add a few aws lambda resources

mattmakai · mattmakai · commit aa20766eb8a8 · 2018-12-15T10:48:02.000-05:00
diff --git a/content/pages/04-web-development/53-stripe.markdown b/content/pages/04-web-development/53-stripe.markdown
@@ -22,6 +22,11 @@ for processing payments.
 * [Switching from Braintree to Stripe](https://www.deekit.com/braintree-to-stripe/)
   covers one development team's experience with moving payment providers.
 
+* [Dirt Cheap Recurring Payments with Stripe and AWS Lambda](http://normal-extensions.com/2017/05/05/simple-recurring/)
+  explains how to use the Stripe API with [AWS Lambda](/aws-lambda.html)
+  to handle recurring payments instead of using a more expensive service 
+  like Chargify or Recurly if you only have minimal requirements.
+
 
 ### Resources about Stripe
 * [How Stripe Designs Beautiful Websites](https://www.leejamesrobinson.com/blog/how-stripe-designs-beautiful-websites/)
@@ -32,3 +37,4 @@ for processing payments.
 * [Creating a Culture of Observability](http://onemogin.com/observability/stripe/culture/monitoring/monitorama/creating-a-culture-of-observability.html)
   is a technical talk about monitoring systems at scale. The presenter works
   at Stripe so much of his 
+
diff --git a/content/pages/04-web-development/56-web-app-security.markdown b/content/pages/04-web-development/56-web-app-security.markdown
@@ -38,6 +38,9 @@ request forgery and usage of public-private keypairs.
   testing tool for checking firewalls to ensure they are protecting the
   appropriate ports and payloads.
 
+* [Security monkey](https://github.com/Netflix/security_monkey) monitors for
+  changes to AWS, Google Cloud, GitHub and other infrastructure systems.
+
 
 ### Specific vulnerabilities
 * [httpoxy](https://httpoxy.org/) is a set of vulnerabilities that can affect
@@ -110,6 +113,10 @@ resources can also give you a good overview of how HTTPS works.
   as well as what stage and size company it is recommended that you put those
   procedures in place.
 
+* [Reckon you've seen some stupid security things? Here, hold my beer...](https://www.troyhunt.com/reckon-youve-seen-some-stupid-security-things-here-hold-my-beer/)
+  provides hilarious, and terribly sad, security vulnerabilities and weaknesses
+  around encryption and password storage.
+
 * This page contains a
   [fantastic curated list of security reading material](http://dfir.org/?q=node/8/)
   from beginning to advanced topics.
@@ -125,7 +132,6 @@ resources can also give you a good overview of how HTTPS works.
   is a great list of password cracking, scanning, sniffing and other security
   penetration testing tools.
 
-* [Security Tips from Apache](http://httpd.apache.org/docs/current/misc/security_tips.html)
 
 * The EFF has a well written overview on 
   [what makes a good security audit](https://www.eff.org/deeplinks/2014/11/what-makes-good-security-audit). It's broad but contains some of their behind the
@@ -144,6 +150,12 @@ resources can also give you a good overview of how HTTPS works.
 * [Crypto 101](https://www.crypto101.io/) is an introductory course on
   cryptography for programmers.
 
