{"id":96,"date":"2011-02-12T10:37:17","date_gmt":"2011-02-12T15:37:17","guid":{"rendered":"http:\/\/rud.is\/b\/?p=96"},"modified":"2017-03-27T09:38:44","modified_gmt":"2017-03-27T14:38:44","slug":"web-development-is-dangerous","status":"publish","type":"post","link":"https:\/\/rud.is\/b\/2011\/02\/12\/web-development-is-dangerous\/","title":{"rendered":"“Web Development Is Dangerous”"},"content":{"rendered":"

Those were the words that greeted me within five minutes of checking out the Flask<\/a> microframework for Python web applications. I feel compelled to inline those four, short paragraphs:<\/p>\n

I\u2019m not joking. Well, maybe a little. If you write a web application, you are probably allowing users to register and leave their data on your server. The users are entrusting you with data. And even if you are the only user that might leave data in your application, you still want that data to be stored securely.<\/p>\n

Unfortunately, there are many ways the security of a web application can be compromised. Flask protects you against one of the most common security problems of modern web applications: cross-site scripting (XSS). Unless you deliberately mark insecure HTML as secure, Flask and the underlying Jinja2 template engine have you covered. But there are many more ways to cause security problems.<\/p>\n

The documentation will warn you about aspects of web development that require attention to security. Some of these security concerns are far more complex than one might think, and we all sometimes underestimate the likelihood that a vulnerability will be exploited, until a clever attacker figures out a way to exploit our applications. And don\u2019t think that your application is not important enough to attract an attacker. Depending on the kind of attack, chances are that automated bots are probing for ways to fill your database with spam, links to malicious software, and the like.<\/p>\n

So always keep security in mind when doing web development.<\/p><\/blockquote>\n

Let’s look at the key take-away messages…<\/p>\n

<\/div>\n

Data Should Be Stored Securely<\/b><\/p>\n

Interestingly enough, this is not the default mindset<\/a> of one of the more popular modern database technologies [mongoDB] (and it has plenty of company<\/span> [memcached], too).<\/p>\n

Even if your app starts out without any real sensitive data, odds are you will be storing credentials, e-mail addresses, social network handles and other bits of information that you should feel some fundamental responsibility to treat with care. There are so<\/span>memcached<\/sup> many<\/span>mysql<\/sup> resources<\/span>oracle<\/sup> to<\/a>couchdb<\/sup> help<\/a>sqlite<\/sup> that you really have no excuse.<\/p>\n

And, it will save you time later on when you realize you actually need to have a secure storage foundation.<\/p>\n

<\/div>\n

Watch The Input To Your Apps<\/b><\/p>\n

Flask protects you against one of the most common security problems of modern web applications: cross-site scripting (XSS)<\/a>. There are many others. If you are a programmer and have never even heard of OWASP<\/a>, then you need to put down your PS3\/Xbox controller and do a quick read on at least their take on the top ten web app security risks<\/a> (btw: there are way more than ten, but you need to start somewhere).<\/p>\n

The thing is, unless the halls of higher education have crumbled completely since I was in school, I distinctly remember having the concept of input validation, bounds checking, etc. being rammed into my thick skull in almost every programming class (and this was way<\/i> before web apps were even contemplated). You may think you’re innovating by posting a link to your functioning rapid prototype on Hacker News<\/a>, but what you’re really doing is being sloppy, lazy and irresponsible. Period.<\/p>\n

And, while it’s fine to seek out frameworks like Flask and rely on some of their inherent protections, it does not absolve you from your responsibility to deliberately & consciously build rugged<\/a> software (which doesn’t just mean “secure”).<\/p>\n

<\/div>\n

“Don\u2019t think that your application is not important enough to attract an attacker”<\/b><\/p>\n

I’m not sure if any amount of verbiage will convince someone of this fact if they are determined not to believe\/accept it. It’s a much larger discussion (and this is already a long post). If you are inclined to have a slightly open mind, I encourage you to read So You Think Your Website Won’t Get Hacked<\/a> by Joseph Schembr. It’s really<\/i> slanted towards “script-kiddies,” but should pique your interest enough to keep exploring why your hacked-up personal URL shortener might be a target.<\/p>\n

