shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

264
active users

#SecureCoding

0 posts0 participants0 posts today
Tanya Janca | SheHacksPurple :verified: :verified:<p>5,000 subscribers for my monthly newsletter, wow! Thank you, all of you, for learning about <a href="https://infosec.exchange/tags/securecoding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securecoding</span></a> and <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>appsec</span></a> with me! 🥰 The newsletter has come a long way since 2018! </p><p>Join free, here: <a href="https://twp.ai/4io3cd" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">twp.ai/4io3cd</span><span class="invisible"></span></a><br><a href="https://infosec.exchange/tags/applicationsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>applicationsecurity</span></a></p>
Tanya Janca | SheHacksPurple :verified: :verified:<p>5,000 subscribers for my monthly newsletter, wow! Thank you, all of you, for learning about <a href="https://infosec.exchange/tags/securecoding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securecoding</span></a> and <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>appsec</span></a> with me! 🥰 The newsletter has come a long way since 2018! </p><p>Join free, here: <a href="https://twp.ai/4iokiv" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">twp.ai/4iokiv</span><span class="invisible"></span></a><br><a href="https://infosec.exchange/tags/applicationsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>applicationsecurity</span></a></p>
Tanya Janca | SheHacksPurple :verified: :verified:<p>With 25+ presentations to choose from, I cover everything from <a href="https://infosec.exchange/tags/securecoding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securecoding</span></a> and <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodeling</span></a> to AI risks and <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a>—always with humor, clarity, and actionable takeaways.</p><p>💡 These aren’t just talks—they’re lessons your team will remember.</p><p><a href="https://twp.ai/9PSP09" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">twp.ai/9PSP09</span><span class="invisible"></span></a></p><p>2/3</p>
Tanya Janca | SheHacksPurple :verified: :verified:<p>5,000 subscribers for my monthly newsletter, wow! Thank you, all of you, for learning about <a href="https://infosec.exchange/tags/securecoding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securecoding</span></a> and <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>appsec</span></a> with me! 🥰 The newsletter has come a long way since 2018! </p><p>Join free, here: <a href="https://twp.ai/4imzF9" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">twp.ai/4imzF9</span><span class="invisible"></span></a><br><a href="https://infosec.exchange/tags/applicationsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>applicationsecurity</span></a></p>

Is Node.js the future of backend development, or just a beautifully wrapped grenade?

Lately, I see more and more backend systems, yes, even monoliths, built entirely in Node.js, sometimes with server-side rendering layered on top. These are not toy projects. These are services touching sensitive PII data, sometimes in regulated industries.

When I first used Node.js years ago, I remember:
• Security concepts were… let’s say aspirational.
• Licensing hell due to questionable npm dependencies.
• Tests were flaky, with mocking turning into dark rituals.
• Behavior of libraries changed weekly like socks, but more dangerous.
• Internet required to run a “local” build. How comforting.

Even with TypeScript, it all melts back into JavaScript at runtime, a language so flexible it can hang itself.

Sure, SSR and monoliths can simplify architecture. But they also widen the attack surface, especially when:
• The backend is non-compiled.
• Every endpoint is a potential open door.
• The system needs Node + a fleet of dependencies + a container + prayer just to run.

Compare that to a compiled, stateless binary that:
• Runs in a scratch container.
• Requires zero runtime dependencies.
• Has encryption at rest, in transit, and ideally per-user.
• Can be observed, scaled, audited, stateless and destroyed with precision.

I’ve shipped frontends that are static, CDN-delivered, secure by design, and light enough to fit on a floppy disk. By running them with Node, I’m loading gigabytes of unknown tooling to render “Hello, user”.

So I wonder:
Is this the future? Or am I just… old?

Are we replacing mature, scalable architectures with serverless spaghetti and 12-factor mayhem because “it works on Vercel”?

Tell me how you build secure, observable, compliant systems in Node.js.
Genuinely curious.
Mildly terrified and maybe old.

"(In)Secure C++" live public online training Aug 8th - 11th (CET)

In this 4-day training I teach how C and C++ applications can be exploited, and how you can find vulnerabilities that can be exploited. Frequently referred to as the "best training I have ever attended" by students.

Sign up, seats are limited. 20% discount on bookings of 2 or more seats, example: 2000€ for one seat, 3200€ for two.

#cpp #securecoding #hacking
turtlesec.no/blog/insecure-cpp

TurtleSec(In)Secure C++Understanding Exploitation to Find and Fix Vulnerabilities