InfoSec for Developers is a developer resource for all things Encryption and InfoSec. No FUD. Just Stuff. Secure REST APIs From Common Attack Vectors 4 easy ways to secure REST APIs from common attack vectors. Protecting Against Cyberattackers Podcast: James Kaplan, cybersecurity practice lead at McKinsey Expert Speak - Michael McBryde InfoSec expert answers 5 #Developer #Security Questions. Multi-Tenant SaaS with PostgreSQL Best practices for multi-tenant SaaS access with PostgreSQL. Expert Speak - Adam Shostack InfoSec expert Adam Shostack answers 5 #Developer #Security Questions. Virtual IP Failover For PostgreSQL In AWS How to achieve virtual IP failover for PostgreSQL in AWS environment JWT vs JWS vs JWE What is the difference and when to use which. Expert Speak - Ben Rothke InfoSec expert answers 5 #Developer #Security Questions. Attack Vectors Against Identity Data Whitepaper that lists most prevalent attack vectors against identity data, and how to enable protection against these attack vectors. 5 Tips to Secure PostgreSQL Protect your PostgreSQL database from nasty breaches and hacking attacks. AWS Security Best Practices Get top 5 best practices to ensure complete security of your AWS cloud. Expert Speak - Michael McCabe InfoSec expert answers 5 #Developer #Security Questions. How To Prevent jQuery and Cross-Site Scripting Learn how to prevent the vulnerability due to stored XSS using input validation and output escaping. AWS Shared Responsibility Model for Data Security Whitepaper that tells app developers what they should know about the AWS Shared Responsibility Model for Data Security. You’re A Startup. How Should You Do Data Security? 8 Data Security Must-Haves for startups that are always low on time, money, dev hours and especially sys-admin hours. Encryption Errors That Developers Should Avoid Encryption can alleviate the impact of security breaches; but it has to be done right. HSTS: Why Needed and How To Configure Why developers need HTTP Strict Transport Security (HSTS) and how to configure it. Bring Your Own Encryption Keys Bring Your Own Keys (BYOK) for encryption model brings in trust into SaaS. To Encrypt or Not To Encrypt? 5 True Answers that bust the myths around encryption and conclusively answers the question - To Encrypt of Not to Encrypt.