<\/div>\n

Fin<\/b><\/p>\n

It’s impressive that the Flask authors cover security in some way, shape or form on 21 pages in the documentation<\/span> [PDF]. If you’re building or contributing to other frameworks, projects or engines (hint, hint, Node.JS<\/a> devs!) I would strongly encourage you to take as much time and consideration as the Flask team did to ensure you are making it as easy as possible for your users to deploy applications as securely as possible by default.<\/p>\n","protected":false},"excerpt":{"rendered":"

Those were the words that greeted me within five minutes of checking out the Flask microframework for Python web applications. I feel compelled to inline those four, short paragraphs: I\u2019m not joking. Well, maybe a little. If you write a web application, you are probably allowing users to register and leave their data on your […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[3,16,7,26],"tags":[100,199,184,195,183,46,108,34,191,185,745,38,43,42,40,44,41,194,193,126,192,45,187,196,197,39,198,189,188,186,190,140],"class_list":["post-96","post","type-post","status-publish","format-standard","hentry","category-information-security","category-nosql","category-programming","category-vulnerabilities","tag-computer-network-security","tag-computer-security","tag-cross-site","tag-cross-site-scripting","tag-database-technologies","tag-flask","tag-html","tag-javascript-2","tag-joseph-schembr","tag-malicious-software","tag-malware","tag-memcached","tag-mongo","tag-mongodb","tag-mysql","tag-nosql-2","tag-oracle","tag-pdf","tag-programmer","tag-ps3","tag-ps3xbox-controller","tag-python","tag-rugged-software","tag-software-architecture","tag-software-testing","tag-sqlite","tag-vulnerability","tag-web-app-security-risks","tag-web-application","tag-web-applications","tag-web-apps","tag-web-development"],"yoast_head":"\n"Web Development Is Dangerous" - rud.is<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rud.is\/b\/2011\/02\/12\/web-development-is-dangerous\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\""Web Development Is Dangerous" - rud.is\" \/>\n<meta property=\"og:description\" content=\"Those were the words that greeted me within five minutes of checking out the Flask microframework for Python web applications. I feel compelled to inline those four, short paragraphs: I\u2019m not joking. Well, maybe a little. If you write a web application, you are probably allowing users to register and leave their data on your […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rud.is\/b\/2011\/02\/12\/web-development-is-dangerous\/\" \/>\n<meta property=\"og:site_name\" content=\"rud.is\" \/>\n<meta property=\"article:published_time\" content=\"2011-02-12T15:37:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-03-27T14:38:44+00:00\" \/>\n<meta name=\"author\" content=\"hrbrmstr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hrbrmstr\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/12\\\/web-development-is-dangerous\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/12\\\/web-development-is-dangerous\\\/\"},\"author\":{\"name\":\"hrbrmstr\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"headline\":\"“Web Development Is Dangerous”\",\"datePublished\":\"2011-02-12T15:37:17+00:00\",\"dateModified\":\"2017-03-27T14:38:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/12\\\/web-development-is-dangerous\\\/\"},\"wordCount\":756,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"keywords\":[\"Computer network security\",\"Computer security\",\"cross-site\",\"Cross-site scripting\",\"database technologies\",\"flask\",\"HTML\",\"javascript\",\"Joseph Schembr\",\"malicious software\",\"Malware\",\"memcached\",\"mongo\",\"mongodb\",\"mysql\",\"nosql\",\"oracle\",\"PDF\",\"programmer\",\"PS3\",\"PS3\\\/Xbox controller\",\"python\",\"rugged software\",\"Software architecture\",\"Software testing\",\"sqlite\",\"Vulnerability\",\"web app security risks\",\"web application\",\"web applications\",\"web apps\",\"Web development\"],\"articleSection\":[\"Information Security\",\"NoSQL\",\"Programming\",\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/12\\\/web-development-is-dangerous\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/12\\\/web-development-is-dangerous\\\/\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/12\\\/web-development-is-dangerous\\\/\",\"name\":\"\\\"Web Development Is Dangerous\\\" - rud.is\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\"},\"datePublished\":\"2011-02-12T15:37:17+00:00\",\"dateModified\":\"2017-03-27T14:38:44+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/12\\\/web-development-is-dangerous\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/12\\\/web-development-is-dangerous\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/12\\\/web-development-is-dangerous\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/rud.is\\\/b\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"“Web