投稿時間:2022-06-11 19:11:14 RSSフィード2022-06-11 19:00 分まとめ(12件)
| カテゴリー等 | サイト名等 | 記事タイトル・トレンドワード等 | リンクURL | 頻出ワード・要約等/検索ボリューム | 登録日 |
|---|---|---|---|---|---|
| IT | ITmedia 総合記事一覧 | [ITmedia ビジネスオンライン] 完全個室の「ソロサウナtune」の利用者が3万人を突破 女性の割合は? | https://www.itmedia.co.jp/business/articles/2206/09/news152.html | itmedia | 2022-06-11 18:50:00 |
| python | Pythonタグが付けられた新着投稿 - Qiita | [2022年]未経験のエンジニアにおすすめの書籍(新書文庫本) | https://qiita.com/netineti512/items/f3b1c66117d9ddb7c129 | amazon | 2022-06-11 18:51:11 |
| Ruby | Rubyタグが付けられた新着投稿 - Qiita | ECS FargateとElasticBeastalk(Ruby Platform)を比較 | https://qiita.com/yuyasat/items/155e5ac7f8e1fd60e6f5 | ecsfargate | 2022-06-11 18:57:11 |
| AWS | AWSタグが付けられた新着投稿 - Qiita | S3 で WORM を使ったランサムウェア対策をやってみる | https://qiita.com/sugimount-a/items/bf3132e5c5cf3f458c28 | 遮断 | 2022-06-11 18:53:47 |
| GCP | gcpタグが付けられた新着投稿 - Qiita | 【GCP】GCEで建てたJava版Minecraftサーバー(Spigot)をバージョンアップする(1.18.2→1.19)【Java版Minecraft】 | https://qiita.com/Hikoly/items/aeb8dddef86ca6be96ef | minecraft | 2022-06-11 18:33:11 |
| Ruby | Railsタグが付けられた新着投稿 - Qiita | ECS FargateとElasticBeastalk(Ruby Platform)を比較 | https://qiita.com/yuyasat/items/155e5ac7f8e1fd60e6f5 | ecsfargate | 2022-06-11 18:57:11 |
| 海外TECH | DEV Community | 10 Secure Coding Best Practices to Follow in Every Project | https://dev.to/smartscanner/10-secure-coding-best-practices-to-follow-in-every-project-1i9h | Secure Coding Best Practices to Follow in Every ProjectLet s see how we can make more secure software Update Update Update Using vulnerable and outdated components with known vulnerabilities has always been in the OWASP Top Application Security Risks You can take a giant leap in securing your projects only if you use up to date tools and libraries Stick to StandardsIf you have the Not invented here NIH syndrome you prefer to develop everything from scratch That s fine if you have the time and money to do so But building major things like cryptography and web servers from scratch needs a lot of skills and effort Such complex components cannot be built by a single person Even if you have made one you should not use it in production without in depth reviews from many other people In design and architecture concepts you should do the same You should follow best practices to benefit from the community experience Next time instead of introducing your own hash algorithm use one of the well known hash functions implemented by an open source and peer reviewed library Use Trustworthy PackagesOne significant risk of using third party modules like packages in npm PyPI NuGet etc is the Supply Chain Attack Consider one of your project s dependencies goes rogue and doesn t do what it was supposed to do It is called a supply chain attack This has happened for popular npm packages UA Parser JS COA and RC and it can happen for many others We know that using third party packages is inevitable So here are a few tips to consider before choosing a third party library Prefer packages with more contributions more contributors commits pull requests and stars Prefer packages with less open issuesPrefer packages with higher release frequencyUse dependency scanners like GitHub Dependabot to find vulnerable packages Never Trust UserAlways validate data received from user input before processing them Check the length type allowed characters and data pattern before using it The essential thing in user validation is to do it where the user cannot manipulate the logic For example the user has complete control over a webpage so checking if the user entered a correct email address on the client is not enough and you should validate it on the back end again Always Encode OutputAlways use proper encoding when displaying data to the user The encoding depends on the context you display the data within For example data on a web page should be HTML Encoded and data in URL should be URL Encoded Other contexts like CSV XML JSON files or email need unique encodings Catch ExceptionsExceptions happen We should be prepared for them Unhandled errors create security issues like failing insecurely or revealing sensitive information Always assume things will break eventually and get prepared for it Do not Write Secrets in CommentsWhen you put comments in the code it means your code is not clear and expressive enough and needs explanation So a better title for this section would be Do not Write Comments “Comments are always failures ーRobert C Martin Clean CodeThere are some valid use cases for comments in the code but writing operational information and sensitive data like passwords are not one of them Use LinterLinters can analyze your code and enforce particular rules Linters assist you in finding errors bugs code smells and suspicious expressions like using eval and dangerous regular expressions Possess an Open Source SpiritOpen source projects are maintained by the community It means their structure is not specific to a single user s environment Open source projects usually don t have any hard coded passwords or internal IP addresses These are good practices we can follow in our projects Not every project is supposed to be open source and publicly available But we should prepare all projects for open sourcing Here are a few things to start Remove hard coded passwords IP addresses and database connection strings Load all configurations from environment variablesAdd a readme md file to your project and document build and test instructions Write Clean CodeA clean code is inherently more secure From a security point of view a clear code has many benefits A clear code has fewer opportunities for vulnerabilities to occur because they re less complexReviewing and finding vulnerabilities in a clear code is easierIt takes less time and effort to fix a vulnerability in a clear codeYou can read the Clean Code book if you haven t read it already and start refactoring your codes | 2022-06-11 09:57:01 |
| ニュース | BBC News - Home | Stuart Broad: Fire at pub owned by England cricketer | https://www.bbc.co.uk/news/uk-england-nottinghamshire-61765464?at_medium=RSS&at_campaign=KARANGA | broad | 2022-06-11 09:03:56 |
| ニュース | BBC News - Home | Minister sorry for 'godawful' Birmingham and Blackpool comment | https://www.bbc.co.uk/news/uk-61767856?at_medium=RSS&at_campaign=KARANGA | london | 2022-06-11 09:41:40 |
| 北海道 | 北海道新聞 | コンサドーレ、準々決勝進出ならず ルヴァン杯(11日) | https://www.hokkaido-np.co.jp/article/692390/ | 準々決勝 | 2022-06-11 18:09:47 |
| 北海道 | 北海道新聞 | 楽8―1巨(11日) 楽天が快勝 | https://www.hokkaido-np.co.jp/article/692391/ | 首位 | 2022-06-11 18:08:00 |
| 北海道 | 北海道新聞 | ロシア軍「避難許さず強制連行」 東部の激戦州知事が単独会見 | https://www.hokkaido-np.co.jp/article/692389/ | 強制連行 | 2022-06-11 18:03:00 |
コメント
コメントを投稿