Coding Blocks avatar

Dexa/Coding Blocks

Learn more
Published Jan 31, 2022

PagerDuty's Security Training for Engineers, The Dramatic Conclusion

Dive deep into the world of cybersecurity as Joe Zack and Michael Outlaw unravel the complexities of side channel attacks, explore best practices in software security, and discuss essential session management strategies, equipping engineers with vital insights to safeguard sensitive information and user data.
Episode Highlights
Coding Blocks logo

Topics covered

Popular Clips

Episode Highlights

  • Session Security

    In today's digital landscape, securing session data is paramount. emphasizes the importance of adding extra pieces of information to sessions, such as nonces, to verify requests and prevent replay attacks 1. He explains that nonces are unique numbers used once, which help ensure that a session is legitimate and not a replay of a previous request. adds that while modern frameworks simplify session management, developers must remain vigilant about security practices 2.

    You have to be careful not to store any sensitive information in cookies.

    ---

    By implementing these security measures, developers can protect user data and maintain the integrity of their applications.

       

    Hijacking & Fixation

    Session hijacking and fixation are significant threats that developers must address. describes session hijacking as the act of stealing session identifiers to impersonate another user 3. He also highlights session fixation, where attackers create a session for a user to unknowingly adopt, granting them access to the user's data 4. Michael Outlaw

    Always generate a new authentication token for every time the person logs in.

    ---

    By understanding these vulnerabilities, developers can implement strategies to protect their systems from unauthorized access.

       

    Modern Management

    Modern session management has evolved significantly, making secure handling more accessible. notes that contemporary frameworks often include built-in configurations for session management, reducing the need for manual setup 5. He explains that these frameworks can utilize shared key-value stores or session state servers to manage session data efficiently. adds that while HTTP is inherently stateless, cookies are used to maintain session state across multiple requests 6.

    It's more configuration than actually having to set up the things.

    ---

    These advancements allow developers to focus on building robust applications without compromising security.

Related Episodes