Tes Engineering Blog

Musings of the Tes Engineering Team

BlogHow we workMeet the TeamOpen rolesWork with us

Posts tagged with "security"

  1. Secure together: SnykCon 2020

    11 November, 2020

    I recently took two of my Tes training days to "attend" the inaugural SnykCon. It actually happened a few weeks ago, but thanks to it being a remote conference and recorded I was able to attend anyway, in my own timezone, without flying anywhere. Which I think is just fantastic. There was a good mix of content. I got exposed to some new ideas. Most talks were ~25 mins. tl;dr I would recommend the…

  2. Clickjacking explained

    10 November, 2020

    Clickjacking means that a user's click is highjacked for a different purpose. The user thinks they’re clicking on one thing, but in reality, their click is used to trigger something completely different. How's this possible? Let me explain. An example A malicious actor Alison creates a landing page with a very attractive offer for clueless user Ursula. It's so attractive that Ursula can't help but…

  3. Authentication and Authorisation 101

    02 June, 2020

    A few months ago I gave a talk at a Node Girls and Women of Security meetup to share a few things I have learned about authentication and authorisation since joining our Security Engineering team at Tes. You can see the video of this talk here. This post summarises some of the key points made during the talk, alongside some sketch notes and code snippets from an example app. Authentication and…

  4. Interview: Life in the Security Engineering team

    12 May, 2020

    George Maddocks was in our Security Engineering team for 6 months. In a short video, he tells us about his role in the team and what he learnt. Security series overview At Tes, secure systems are important to us. We hold precious information in our products that we need to protect. In this series, we’ll be sharing some of the work we do: enabling our engineering teams to deliver software that is…

  5. 'With Great Power' - Making security documentation that matters

    10 May, 2020

    Series overview At Tes, secure systems are important to us. We hold precious information in our products that we need to protect. Our products are built and managed by independent squads that we trust to take responsibility for quality and delivery. We have a Security Engineering Team to help our delivery teams get security right. In this series, we’ll be writing about some of the work we do…

  6. Enabling a secure culture in engineering: the SecEng Team

    03 May, 2019

    A sense of separation has sometimes existed between Security and Development, as though the two are not inherently connected. Security considerations have always fed into the way we work at Tes, but without the right connections it can be easy to end up viewing security as an impediment to speedy delivery or vice versa. We started a Security Engineering team ('SecEng' if you like) to bridge this…

  7. Automated vulnerability checks and the end of NSP

    01 October, 2018

    Exploiting known vulnerabilities is still the number one way attackers compromise a system and is on the OWASP list of the Top 10 Most Critical Web Application Security Risks, so we’ve made automated vulnerability checking an important part of our development flow here at Tes. We’ve been using , a neat little command line tool from the Node Security Platform (NSP), to find known vulnerabilities…

  8. Secure file uploads with redux-plupload, ClamAV and S3

    03 November, 2016

    We have recently added a new feature that allows a user to upload a file from our webpage. We implemented this using redux-plupload, ClamAV and S3 to satisfy the following requirements: the file should be uploaded from the client to avoid excessive memory use on the server while streaming files. the upload must be secure and the file must be stored securely (and ideally encrypted at rest). the…

  9. The things we trust to github

    15 February, 2016

    One of the issues of using public GitHub is that, well, it's public. Even with the layers of security, it's all your information 'out there'. Somewhere. However, it is a fact of life that we all use GitHub and many large and small companies choose the hosted GitHub option over hosting an in-house, expensive GitHub Enterprise environment. The problem is that developers and operations folks…

© Tes Engineering Team2020| All rights reserved
Follow @tes_engineering