RFC Weekly - 6th November 2017

Web security workshop - work in progress

I mentioned a little while back a plan to produce a web security workshop. Slowly this is taking shape.

At a high level it is a collection of two projects - a target website and a hacker website.

The target website is intended to be a simple, but functional, website. By design it has a number of security flaws.

The hacker website exploits those flaws.

The intention being that a team of developers would work through the target site removing security flaws until such point that the hacker website is unable to exploit the site.

Eventually, as the developers check in code changes, the website will go through a CD pipeline to be deployed out and the hacker exploits to be run automatically. I'm thinking a combination of TeamCity, Docker and Cypress.io for this.

The target website can be found at https://github.com/Red-Folder/SecretsRUs

The hacker website can be found at https://github.com/Red-Folder/WeHackSecrets

IR35 changes to come to private sector?

There seem to be a number of rumours that the IR35 changes applied to the public sector are to be applied to the private sector - an announcement in the November budget and to then apply from April 2018.

Roughly speaking the change moves the responsibility of IR35 liability to the employer.

I've mixed views on this.

I really like taking the ambiguity out of the situation. It should make a contractors life easier and less risky.

In practice though, I doubt employers or agencies are going to ready for it. We saw from the public sector that poorly thought out blanket decisions where made - in some case resulting in acute shortages for the public sector (interesting HMRC seem to one of those worst hit).

More following the budget.

Separation on brands

I've been considering lately splitting Red Folder Consultancy from me as a professional. This would be to provide clearer focus to prospective customers.

Red Folder Consultancy would targeted at teh better ROI from Software Development & consultancy practices.

While my professional profile would be closer to the experiences I have in handling legacy software and teams.

I'm likely to looks at this next year once I've had a chance to think out it a bit more.

About the author:

Mark Taylor is an experience IT Consultant passionate about helping his clients get better ROI from their Software Development.

He has over 20 years Software Development experience - over 15 of those leading teams. He has experience in a wide variety of technologies and holds certification in Microsoft Development and Scrum.

He operates through Red Folder Consultancy Ltd.