{"id":176,"date":"2019-04-03T10:23:51","date_gmt":"2019-04-03T08:23:51","guid":{"rendered":"https:\/\/www.codemotion.com\/magazine\/se7en-deadly-sins-of-web-security\/"},"modified":"2019-11-28T17:41:44","modified_gmt":"2019-11-28T16:41:44","slug":"se7en-deadly-sins-of-web-security","status":"publish","type":"post","link":"https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/","title":{"rendered":"Se7en deadly sins of web security"},"content":{"rendered":"<p><span class=\"firstcharacter\">W<\/span>eb security is a topic that just won\u2019t go away. Every day we hear the latest revelations \u2013 look at the latest scandal with Marriott admitting over 500 million customer records have been stolen using a breach that had been active since 2014!<br \/>\n<a href=\"https:\/\/berlin2018.codemotionworld.com\/speaker\/2522\/\" rel=\"noopener noreferrer\" target=\"_blank\">Dave Lewis<\/a>, a CISO at Duo, now part of Cisco, has over 15 years\u2019 experience in the security business. As he says, he\u2019s seen it all, and has learnt from his own mistakes. But he is depressed to see companies make the same mistakes time and again.<\/p>\n<h2>Injection<\/h2>\n<p>Injection attacks have been around since forever, yet they still cause issues. In particular, SQL injection attacks are often all too easy as highlighted in an early XKCD cartoon.<\/p>\n<p><a style=\"width: 300px; height: 110px;\" href=\"https:\/\/xkcd.com\/327\/\"><img decoding=\"async\" class=\"aligncenter wp-image-2474 size-full\" src=\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/03\/exploits_of_a_mom.png\" alt=\"\"><\/a><\/p>\n<h2>XSS<\/h2>\n<p>Cross site scripting allows attackers to do bad things to your site, from interface changes and code injection to hijacking and redirecting traffic. There are three classes of XSS attack. Reflected attacks allow attackers to do things like bring up their own popups; Stored attacks are where attackers store their script somewhere on your server; DOM attacks modify the local environment in the browser. All these attacks have been known about for years and protecting against them is relatively straightforward. For instance, using content security policies and frameworks such as Ruby on Rails which solve almost all XSS vulnerabilities.<\/p>\n<h2>Configuration<\/h2>\n<p>Often vulnerabilities are caused by misconfigurations or plain lack of common sense. As an example, Dave told us about a (nameless) Canadian company he was working for. On one page he found hidden in the comments \u201cUser admin; password admin\u201d. Lo and behold, when he entered these they were indeed the admin credentials for the whole site. Clearly, they had been put in the source during development, but no one had thought to edit the source post-release, or to update the password.<\/p>\n<h2>Authentication<\/h2>\n<p>In Dave\u2019s views, passwords have long-since passed the end of their useful life. All of us reuse passwords across multiple services and many people use plain dumb passwords. The problem is that a password just proves that you have the password, not that you are authorized to have and use it. The solution is multi-factor authentication and a move away from dumb passwords. Fortunately, as of April this year, WebAuthn has been adopted as a standard, which should help make this easier.<\/p>\n<h2>Broken Access<\/h2>\n<p>One of the worst sins is to fail to secure your site properly. A couple of years back, Dave was dealing with a series of attacks by the so-called Lizard Squad. Unbelievably he found that they had failed to secure their own site with a .htaccess file. As a result, he was able to find details of all the members and was able to shut down the attacks. Open ports are another easy attack vector to deal with \u2013 on the day of the conference, Dave found over 34 million vulnerable open ports across Germany, 1.9 million of them in Berlin.<\/p>\n<h2>Known Bad<\/h2>\n<p>Known Bad is a serious problem for many companies. To remain secure, it\u2019s essential to keep your software updated against known attacks such as Heartbleed. Dave pointed us to a few useful tools including <a href=\"http:\/\/synk.io\/\" rel=\"noopener noreferrer\" target=\"_blank\">synk.io<\/a> and <a href=\"https:\/\/wpscan.org\/\" rel=\"noopener noreferrer\" target=\"_blank\">wpscan.org<\/a>. He also suggested it may be worth testing your own site using pyfiscan, a tool included in Kali Linux (a version of Linux for pen testing).<\/p>\n<h2>Logging (or its lack)<\/h2>\n<p>The final deadly sin is poor logging. The fight against hackers is never-ending, and fundamental vulnerabilities like Spectre and Meltdown keep being found. So, even with the best security you may find yourself vulnerable. This means it is essential to make sure you log everything you can. Then when you have a problem at least you can track it back properly.