Gonçalo Valério @dethos@s.ovalerio.net

What can I say? and there is the possibility that not even your text editor will tell you that those characters are there.

medium.com/@umpox/be-careful-w

Presentation covering base security topics/concerns, accessible to a non-technical audience:

sudo.pagerduty.com/for_everyon

Nice intro to the steps that a penetration test goes through and some of the tools that could be used.

jdow.io/blog/2018/03/18/web-ap

RSS is still an important and very useful part of the open web, as this piece of Wired remembers its reader:

wired.com/story/rss-readers-fe

For those developing websites and "apps" using Django, it's easy to add support for RSS. You can check a recent blog post where I describe the steps here:

blog.ovalerio.net/archives/107

Design or decoration?

Designers, developers, engineers… are you building tools that just empower people or shiny, addictive traps that farm them? Are you part of the problem or the solution?

(And, more importantly, what kind of world do you want to live in and are you contributing towards that?)

vimeo.com/243516363

#SurveillanceCapitalism #EthicalDesign

Developing or auditing smart-contracts for the Ethereum blockchain? Here is a set of tools that might make your life easier and your contracts safer.

blog.trailofbits.com/2018/03/2

An example of the amount of data that facebook collects about users:

twitter.com/dylanmckaynz/statu

Similar/related experiences on the HN discussion: news.ycombinator.com/item?id=1

Note: Other companies might do the same, this is just an example.

Are you working on a SaaS project/company? Please take a look on the following security checklist:

sqreen.io/checklists/saas-cto-

It might prevent future regrets.

Nice intro about how to check for newly inserted data on the IPFS network, using its rust crate:

gkbrk.com/2018/03/writing-a-si

Need to check how common a/your password is? This repository tries to answer that and other questions. It also aggregates several lists that you can use to do your own data analysis.

github.com/berzerk0/Probable-W

Some important aspects to take into account when building/working with a distributed team:

infoq.com/articles/10-lessons-

Not sure what is more shocking:

A CA having 23k private keys of their customer's certs and the CEO emailing them: blog.koehntopp.info/index.php/

A CA having a website which allows RCE as root, from a website input: arstechnica.com/information-te

I'm just speechless.

Adopting a new serverless/FaaS model for your app/service? here is an overview of what changes and what you should pay attention to, regarding security.

infoq.com/articles/serverless-

Always important to save some time, to gradually fix and improve what already has been done.

medium.com/@ketacode/the-big-s

Nice post explaining the usage of async code in python (asyncio) in practice, without diving into deeper implementation details.

aeracode.org/2018/02/19/python