Illustrative approach for 3D renders from Peter Tarka. Check them out here on Behance.

🎙 Quote of the week

“The Internet is showing us what it thinks we want to see, but not necessarily what we need to see."

Eli Pariser in his TED Talk: Beware online "filter bubbles"

☕ After hours

This Microsoft Flight Simulator mod features the cargo ship stuck in the Suez Canal (The Verge)
The cargo ship that spent nearly a week stuck captivated the Internet, leading to plenty of memes. Now it’s parked inside Microsoft Flight Simulator.

This is the most detailed picture of a black hole to date (Engadget)
Check out the first images of the Messier 87 galaxy hole in polarized light for the first time.



--

This is the issue 84 of Codestories Newsletter – a bi-weekly dose of European Tech insights. You can learn more and subscribe here.

If you have any comments or feedback, feel free to contact the Codestories Team: codestories-team@netguru.com.

More posts by this author

Paweł Malita

Codestories Newsletter