I finished several online courses last week on the subject of computer application security and how to properly handle sensitive cardholder data. Very interesting!
The courses were offered through Security Innovation, a company that specializes in cybersecurity standards, education, and assessment.
PCI DSS stands for Payment Card Industry Data Security Standard. These are some common security standards put together by the PCI Security Standards Council, which was formed in 2004 by the large credit card companies: Visa, MasterCard, American Express, Discover, and JCB.
I completed the following courses, offered together in a PCI Developer bundle:
COD 222 – PCI DSS v3.2 Best Practices for Developers
DES 221 – OWASP Top 10 – Threats and Mitigations
ENG 301 – How to Create an Application Security Threat Model
ENG 312 – How to Perform a Security Code Review
Some basic take-aways:
- build security into an application from the requirements / architecture stage: the very beginning!
- create a detailed security threat model to identify all security threats and then define appropriate mitigations
- when transmitting data over an untrusted network, always encrypt data with strong cryptography
- do not store cardholder data unless absolutely necessary!
- validate / sanitize all user input!
Infrastructure as Code – use a single code template to create, update, or delete multiple cloud resources. CloudFormation and Terraform are two valuable tools for achieving this on AWS.
CloudFormation – covers all parts of AWS
Terraform – covers main parts of AWS and other (non-AWS) services as well
A good comparison of the two services is here on Cloudonaut.io.
React Native applies the same principles to cross-platform UI development for iOS and Android.
Thoughts? I really like how UI elements and state are componentized and non-global. I don’t like how there are now two DOMs – the real one and the React-managed one.
The React tutorial is a Tic Tac Toe game; here’s my completed version.
This allows for concise and powerful code like the following:
// an Array of integers
var array1 = [1, 4, 9, 16];
// create a new Array from the original Array using a function
const map1 = array1.map(x => x * 2);
// display; expected output: Array [2, 8, 18, 32]
It’s easy to get started: download Node.js and install it so that it runs from your command line.
Continue reading “Intro to Node.js”
Today I will look at the NoSQL concept and specifically Amazon’s DynamoDB.
NoSQL stands for “No SQL”, which means you don’t use SQL (Structured Query Language) to manage the database. Data is not arranged into relational tables (with relational indices that point to other tables), but is arranged in a variety of data models, including document, graph, key-value, and columnar.
NoSQL was born because of the need for scalability and performance. In the early 2000s it was discovered that relational databases do not scale well at a reasonable cost.
Continue reading “NoSQL and DynamoDB”