Some 12 or 13 years ago, I worked at a company that had a great developer library. Before the advent of the web, this was a great resource for coming up to speed on a variety of topics. Within this library, the company had purchased video tapes of training sessions, sessions at conferences, etc. I systematically checked out every video tape. I would watch them while I exercised on the treadmill. It was a great way to be exposed to new topics (and it made exercising something I looked forward to…)
With the advent of podcasts, I am getting many of the same benefits I received from watching those tapes. In addition to listening to podcasts while I exercise, I also listen to them while riding the bus and doing errands around the house and the yard. Even when the podcasts do not directly apply to what I am working on, they are a great resource. I often find myself pondering a comment or a topic mentioned — which at the time seemed to have no relevance to what I am working on — only to find that it is spurring my rethinking of some aspect of my current project.
With that in mind, I thought I would list the various business and technical podcasts that I listen to on a regular basis. I am excluding those general interest, science, news and hobby podcasts — which I enjoy immensely — but are outside of the topic of this blog.
Business Related Podcasts
APM: Marketplace Conversations from the Corner Office http://marketplace.publicradio.org/RSS/corneroffice.xml
MBA Podcasts http://podcast.timesonline.co.uk/rss/mba.rss
NPR Business Story of the Day http://www.npr.org/rss/podcast.php?id=1095
General Technology News
Buzz Out Loud from CNET http://www.cnet.com/i/pod/cnet_buzz.xml
CNET News.com daily tech news podcast http://news.com.com/2325-11424_3-0.xml
eWeek News and Views http://rssnewsapps.ziffdavis.com/audioblogs/eweek.xml
InfoWorld Daily Podcast http://weblog.infoworld.com/daily/podcast.xml
this Week in Tech http://leo.am/podcasts/twit
FLOSS Weekly http://leo.am/podcasts/floss
Quality Assurance & Software Engineering
Gray Matters Podcast http://feeds.feedburner.com/GrayMattersPodcast
Quality 101 http://feeds.feedburner.com/quality101
Software Engineering Radio http://se-radio.net/rss
The StickyMinds SoundByte Podcast http://feeds.feedburner.com/StickyMindsSoundByte
Security Related Podcasts
CNET News.com: Security Bites http://news.com.com/2325-12640_3-0.xml
Security Now! http://leo.am/podcasts/sn
Windows Weekly with Paul Thurrott http://leoville.tv/podcasts/ww.xml
I am on the lookout for resources that will help my team with security testing. Usually, security is not an items that is considered up front when planning the testing of an application. A project I am working on now was built from the ground up — so it did not / could not rely on the security infrastructure in place in existing applications. I went looking for a list of items to check and came across the Open Web Application Security Project (OWASP) site.
OWASP has a Top Ten project which is a list of what they consider the most critical web security flaws. It appears that it is updated on a yearly basis. There is a lot of detail available, but for a quick list of things to check in a web application, this page is the place to begin.
The 2006 OWASP Top Ten list of critical web security flaws is:
- Unvalidated Input
- Broken Access Control
- Broken Authentication and Session Management
- Cross Site Scripting
- Buffer Overflow
- Injection Flaws
- Improper Error Handling
- Insecure Storage
- Application Denial of Service
- Insecure Configuration Management
One of the projects I am working on is running in a new httpserver instance. One of the things that I have discovered is that many of the things that we put in place regarding web site security need to be recreated in this new application.
As a matter of course, I went to check if it was possible to get a directory listing of the images directory. I was able to do so. Looking at the structure of the site, I was able to get directory listing of all subdirectories in the site. I needed to discuss with the developers why this is not a good idea. Tonight, I came across the following link that describes why this is a threat: [Directory Indexing] Threat Classification – Web Application Security Consortium
I am always looking for conferences / training opportunities close to where I work. A staple is the Pacific Northwest Software Quality Conference held in Portland. This years conference will be the 25th annual event. PNSQC recently announced the keynote speakers for the 2007 conference (October 8-10, 2007): Johanna Rothman and Hugh Thompson. As usual, I recommend this conference highly.
I recently saw an announcement for a conference that will be held in Bellevue, WA on July 9-11, 2007. The 2nd annual Conference of the Association for Software Testing will have Esther Derby, Keith Stobie, Lee Copeland and Harry Robinson as keynote speakers. Looks like it could be a good one.