Free Webinar: OWASP Top 10 2017 – 4/16/2017

Join a one hour webinar discussing the OWASP Top 10 2017. It is currently in the release candidate stage with a final version expected in the summer. There are two new items on the list this year. It’s a shame we see the same issues year after year with SQL injection and cross-site scripting still…

Packet Capturing with Go – GopherCon 2016

I had the privilege of presenting in Denver at GopherCon 2016 about packet capturing. You can find a detailed blog post with more information and code examples at DevDungeon.com. Additionally, there is a recording of the presentation you can find on YouTube: GopherCon 2016: John Leon – Packet Capture, Analysis, and Injection with Go

Most Developers Don’t Know Security

Too many developers lack adequate security training and education. Unless developers have been trained on the job or have gone out of their way to seek the training, chances are they have little to no security training. I interviewed a graduate once for a development position who had written a production web application for their…

Thinking Differently About Passwords

Password policies and judging password strength have been constant challenges. Computing power and cracking rigs are getting stronger while people’s password habits are staying the same or getting worse. We see the same common passwords and patterns. Password Habits Part of the problem with passwords is that people have formed common password habits.¬†For example, many…