#107 Niall Merrigan, Hacking, Bug Bounties and Responsible Disclosure

Summary
Niall Merrigan, security researcher tells me about bug hunting and the best hacks he has seen.

Details
Who he is, what he does. Bug hunting, crowd sourcing the hunters, bug bounties, should you invite attacks on production, Hacker One and Bug Crowd. IoT is the most attacked software; smart cars, aircraft. Security.txt. Responsible disclosure, what do if you find a bug, Niall's experience when reporting a particular bug. Even when bugs are known and acknowledged they are not necessarily fixed; industry code systems, hacks designed to kill. Is every hack is a "sophisticated hack", the @mat hack. Are you a target for hacks. The most impressive hack Niall has seen. Physical access to device, hak5 rubber duckie. Supply chain injection*. Hacking a cat.

* We recorded this episode before the Super Micro story broke.

Links
Niall's homepage
Niall's Twitter

Download mp3 of podcast

#106 Joe McBride, GraphQL for .NET

Summary
Joe McBride, creator GraphQL .NET tells me about his implementation of the GraphQL standard.

Details
Who he is, what he does. What GraphQL is, protocol agnostic, type safe. Why use GraphQL; queries, fields. Why use GraphQL, how it is being used, some missing features. OData as a substitute for GraphQL. Why Joe built GraphQL.Net, the bus rule. How compliant GraphQL.Net is with the standard. The GraphQL UI. A practical example reducing the number of columns requested by the ORM. Unit testing. GraphQL as backend for your frontend. Upcoming React conference in Nevada.

Links
GraphQL GitHub
Joe's Twitter
Joe's homepage

Download mp3 of podcast