Wherein I recap the things I’ve done and learned this year as a software developer (mainly at work). I’ve fixed many bugs and uttered many curses. Through it all I’ve constantly strived to make the code a better place.
Amazon Web Services
Video encoding instances Launch/Start when there’s a backlog, and Stop/Terminate when there’s not. Said goodbye to Amazon SQS for job queues, and hello to Redis. Hello consistency and speed.
You’ll be vulnerable if the following are true:
You’ve got a webapp that accepts user input You use strip_tags() or similar to sanitize fields You don’t explicitly remove less-than or greater-than characters from those fields (PHP’s strip_tags won’t remove a partial “<script” tag) Values from two or more of these fields are printed close to each other in the output HTML, with little or no markup between them The fourth item is tricky … The markup between the field values must not contain any quotes (the quotes would prematurely close the script tag injection attempt).