+* The first answer to the question
+  ["Why are salted hashes more secure for password storage?"](https://security.stackexchange.com/questions/51959/why-are-salted-hashes-more-secure-for-password-storage)
+  on Stack Overflow gives a wonderful explanation for why this is an
+  important technique to use to keep your database passwords and other
+  secrets more secure if the hashed strings are leaked.
+
 * [An in-depth analysis of SSH attacks on Amazon EC2](http://getprismatic.com/story/1409447605839)
   shows how important it is to secure your web servers, especially when they are
   hosted in IP address ranges that are commonly scanned by malicious actors.
diff --git a/content/pages/04-web-development/57-sql-injection.markdown b/content/pages/04-web-development/57-sql-injection.markdown
@@ -0,0 +1,27 @@
+title: SQL Injection
+category: page
+slug: sql-injection
+sortorder: 0457
+toc: False
+sidebartitle: SQL Injection
+meta: SQL Injection is a web application vulnerability category that can affect both relational and NoSQL databases.
+
+
+# SQL Injection
+SQL injections are a category of web application security vulnerabilities that 
+can affect both [relational databases](/databases.html) and 
+[NoSQL data stores](/no-sql-datastore.html).
+
+
+### SQL Injection resources
+* [How security flaws work: SQL injection](https://arstechnica.com/information-technology/2016/10/how-security-flaws-work-sql-injection/)
+  is an approachable primer on the history and danger of how unsanitized
+  inputs to a database work.
+
+* [Preventing SQL injections](https://tapoueh.org/blog/2018/11/preventing-sql-injections/)
+  provides a [PostgreSQL](/postgresql.html) and psycopg2 example for how
+  to avoid getting bit by a SQL injection vulnerability.
+
+* [Securing your site like it's 1999](https://24ways.org/2018/securing-your-site-like-its-1999/)
+  covers a bunch of common web application vulnerabilities including
+  SQL injection.
diff --git a/content/pages/05-deployment/39-aws-lambda.markdown b/content/pages/05-deployment/39-aws-lambda.markdown
@@ -13,7 +13,7 @@ is a compute service that executes arbitrary Python code in response
 to developer-defined AWS events, such as inbound API calls or file 
 uploads to [AWS' Simple Storage Service (S3)](https://aws.amazon.com/s3/).
 
-<a href="https://aws.amazon.com/lambda/" style="border:none"><img src="/img/logos/aws-lambda.jpg" width="100%" alt="AWS Lambda logo." class="technical-diagram" style="border-radius:6px"></a>
+<a href="https://aws.amazon.com/lambda/" style="border:none"><img src="/img/logos/aws-lambda.jpg" width="100%" alt="AWS Lambda logo." class="shot outl rnd"></a>
 
 
 ## Why is Lambda useful?
@@ -28,7 +28,7 @@ configuring servers, deploying their code and scaling based on traffic.
 Lambda only had support for JavaScript, specifically Node.JS, when it was 
 first released in late 2014. Python 2 developers were welcomed to the 
 platform less than a year after its release, in October 2015. Lambda now 
-has support for both Python 2.7 and 3.6.
+has support for both Python 2.7, 3.6 and 3.7.
 
 
 ### Python-specific AWS Lambda resources
@@ -49,14 +49,24 @@ has support for both Python 2.7 and 3.6.
   for SQL injection vulnerabilities in serverless functions on AWS Lambda.
 
 * [Building Scikit-Learn For AWS Lambda](https://serverlesscode.com/post/scikitlearn-with-amazon-linux-container/)
+  follows up on the 
+  [Using Scikit-Learn In AWS Lambda](https://serverlesscode.com/post/deploy-scikitlearn-on-lamba/)
+   post which shows how to perform scientific computing with Python
+   packages on AWS Lambda.
 
-* [Code Evaluation With AWS Lambda and API Gateway](https://realpython.com/blog/python/code-evaluation-with-aws-lambda-and-api-gateway/) shows how to develop a code evaluation API, to execute arbitrary code, with AWS Lambda and API Gateway.
+* [Creating Serverless Functions with Python and AWS Lambda](https://hackernoon.com/creating-serverless-functions-with-python-and-aws-lambda-901d202d45dc)
+  explains how to use the [Serverless framework](https://serverless.com/)
+  to build Python applications that can be deployed to AWS Lambda.
 
+* [Code Evaluation With AWS Lambda and API Gateway](https://realpython.com/blog/python/code-evaluation-with-aws-lambda-and-api-gateway/) 
+  shows how to develop a code evaluation API, to execute arbitrary code, with AWS Lambda and API Gateway.
 