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Web security is a topic that just won\u2019t go away. Every day we hear the latest revelations \u2013 look at the latest scandal with Marriott admitting over 500 million customer records have been stolen using a breach that had been active since 2014! Dave Lewis, a CISO at Duo, now part of Cisco, has over&#8230; <a class=\"more-link\" href=\"https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/\">Read more<\/a><\/p>\n","protected":false},"author":7,"featured_media":177,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_editorskit_title_hidden":false,"_editorskit_reading_time":0,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","_uag_custom_page_level_css":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[],"tags":[11,38],"collections":[],"class_list":{"0":"post-176","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"tag-codemotion-berlin","8":"tag-security-manager","9":"entry"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.9 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Se7en deadly sins of web security - Codemotion Magazine<\/title>\n<meta name=\"description\" content=\"Codemotion and Facebook organized the Tech Leadership Training boot camp, heres a personal reportage from one of our attendees.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Se7en deadly sins of web security\" \/>\n<meta property=\"og:description\" content=\"Codemotion and Facebook organized the Tech Leadership Training boot camp, heres a personal reportage from one of our attendees.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Codemotion Magazine\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Codemotion.Italy\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-04-03T08:23:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-11-28T16:41:44+00:00\" \/>\n<meta name=\"author\" content=\"Toby Moncaster\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@tobym76\" \/>\n<meta name=\"twitter:site\" content=\"@CodemotionIT\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Toby Moncaster\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/uncategorized\\\/se7en-deadly-sins-of-web-security\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/uncategorized\\\/se7en-deadly-sins-of-web-security\\\/\"},\"author\":{\"name\":\"Toby Moncaster\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#\\\/schema\\\/person\\\/8b9f025e7d76754fb3d4ffd428b0813b\"},\"headline\":\"Se7en deadly sins of web security\",\"datePublished\":\"2019-04-03T08:23:51+00:00\",\"dateModified\":\"2019-11-28T16:41:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/uncategorized\\\/se7en-deadly-sins-of-web-security\\\/\"},\"wordCount\":625,\"publisher\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/uncategorized\\\/se7en-deadly-sins-of-web-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/hacker-1944688_1280.jpg\",\"keywords\":[\"Codemotion Berlin\",\"Security Manager\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/uncategorized\\\/se7en-deadly-sins-of-web-security\\\/\",\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/uncategorized\\\/se7en-deadly-sins-of-web-security\\\/\",\"name\":\"Se7en deadly sins of web security - Codemotion Magazine\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/uncategorized\\\/se7en-deadly-sins-of-web-security\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/uncategorized\\\/se7en-deadly-sins-of-web-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/hacker-1944688_1280.jpg\",\"datePublished\":\"2019-04-03T08:23:51+00:00\",\"dateModified\":\"2019-11-28T16:41:44+00:00\",\"description\":\"Codemotion and Facebook organized the Tech Leadership Training boot camp, heres a personal reportage from one of our attendees.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/uncategorized\\\/se7en-deadly-sins-of-web-security\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/uncategorized\\\/se7en-deadly-sins-of-web-security\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/uncategorized\\\/se7en-deadly-sins-of-web-security\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/hacker-1944688_1280.jpg\",\"contentUrl\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/hacker-1944688_1280.jpg\",\"width\":1013,\"height\":675},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/uncategorized\\\/se7en-deadly-sins-of-web-security\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security Manager\",\"item\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/tag\\\/security-manager\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Se7en