I finished several online courses last week on the subject of computer application security and how to properly handle sensitive cardholder data. Very interesting!
The courses were offered through Security Innovation, a company that specializes in cybersecurity standards, education, and assessment.
PCI DSS stands for Payment Card Industry Data Security Standard. These are some common security standards put together by the PCI Security Standards Council, which was formed in 2004 by the large credit card companies: Visa, MasterCard, American Express, Discover, and JCB.
COD 222 – PCI DSS v3.2 Best Practices for Developers
DES 221 – OWASP Top 10 – Threats and Mitigations
ENG 301 – How to Create an Application Security Threat Model
ENG 312 – How to Perform a Security Code Review
Some basic take-aways:
build security into an application from the requirements / architecture stage: the very beginning!
create a detailed security threat model to identify all security threats and then define appropriate mitigations
when transmitting data over an untrusted network, always encrypt data with strong cryptography
do not store cardholder data unless absolutely necessary!
In preparation for a new cross-platform native mobile project, I have been researching cross-platform native app platforms, and topping the list are React Native and Xamarin. I crossed Ionic off the list because it uses Cordova and a WebView and I want better speed.
According to an ancient Egyptian story, party guests would float a lotus flower with a burning candle placed carefully in the middle.
Each person would share a dream hidden in their heart before releasing the lotus flower down the famous Nile river.
It was believed that if the flame continued to burn for the duration of the meal their dream would eventually come true.
Now you can float your own lotus candle down the Nile without going to Egypt.
Portland OR’s Baba’s Mediterranean Grill recently installed a 4-screen “Virtual Nile” in their new Cascade Station location, which officially opened January 6th, 2018. With the Virtual Nile web app, customers can create a dream and in real time float their very own lotus flower down the Virtual Nile while they eat their meal.
Users’s lotus candles are labeled with their name. If their candle stays lit all the way down the Nile, according to the legend their dream will come true!
Cloud: AWS API Gateway, Lambda, Dynamo DB, PostgresSQL DB, AWS IoT
NoSQL stands for “No SQL”, which means you don’t use SQL (Structured Query Language) to manage the database. Data is not arranged into relational tables (with relational indices that point to other tables), but is arranged in a variety of data models, including document, graph, key-value, and columnar.
NoSQL was born because of the need for scalability and performance. In the early 2000s it was discovered that relational databases do not scale well at a reasonable cost.