-### General AWS Lambda resources
-* [The Serverless Start-Up - Down With Servers!](http://highscalability.com/blog/2015/12/7/the-serverless-start-up-down-with-servers.html)
 
+### General AWS Lambda resources
 * [AWS Lambda Serverless Reference Architectures](http://www.allthingsdistributed.com/2016/06/aws-lambda-serverless-reference-architectures.html)
+  provides blueprints with diagrams of common architecture patterns that
+  developers use for their mobile backend, file processing, stream
+  processing and web application projects.
 
 * The 
   [AWS Lambda tag](https://aws.amazon.com/blogs/aws/category/aws-lambda/)
@@ -70,3 +80,12 @@ has support for both Python 2.7 and 3.6.
   is an awesome real-world story with the architecture behind a serverless
   AWS Lambda application deployment at Nordstrom.
 
+* [How was your experience with AWS Lambda in production?](https://news.ycombinator.com/item?id=14601809)
+  has a good discussion of some of the benefits and issues that developers
+  had as of mid-2017 with using Lambda for production applications.
+
+* [Passwordless database authentication for AWS Lambda](https://cloudonaut.io/passwordless-database-authentication-for-aws-lambda/)
+  shows how to use a MySQL backend from your Lambda functions.
+
+* [How does language, memory and package size affect cold starts of AWS Lambda?](https://read.acloud.guru/does-coding-language-memory-or-package-size-affect-cold-starts-of-aws-lambda-a15e26d12c76)
+  investigates the performance implications of various Lambda settings.
diff --git a/theme/templates/choices/sql-injection.html b/theme/templates/choices/sql-injection.html
@@ -0,0 +1,18 @@
+<h3>What web development topic do you want to learn about next?</h3>
+<div class="row">
+ <div class="c4">
+  <div class="well select-next">
+   {% include "choices/buttons/databases.html" %}
+  </div>
+ </div>
+ <div class="c4">
+  <div class="well select-next">
+   {% include "choices/buttons/web-application-security.html" %}
+  </div>
+ </div>
+ <div class="c4">
+  <div class="well select-next">
+   {% include "choices/buttons/logging.html" %}
+  </div>
+ </div>
+</div>
diff --git a/theme/templates/choices/web-application-security.html b/theme/templates/choices/web-application-security.html
@@ -1,18 +1,18 @@
 <h3>What web development topic do you want to learn about next?</h3>
 <div class="row">
-    <div class="c4">
-        <div class="well select-next">
-            {% include "choices/buttons/web-analytics.html" %}
-        </div>
-    </div>
-    <div class="c4">
-        <div class="well select-next">
-            {% include "choices/buttons/api-integration.html" %}
-        </div>
-    </div>
-    <div class="c4">
-        <div class="well select-next">
-            {% include "choices/buttons/logging.html" %}
-        </div>
-    </div>
+ <div class="c4">
+  <div class="well select-next">
+   {% include "choices/buttons/web-analytics.html" %}
+  </div>
+ </div>
+ <div class="c4">
+  <div class="well select-next">
+   {% include "choices/buttons/api-integration.html" %}
+  </div>
+ </div>
+ <div class="c4">
+  <div class="well select-next">
+   {% include "choices/buttons/logging.html" %}
+  </div>
+ </div>
 </div>
diff --git a/theme/templates/table-of-contents.html b/theme/templates/table-of-contents.html
@@ -136,7 +136,7 @@ <h4>4.12 <a href="/api-integration.html">API integration</a></h4>
 <div class="tc tds"><a href="/slack.html">Slack</a></div>
 <div class="tc tds"><a href="/okta.html">Okta</a></div>
 <h4>4.13 <a href="/web-application-security.html">Web application security</a></h4>
-<div class="tc tds sn">SQL injection</div>
+<div class="tc tds"><a href="/sql-injection.html">SQL injection</a></div>
 <div class="tc tds sn">Cross Site Request Forgery</div>
 </div>
 
