51 - Jim Manico & Developing Securely

    This week Jim Manico joins the show to talk about Cross Site Scripting, CSPs, strict dynamic, trusted types, SameSite cookies,  NIST SP 800-63, password shucking and more. My 3 main takeaways were 1) how to do input validation correctly 2) why using nonces in your CSP is safer than creating an allowed list policy and 3) the right way to handle passwords For more information, including the show notes check out https://breachsense.io/podcast 

Om Podcasten

The goal of the podcast is to share practical tips of what works and what doesn't in information security. Essentially we turn our guests' wisdom into practical tips you can use to improve your own skills.