For years we’ve hyped the dangers of insecure software, but the hype is real and the stakes have never been higher. How many times have your heard that? It’s no secret that the line between security and development is blurring in the face of high-profile breaches, attacks and increasingly bold bad actors.

But does that mean you now need to be a security expert? If you’re hesitant to put on a security hat, and creating great software is what motivates you, that’s fine. But it’s never been more important that development be complementary to security.

No one wants their code…


Human hacking — commonly referred to as ‘social engineering’ — predates computers. How can you avoid being manipulated into disclosing information that should be kept close to the vest?

“Human hacking” predates computers. (Source: Getty Images)

Whenever we hear of a cybersecurity incident, the first thing that many people picture is a dark-hooded hacker sitting behind a computer who has used their super l33t skills to penetrate the network of a company and take all the company’s data.

What occurs more commonly is a breakdown at the human level. Yes, we, the folks that use our computers and phones for everything from email and web surfing to banking and shopping are the weakest link in the security chain. It’s not for lack of wanting to be secure. …


I mentioned in my first article that I was starting on a journey to better understand the security landscape and learn how security techniques and tools are used to protect systems. Soon after I published, I went off to look for a good training course that:

  • Provided a clear path and not a jumbled mesh of topics
  • Offered relevant techniques based on discussions I had with security people
  • Had positive feedback in the community
  • Had a good support structure
  • Offered flexibility in terms of schedule (i.e., self-paced)

Having a structured curriculum was a key factor in my choice. There are…


A number of people have asked me about my recent uptick in tweets relating to information security. Some even asked me if I had left web development. I honestly didn’t think anyone had noticed but looking back I can clearly see how my interest in the area has been featured in my tweet stream.

Let me say that I haven’t left web development. I still love the web and the awesomeness that can be built from it. For example I’m about to begin learning Vue.js for a new project at work and I’m really excited about getting into building a…


Since I’ve switched back to Windows 10 as my primary OS for web development, I’ve need to think about how to effectively work with developers on *nix-based system.

One thing that hit me recently is the differences in line feeds in source files. Windows will add a carriage return + line-feed (CRLF) to the end every line of code which becomes troublesome for OSes such as macOS & Linux which simply expect a line-feed (LF). The result is really borked looking files when opened in your favorite editor. Thankfully Git has solutions for this and they’re fairly straightforward.

At the Developer Level

If you…


I’ve been thinking a lot about the topic of “JavaScript Fatigue” and have had a number of exchanges with other developers about their opinions and, most importantly, their concerns. The post, How it feels to learn JavaScript in 2016, by Jose Aguinaga kicked off quite a bit of debate of what I feel has been a growing concern to the amount of tooling necessary to build web sites and applications. On one side you have many empathizing with the complexities of building JavaScript apps while the other voicing their support for the evolution of web development.

I tweeted out my…


I’m learning to develop apps using Node.js and Express. My text of choice at the moment is Ethan Brown’s excellent book Web Development with Node & Express. It’s really been a great reference and Ethan has been so responsive to my questions. I seriously recommend it if you’re looking to get into Node development.

But as with any book that tries to cover a quickly evolving technology like Node.js, I’m finding hiccups that can lead to confusion and lost productivity. I don’t blame any author at all for this because it’s just the nature of projects like this that are…


Updated: 10/7/2016

I wanted to offer up what I felt were good books/resources to carry you through learning JavaScript.

Note that some resources will overlap between levels. That should be expected as some books cover a wide breadth of language features. Also, I am NOT covering blogs in this post, only books (print and online). If you think something’s missing, please add it to the comments below.

Also, I’m not saying that you need to read every book mentioned below. These are books that I’ve read over the years and found incredibly useful so I’m categorizing them to make it…


I use jQuery…a lot. It just makes JavaScript development much easier for me. Every so often, I may come across a site where I want to poke around and see what’s going on under the hood. In many cases, jQuery is being used so it’s simple to spark up Firebug and leverage jQuery to work with a document. While jQuery is very pervasive, there are still plenty of sites that don’t use it which forces me to go back to plain ‘ole JavaScript. …

Rey Bango

Tinkering in cybersecurity at Veracode and helping developers build secure software. Fortis Fortuna Adiuvat. Opinions are mine.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store