diff --git a/input/pages/about.md b/input/pages/about.md index 6af541a..b839d08 100644 --- a/input/pages/about.md +++ b/input/pages/about.md @@ -10,4 +10,4 @@ I also have a reasonably significant academic background. I hold a PhD in Compu Just in case you're curious, these days I mostly spend my time working at paid employment (or, while unemployed, some personal projects I'm tinkering with), or reading computer science/programming/software development textbooks.[^1] To prove I'm not *completely* boring, I used to be fairly heavily involved with [NZLARPS](https://nzlarps.org/), but have been too caught up in doctoral studies in the past few years. I do still attend a weekly tabletop roleplaying game, thanks to the [Auckland Roleplaying Guild](https://aucklandrpg.nz/). Wait, that might not be proof non-boring-ness... -[^1]: One day I will get around to putting up a listing of what I have read, and probably include brief reviews also. +[^1]: One day I *might* get around to putting up a listing of what I have read, and probably include brief reviews also. diff --git a/input/posts/OWASPJuiceShopDeployingSecuring/One.md b/input/posts/OWASPJuiceShopDeployingSecuring/One.md index a77f201..ef4dca3 100644 --- a/input/posts/OWASPJuiceShopDeployingSecuring/One.md +++ b/input/posts/OWASPJuiceShopDeployingSecuring/One.md @@ -48,7 +48,7 @@ I also hope to explore using further cloud ecosystems than just AWS—especially ## Security -The real main focus of this self-inflicted project is to explore securing a web application. For this purpose, I roughly plan to follow the typical flow of going from planning through to development, building and deployment etc. So, that should mean starting with exercises such as attempting threat modelling, to applying SAST tools where they offer a [free version for open source](https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools), to applying DAST, to securing the cloud deployment. One other thing I specifically hope to look into is both generating Software Bills of Material ([SBOMs](https://owasp.org/www-community/Component_Analysis#software-bill-of-materials-sbom))[^SaasBOM] automatically, the tooling around that (e.g. OWASP's [DependencyCheck](https://owasp.org/www-project-dependency-check/) and [DependencyTrack](https://owasp.org/www-project-dependency-track/)), and going from there to using the SLSA framework. +The real main focus of this self-inflicted project is to explore securing a web application. For this purpose, I roughly plan to follow the typical flow of going from planning through to development, building and deployment etc. So, that should mean starting with exercises such as attempting threat modelling, to applying SAST tools where they offer a [free version for open source](https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools), to applying DAST, to securing the cloud deployment. One other thing I specifically hope to look into is both generating Software Bills of Material ([SBOMs](https://owasp.org/www-community/Component_Analysis#software-bill-of-materials-sbom))[^SaasBOM] automatically, the tooling around that (e.g. OWASP's [DependencyCheck](https://owasp.org/www-project-dependency-check/) and [DependencyTrack](https://owasp.org/www-project-dependency-track/)), and going from there to using the [SLSA framework](https://slsa.dev/). I'm very open to suggestions of specific other tools to explore! diff --git a/input/posts/test.md b/input/posts/test.md new file mode 100644 index 0000000..b14d791 --- /dev/null +++ b/input/posts/test.md @@ -0,0 +1,9 @@ +Title: A Test Blog Post +Lead: To check if the Statiq Generator is working at all +Published: 11-07-2023 +Tags: + +- Test test +- El Salvador + +--- \ No newline at end of file