Web Development Security

Introduction A secure application is as important (or even more, depending on it’s type) as a well-written one. Unfortunately, not so many developers are concerned about that topic. Overall, following some simple rules can improve a lot the security of applications. Here I will focus on PHP examples, but the concept may be adapted to other languages. …

Failing fast but learning faster

Introduction This article is a brief study case of an agile development process implementation in a public sector. Co-authored with: Vanderlei Silva. If you have an empirical process (one that is complex and/or not very well understood) we need to be prepared to fail fast but learn even faster. And in a public sector, of course, it is not an exception. See what UK government says about it. People tend to see government as a deviation from the norm - in some cases it really is, but it is not a rule - and we believe that great part of...…

14 tools for network engineers

Introduction To overcome daily issues, it’s interesting that a network professional know some tools which can increase his productivity and make his work easier. Although some tools - especially ARPSpoof, nmap, TCPTraceroute and AirCrack - can be used in malicious contexts - as to perform reconnaissance and probe for weaknesses in preparation for attacks - they also have value for legitimate purposes. Tools AirCrack – Can reveal who’s using the wireless network and can be used to troubleshoot issues. Also it’s a great tool for discovering nearby wireless networks. ARPSpoof – Hackers use it to send spoofed ARP requests trying...…

Microservices

Introduction Since the explosion of SaaS applications there have been a lot of innovation in the area of APIs which provide an important interaction between application functionalities. The main idea around microservices is that, in general, applications tends to become easier to develop when they are treated as modules. Considering that, each piece is developed separately, being the application a composition of all parts working together. It opposes the traditional development where the application is considered a ‘monolithic’ entity. That way, developers can focus on their own core business while other specialists provide the components needed, which will be accessed...…

Autonomous & Connected vehicles: Information Security concern

Introduction This article presents the risks to which users of autonomous/connected vehicles are subject, concerning the Information Security. It will be shown that it is possible to obtain unauthorized access to the Electronic Control Units of vehicles, pointing the importance of concern for producers, to the extent that this can bring impacts the lives of millions of people. …

Infosec professional role in combating fraud

Introduction Due to the low number of experts and lenient laws, there is a growing realization of digital fraud, occurring in this context fully or partially (pure or mixed virtual crime). Regarding digital crimes: “There is no crime without a previous law to define it. No punishment without prior legal sanction” (Federal Constitution of Brazil, 1988, art. 5, XXXIX). Because of that, it is increasingly necessary the presence and action of a group of professionals that reduces chances of injury to one of the greatest assets of modern corporations: the information. According to a study conducted by the ACFE in...…