Development Is Dangerous”\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/\",\"name\":\"rud.is\",\"description\":\""In God we trust. All others must bring data"\",\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/rud.is\\\/b\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\",\"name\":\"hrbrmstr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"width\":460,\"height\":460,\"caption\":\"hrbrmstr\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\"},\"description\":\"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7\",\"sameAs\":[\"http:\\\/\\\/rud.is\"],\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/author\\\/hrbrmstr\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\"Web Development Is Dangerous\" - rud.is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rud.is\/b\/2011\/02\/12\/web-development-is-dangerous\/","og_locale":"en_US","og_type":"article","og_title":"\"Web Development Is Dangerous\" - rud.is","og_description":"Those were the words that greeted me within five minutes of checking out the Flask microframework for Python web applications. I feel compelled to inline those four, short paragraphs: I\u2019m not joking. Well, maybe a little. If you write a web application, you are probably allowing users to register and leave their data on your […]","og_url":"https:\/\/rud.is\/b\/2011\/02\/12\/web-development-is-dangerous\/","og_site_name":"rud.is","article_published_time":"2011-02-12T15:37:17+00:00","article_modified_time":"2017-03-27T14:38:44+00:00","author":"hrbrmstr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"hrbrmstr","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/rud.is\/b\/2011\/02\/12\/web-development-is-dangerous\/#article","isPartOf":{"@id":"https:\/\/rud.is\/b\/2011\/02\/12\/web-development-is-dangerous\/"},"author":{"name":"hrbrmstr","@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"headline":"“Web Development Is Dangerous”","datePublished":"2011-02-12T15:37:17+00:00","dateModified":"2017-03-27T14:38:44+00:00","mainEntityOfPage":{"@id":"https:\/\/rud.is\/b\/2011\/02\/12\/web-development-is-dangerous\/"},"wordCount":756,"commentCount":0,"publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"keywords":["Computer network security","Computer security","cross-site","Cross-site scripting","database technologies","flask","HTML","javascript","Joseph Schembr","malicious software","Malware","memcached","mongo","mongodb","mysql","nosql","oracle","PDF","programmer","PS3","PS3\/Xbox controller","python","rugged software","Software architecture","Software testing","sqlite","Vulnerability","web app security risks","web application","web applications","web apps","Web development"],"articleSection":["Information Security","NoSQL","Programming","Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/rud.is\/b\/2011\/02\/12\/web-development-is-dangerous\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/rud.is\/b\/2011\/02\/12\/web-development-is-dangerous\/","url":"https:\/\/rud.is\/b\/2011\/02\/12\/web-development-is-dangerous\/","name":"\"Web Development Is Dangerous\" - rud.is","isPartOf":{"@id":"https:\/\/rud.is\/b\/#website"},"datePublished":"2011-02-12T15:37:17+00:00","dateModified":"2017-03-27T14:38:44+00:00","breadcrumb":{"@id":"https:\/\/rud.is\/b\/2011\/02\/12\/web-development-is-dangerous\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rud.is\/b\/2011\/02\/12\/web-development-is-dangerous\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/rud.is\/b\/2011\/02\/12\/web-development-is-dangerous\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rud.is\/b\/"},{"@type":"ListItem","position":2,"name":"“Web Development Is Dangerous”"}]},{"@type":"WebSite","@id":"https:\/\/rud.is\/b\/#website","url":"https:\/\/rud.is\/b\/","name":"rud.is","description":""In God we trust. All others must bring data"","publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rud.is\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886","name":"hrbrmstr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","width":460,"height":460,"caption":"hrbrmstr"},"logo":{"@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1"},"description":"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7","sameAs":["http:\/\/rud.is"],"url":"https:\/\/rud.is\/b\/author\/hrbrmstr\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p23idr-1y","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":727,"url":"https:\/\/rud.is\/b\/2011\/12\/30\/three-resolutions-for-web-developers\/","url_meta":{"origin":96,"position":0},"title":"Three Resolutions For Web Developers","author":"hrbrmstr","date":"2011-12-30","format":false,"excerpt":"I'm