deadly sins of web security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#website\",\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/\",\"name\":\"Codemotion Magazine\",\"description\":\"We code the future. Together\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#organization\",\"name\":\"Codemotion\",\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/codemotionlogo.png\",\"contentUrl\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/codemotionlogo.png\",\"width\":225,\"height\":225,\"caption\":\"Codemotion\"},\"image\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/Codemotion.Italy\\\/\",\"https:\\\/\\\/x.com\\\/CodemotionIT\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#\\\/schema\\\/person\\\/8b9f025e7d76754fb3d4ffd428b0813b\",\"name\":\"Toby Moncaster\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/126cc1a8360e8cfbfa77aefe9160c4cd916e20f2c3a849d91e1df00c48423ccc?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/126cc1a8360e8cfbfa77aefe9160c4cd916e20f2c3a849d91e1df00c48423ccc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/126cc1a8360e8cfbfa77aefe9160c4cd916e20f2c3a849d91e1df00c48423ccc?s=96&d=mm&r=g\",\"caption\":\"Toby Moncaster\"},\"description\":\"I am an experienced freelance writer. I specialise in making complex topics accessible to wider audiences. My interests include TCP\\\/IP, data protection and AI. I currently work with B2B startups across the world. I hold 5 patents, edited 3 RFCs and received a PhD in computer science from the University of Cambridge.\",\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/in\\\/tobymoncaster\\\/\",\"https:\\\/\\\/x.com\\\/tobym76\"],\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/author\\\/toby-moncaster\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Se7en deadly sins of web security - Codemotion Magazine","description":"Codemotion and Facebook organized the Tech Leadership Training boot camp, heres a personal reportage from one of our attendees.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/","og_locale":"en_US","og_type":"article","og_title":"Se7en deadly sins of web security","og_description":"Codemotion and Facebook organized the Tech Leadership Training boot camp, heres a personal reportage from one of our attendees.","og_url":"https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/","og_site_name":"Codemotion Magazine","article_publisher":"https:\/\/www.facebook.com\/Codemotion.Italy\/","article_published_time":"2019-04-03T08:23:51+00:00","article_modified_time":"2019-11-28T16:41:44+00:00","author":"Toby Moncaster","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280.jpg","twitter_creator":"@tobym76","twitter_site":"@CodemotionIT","twitter_misc":{"Written by":"Toby Moncaster","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/#article","isPartOf":{"@id":"https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/"},"author":{"name":"Toby Moncaster","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/8b9f025e7d76754fb3d4ffd428b0813b"},"headline":"Se7en deadly sins of web security","datePublished":"2019-04-03T08:23:51+00:00","dateModified":"2019-11-28T16:41:44+00:00","mainEntityOfPage":{"@id":"https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/"},"wordCount":625,"publisher":{"@id":"https:\/\/www.codemotion.com\/magazine\/#organization"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280.jpg","keywords":["Codemotion Berlin","Security Manager"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/","url":"https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/","name":"Se7en deadly sins of web security - Codemotion Magazine","isPartOf":{"@id":"https:\/\/www.codemotion.com\/magazine\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/#primaryimage"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280.jpg","datePublished":"2019-04-03T08:23:51+00:00","dateModified":"2019-11-28T16:41:44+00:00","description":"Codemotion and Facebook organized the Tech Leadership Training boot camp, heres a personal reportage from one of our attendees.","breadcrumb":{"@id":"https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/#primaryimage","url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280.jpg","contentUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280.jpg","width":1013,"height":675},{"@type":"BreadcrumbList","@id":"https:\/\/www.codemotion.com\/magazine\/uncategorized\/se7en-deadly-sins-of-web-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.codemotion.com\/magazine\/"},{"@type":"ListItem","position":2,"name":"Security Manager","item":"https:\/\/www.codemotion.com\/magazine\/tag\/security-manager\/"},{"@type":"ListItem","position":3,"name":"Se7en deadly sins of web