Todo/Cleanup

session session hijacking anti-pattern: session id in plain text ref: cross site scripting (XSS) session fixation (hacker creates valid session, and tries to get the target to use it) Anti-pattern: authenticating an existing session pattern: generate a new session ID when (re)authenticating session prediction Anti-pattern: session IDs based on user’s own data Anti-pattern: sequential session ids just because a session looks random, does not mean it is random guidelines for handling session IDs !...

Sensitive Data Exposure All the valuable things people can steal from you or use against you. eg. credit cards, medical records, insurance files, purchasing data, emails pattern: applications request data encryption keys, which are encrypted themselves anti-pattern: don’t leave decryption keys laying around where and attacker could retrieve them (eg. in memory) AWS Cloud: use AWS Key Management Service (KMS) On Premise: HashiCorp Vault anti-pattern: half-heartedly using an encryption tool you picked...

(src: Book_ Team Topologies - Matthew Skelton & Manuel Pais) Each stage has it’s own common feelings behaviors team tasks The feelings and behaviours are useful for recognizing which stage you’re in. And to confirm that it is completely okay to feel and behave this way! (src: Article: Using the Stages of Team Development _ MIT Human Resources)

" The vocabulary for talking about this soon gets messy - all sorts of words are used: stub, mock, fake, dummy. " Test Double the generic term for any kind of pretend object used in place of a real object for testing purposes. five particular kinds of double (1) Dummy objects passed around but never actually used. eg. fill parameter lists (2) Fake objects working implementations shortcut which makes them not suitable for production eg....

Model: seven forms of waste in manufacturing (src: Book_ This is LEAN - Niklas Modig & Par Ahlstrom)