1. The AppSec Newb’s Journey Part II: Lessons I’ve Learned

    In the AppSec Newb's Journey series, I want to provide a starting point for those interested in AppSec but may not know where to start. This is the second part of the blog series, so please read Part I if you haven't done so already.

    This past year has led me on an incredible voyage through the world of Application Security. I've had so many new experiences, gained so many skills and so much knowledge, and established a foundation for me to further build my career and passion. Naturally, this journey had many bumps, but that's necessary in any learning process. These are a few critical lessons that you should take to heart when starting out in this field. In no particular order…

  2. The Golden Circle

    When I joined nVisium this past summer, I thought, "Man! nVisium has it all!" The location, the vision, great coworkers, free snacks…. But you know what was missing? An awesome branding message reflective of an awesome startup. Something that would really show others who we are.

    In order to better grasp what this "something" might be, I turned to the people inside. But when talking about the company, everyone had a slightly different focus. The more technical consultants would oftentimes stress specific tools, whereas sales and marketing strategists would emphasize how we differ from our competitors. The mixed messages started to get muddled, so it was time that we got back to the drawing board to come up with a concise and consistent image.

  3. Security Challenge, Universal Studios, and Authorization in AngularJS

    Ever since I was young, I think I have always been afraid of getting on roller coasters. Something about the notion of willingly subjecting myself to steep vertical drops while clinging onto a seatbelt for dear life never quite tickled my fancy. Of course, as luck would have it, most of my friends are roller coaster enthusiasts who thrill on the adrenaline rush of zooming through gravity-defying loop-de-loops…. And so, by majority rule, I found myself casually strolling through Universal Studios in Orlando, Florida, for a recent get together.

    As we stood in line for one of the rides, I couldn’t help but wonder what was preventing someone from simply jumping to the front. Naturally, the inner tech nerd in me came out and I started to analyze the security mechanism they had implemented in order to prevent sneaky people like me from skipping the line.

  4. nVisium: The First Five Years

    Today, we hit the five year mark as a company. Five years in startup land feels like an eternity, to be honest. The first five years of building a business is intense. It requires a ton of sacrifice, often spending late nights, weekends, and sometimes holidays working on difficult projects. It requires a careful balance of doing the right things for the future (what you are really trying to achieve) and fulfilling your short term needs (having enough cash to run your business). Many of the decisions made early on have a significant impact on the quality, culture, and operations of your company as it continues to grow in size and complexity.

  5. The Balance Between UX and Security

    In my last post, I briefly talked about my initial experience of working as a designer in a security startup. I promised a follow-up post eventually—and here it is.

    A well-designed application has to have a good balance of various components: aesthetics, usability, security, and so on. I used to think if a system works well on the surface, it's okay even if it’s flawed behind the scenes. As long as the users aren’t able to tell, it's not a big issue. This logic, however, can only work in the short term. It fails miserably in the long term. There are many examples that could be covered in this topic, but for now I want to focus on one specialty of our team: web application security.

  6. Docker Cache: Friend or Foe?

    Docker is a new container technology that is taking Devops by storm, with many companies moving their applications from running in virtual machines (VMs) over to containers. What does Docker do? It allows you to run many containers on the same host without them interfering with each other. But unlike VMs that run an entire operating system in each instance, Docker containers can utilize the same host operating system. This way, each container only has the necessary files and tools for its specific task, giving containers and Docker an advantage over traditional VMs. For more information about how to get started with Docker, take a look at this great article:

    A Docker container is the running instance of a Docker image, and a Docker image is a file system made up of multiple layer images. Docker images are created by parsing the Dockerfile. Each line of the Dockerfile runs by first creating a temporary container and mounting the previous layer images. Then the command runs inside this container and creates a new layer image. The process continues until all lines of the Dockerfile are run.

    Once the final Docker image is created, all of the unnecessary intermediate layers and containers are removed. And when you modify a Dockerfile and create a new image, Docker only rebuilds layers that have changed. The rest stay the same. This can be a good thing or a bad thing depending on how you structure your Dockerfile.

  7. Mandrill, Devise, and Mailchimp Templates

    nVisium is primarily known for its software security work. A lesser known and emerging piece of nVisium's core business is software development (for nVisium products). As such, we will continue to discuss software security but will also provide blog posts on software development. This post represents a non-security, purely development focused, blog post.

    This blog post assumes you are familiar with Ruby, Rails, and the Devise gem.