I’m pleased to announce that the latest episode of The Polyglot Developer Podcast titled, Mobile Application Security, has been published to iTunes, Pocket Casts, and every other major podcasting network that consumes the feed!
In this episode, which is the 24th episode of the show, I’m joined by first time guest, Rob Lauer, and returning guest TJ VanToll. Both of these guests work for Progress, which is the company behind NativeScript, and you’ll remember that episode 5 was strictly around getting to know what NativeScript has to offer. The focus of this episode isn’t around NativeScript, but around the security of your mobile applications. Just like with web applications, security is important with mobile, even if it isn’t talked about as much.
In this episode you’ll learn about protecting your application source code from reverse engineering, protecting your users data at rest, and securely transferring your data between remote web services.Read More
As you know, based on a few of the tutorials that I’ve published recently, I have a YubiKey that I’ve been learning how to take full advantage of. In previous tutorials I demonstrated how to implement U2F in your web application, but most YubiKey devices do so much more than just U2F authentication. For example, the YubiKey NEO and YubiKey 5 have support for U2F, FIDO2, OpenPGP, OTP, and a bunch of other crazy technologies.
In this tutorial, we’re going to explore using the YubiKey as a smart card for storing our PGP signing, encryption, and authentication subkeys.Read More
There are a lot of password managers on the market, some in the cloud, some local, all with features that may or may not be useful in all circumstances. I’m personally an advocate of being in control of your secure information and shedding reliance on closed source or cloud alternatives. This is why I use pass, the standard unix password manager.
The pass application is Mac and Linux compatible, but Windows support probably isn’t impossible. The application works by maintaining a list of password files that have been encrypted using GPG, a widely used cryptography software. Decrypting the files will result in access to your password information.
We’re going to take a look at using pass and see why it is a convenient option for password management.Read More
Have you ever wanted to build your own password manager? Maybe you don’t trust the password management tools that already exist, or maybe you just want the experience. I personally use the tool 1Password, but many of my friends don’t trust the applications that exist on the market. It is a valid concern that they have. What if the password managers that exist are using an ancient or obsolete DES specification or similar, rather than the modern AES? What if the master passwords are not being hashed with a strong Bcrypt algorithm?
Not too long ago we created a password manager using the NativeScript framework, but what if we wanted to build one with a different technology.
We’re going to see how to build a password manager that makes use of the AES specification using Ionic 2 and Angular. This application will work for both Android and iOS and look great on both.Read More
When you have a website that transmits information from a user to your server it is very important to encrypt it. The last thing you want is someones password being sniffed by a malicious user when they register or sign in. By using Secure Socket Layer (SSL), data is encrypted between client and server preventing any malicious users from sniffing your password in plain text.
The following will help you install an SSL certificate to one of your Apache web server virtual hosts.Read More