on a \"three things\" motif for 2012, as it's really difficult for most folks to focus on more than three core elements well. This is especially true for web developers as they have so much to contend with on a daily basis, whether it be new features, bug reports,\u2026","rel":"","context":"In "Breach"","block_context":{"text":"Breach","link":"https:\/\/rud.is\/b\/category\/breach\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":87,"url":"https:\/\/rud.is\/b\/2011\/02\/09\/quick-hits-2011-02-09\/","url_meta":{"origin":96,"position":1},"title":"Quick Hits :: 2011-02-09","author":"hrbrmstr","date":"2011-02-09","format":false,"excerpt":"Security VSR uses some high-ish profile attacks from 2010 to provide fodder for the VAR community :: Security Risk: Top Hacker Attacks of 2010. I include it as the examples they provide should make it easier for folks doing presentations where they need to show real-life attacks (without sifting through\u2026","rel":"","context":"In "HTML5"","block_context":{"text":"HTML5","link":"https:\/\/rud.is\/b\/category\/html5\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2190,"url":"https:\/\/rud.is\/b\/2013\/02\/27\/follow-upresources-grc-t18-data-analysis-and-visualization-for-security-professionals-rsac\/","url_meta":{"origin":96,"position":2},"title":"Follow up\/Resources :: GRC-T18 \u2013 Data Analysis and Visualization for Security Professionals #RSAC","author":"hrbrmstr","date":"2013-02-27","format":false,"excerpt":"Many thanks to all who attended the talk @jayjacobs & I gave at RSA on Tuesday, February 26, 2013. It was really great to be able to talk to so many of you afterwards as well. We've enumerated quite a bit of non-slide-but-in-presentation information that we wanted to aggregate into\u2026","rel":"","context":"In "Charts & Graphs"","block_context":{"text":"Charts & Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2465,"url":"https:\/\/rud.is\/b\/2013\/04\/18\/sourceboston2013\/","url_meta":{"origin":96,"position":3},"title":"SOURCE Boston (@SOURCEConf) Data Analysis & Visualization Talk Resources #srcbos13","author":"hrbrmstr","date":"2013-04-18","format":false,"excerpt":"Many thanks to all who attended the talk @jayjacobs & I gave at @SOURCEconf on Thursday, April 18, 2013. As promised, here are the [slides](https:\/\/dl.dropboxusercontent.com\/u\/43553\/SOURCE-Boston-2013.pdf) which should be much less washed out than the projector version :-) We've enumerated quite a bit of non-slide-but-in-presentation information that we wanted to aggregate\u2026","rel":"","context":"In "Big Data"","block_context":{"text":"Big Data","link":"https:\/\/rud.is\/b\/category\/big-data\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":600,"url":"https:\/\/rud.is\/b\/2011\/06\/14\/what-can-we-learn-from-the-lulzsec-senate-gov-hack-dump\/","url_meta":{"origin":96,"position":4},"title":"What Can We Learn From The @lulzsec senate.gov Hack Dump?","author":"hrbrmstr","date":"2011-06-14","format":false,"excerpt":"What can the @lulzsec senate.gov dump tell us about how the admins maintained their system\/site? [code light=\"true\"]SunOS a-ess-wwwi 5.10 Generic_139555-08 sun4u sparc SUNW,SPARC-Enterprise[\/code] means they haven't kept up with OS patches. [-1 patch management] [code light=\"true\"]celerra:\/wwwdata 985G 609G 376G 62% \/net\/celerra\/wwwdata[\/code] tells us they use EMC NAS kit for web\u2026","rel":"","context":"In "Breach"","block_context":{"text":"Breach","link":"https:\/\/rud.is\/b\/category\/breach\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2499,"url":"https:\/\/rud.is\/b\/2013\/05\/15\/secure360\/","url_meta":{"origin":96,"position":5},"title":"Secure360 (@Secure360) Data Analysis & Visualization Talk Resources #Sec360","author":"hrbrmstr","date":"2013-05-15","format":false,"excerpt":"Many thanks to all who attended the talk @jayjacobs & I gave at @Secure360 on Wednesday, May 15, 2013. As promised, here are the [slides](https:\/\/dl.dropboxusercontent.com\/u\/43553\/Secure360-2013.pdf). We've enumerated quite a bit of non-slide-but-in-presentation information that we wanted to aggregate into a blog post so you can vi[sz] along at home. If\u2026","rel":"","context":"In "Charts & Graphs"","block_context":{"text":"Charts & Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/96","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/comments?post=96"}],"version-history":[{"count":0,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/96\/revisions"}],"wp:attachment":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media?parent=96"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/categories?post=96"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/tags?post=96"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}