security"}]},{"@type":"WebSite","@id":"https:\/\/www.codemotion.com\/magazine\/#website","url":"https:\/\/www.codemotion.com\/magazine\/","name":"Codemotion Magazine","description":"We code the future. Together","publisher":{"@id":"https:\/\/www.codemotion.com\/magazine\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.codemotion.com\/magazine\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.codemotion.com\/magazine\/#organization","name":"Codemotion","url":"https:\/\/www.codemotion.com\/magazine\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/","url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png","contentUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png","width":225,"height":225,"caption":"Codemotion"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Codemotion.Italy\/","https:\/\/x.com\/CodemotionIT"]},{"@type":"Person","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/8b9f025e7d76754fb3d4ffd428b0813b","name":"Toby Moncaster","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/126cc1a8360e8cfbfa77aefe9160c4cd916e20f2c3a849d91e1df00c48423ccc?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/126cc1a8360e8cfbfa77aefe9160c4cd916e20f2c3a849d91e1df00c48423ccc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/126cc1a8360e8cfbfa77aefe9160c4cd916e20f2c3a849d91e1df00c48423ccc?s=96&d=mm&r=g","caption":"Toby Moncaster"},"description":"I am an experienced freelance writer. I specialise in making complex topics accessible to wider audiences. My interests include TCP\/IP, data protection and AI. I currently work with B2B startups across the world. I hold 5 patents, edited 3 RFCs and received a PhD in computer science from the University of Cambridge.","sameAs":["https:\/\/www.linkedin.com\/in\/tobymoncaster\/","https:\/\/x.com\/tobym76"],"url":"https:\/\/www.codemotion.com\/magazine\/author\/toby-moncaster\/"}]}},"featured_image_src":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280-600x400.jpg","featured_image_src_square":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280-600x600.jpg","author_info":{"display_name":"Toby Moncaster","author_link":"https:\/\/www.codemotion.com\/magazine\/author\/toby-moncaster\/"},"uagb_featured_image_src":{"full":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280.jpg",1013,675,false],"thumbnail":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280-150x150.jpg",150,150,true],"medium":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280-300x200.jpg",300,200,true],"medium_large":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280-768x512.jpg",768,512,true],"large":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280.jpg",1013,675,false],"1536x1536":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280.jpg",1013,675,false],"2048x2048":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280.jpg",1013,675,false],"small-home-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280.jpg",100,67,false],"sidebar-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280-180x128.jpg",180,128,true],"genesis-singular-images":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280-896x504.jpg",896,504,true],"archive-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280-400x225.jpg",400,225,true],"gb-block-post-grid-landscape":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280-600x400.jpg",600,400,true],"gb-block-post-grid-square":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/04\/hacker-1944688_1280-600x600.jpg",600,600,true]},"uagb_author_info":{"display_name":"Toby Moncaster","author_link":"https:\/\/www.codemotion.com\/magazine\/author\/toby-moncaster\/"},"uagb_comment_info":0,"uagb_excerpt":"Web security is a topic that just won\u2019t go away. Every day we hear the latest revelations \u2013 look at the latest scandal with Marriott admitting over 500 million customer records have been stolen using a breach that had been active since 2014! Dave Lewis, a CISO at Duo, now part of Cisco, has over&#8230;&hellip;","lang":"en","_links":{"self":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/comments?post=176"}],"version-history":[{"count":3,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/176\/revisions"}],"predecessor-version":[{"id":3712,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/176\/revisions\/3712"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/media\/177"}],"wp:attachment":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/media?parent=176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/categories?post=176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/tags?post=176"},{"taxonomy":"collections","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/collections?post=176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}