XSS Prevention in Four Simple Steps

Preventing Cross Site Scripting (XSS) attacks is a daunting task for developers. In short, XSS attacks are an injection attack in which data that is structurally significant in the current context changes the intended semantics and/or functionality. While there are great resources online that walk you through prevention techniques (one of the best security resources is The Open Web Application Security Project, or OWASP, website), it’s easy to get confused when you try to implement all of the necessary safeguards.

Below, I’ve outlined four simple steps that significantly lower the risk of XSS attacks against your website. By being a bit more restrictive, we can simplify our approach to preventing XSS Continue reading XSS Prevention in Four Simple Steps

Structurally compatible type checking in JavaScript with haven.js

JavaScript has come a long way since the early days of the web, a time when the language was utilized to add a quick pop-up to a page, make some gaudy graphic move across the screen, or, if you were really fancy, error check a few fields in a web form. Today, javascript dominates the world of web development (both in the browser and on the server through technologies such as node.js), speeds through tasks with performance that makes other languages envious, and proves to be a very capable language in terms of implementing a broad range of programming paradigms.

Many online tutorials demonstrate how to implement Object Oriented Programming (OOP) patterns in JavaScript, and, I must confess, the language proves very capable in this respect. However, it’s JavaScript’s ability to implement Functional Programming (FP) patterns that has benefited Continue reading Structurally compatible type checking in JavaScript with haven.js

Nice job, Davin Granroth, you’re an example of financial prudence

Just want to say that Davin Granroth has exemplified what it means to be financially wise over the past 3 years. He’s made great strides through sacrifice and restraint, whilst being generous to many. Essentially, God has allowed him to go All-Chuck-Norris on some debt, and it’s been a great pleasure to watch.

Now, if the Richardsons can just learn from his example instead of just watching and enjoying his progress, we’d really be on to something 🙂

Great talk on software simplicity by Rich Hickey

This video is fantastic! I literally laughed aloud several times. If you’re a developer, I encourage you to watch it. Rich Hickey takes some digs at Agile, TDD, and OOP; provides ideas on pursuing simplicity in system development; and reveals some keen insights into his language design choices:

http://www.infoq.com/presentations/Simple-Made-Easy

Rich always provides great talks, but this one is one of the best, most entertaining I’ve seen. And, my word of the week is now “complect.”

Frank talk on issues relevant to today’s developers from Dave Thomas at Splash 2011

I love how well spoken, down-to-earth, and frank Dave Thomas is in this video at Channel 9 taken at the SPLASH 2011 Conference.

No, it’s not because of his answer to the question “What’s the state of Object Oriented Programming today in your mind?”, to which he responded that:

I think the state is that it’s commercially immensely successful, but practically, I think it’s a disaster.

Although I did agree with much of his analysis on that particular question, I sincerely believe that the whole video has wise words for anyone working as a developer now and in the near future.

And, of interest to me was the fact that he really appreciated the “good engineering decisions” represented in the design of Google’s Dart langauge.

Watch it!