Podcasts about aws cognito

Сегодня мы обсуждаем одну из самых не простых тем в мире AWS — аутентификацию и авторизацию. Вместе с нашим гостем, Artsiom Rachytski, Senior Solutions Architect AWS, мы разберем эти непростые, но очень важные понятия. Разобрали: Что такое аутентификация: современные подходы, OAuth и JWT (SAML 2.0.) Как можно реализовать аутентификацию в приложении с помощью Cognito: Hosted UI, SDK, API Cognito User Pools vs Identity Pools Кастомизация в Cognito и интеграция с сервисами AWS на примере API Gateway Как не нужно кастомизировать: лимиты в Cognito Чем авторизация отличается от аутентификации Почему Cognito не решает задачу авторизации и какой сервис ее решает (Amazon Verified Permissions) Если вам показалось мало, вот тут можно посмотреть и почитать больше RBAC с Amazon Cognito через интеграцию с внешним IdP: https://aws.amazon.com/blogs/security/role-based-access-control-using-amazon-cognito-and-an-external-identity-provider/ Видео с ANZ Summit 2022: Application Identity с помощью Amazon Cognito: https://www.youtube.com/watch?v=8xmJv1f9WLk 

In today's episode, we delve into the surprising world where competitors and third parties outshine original services in documentation, with notable examples like Auth0 and AWS Cognito, and Logz.io's take on Elasticsearch. We also explore ServiceNow's impressive performance boost, fueled by generative AI. The episode further unpacks the future of software engineering as predicted by Gartner and the pivotal role of developer advocacy in ethical technology. Join us for a comprehensive discussion on the evolving landscape of tech development and corporate investment in AI.Stay updated with new weekly episodes every Thursday – and don't forget to subscribe! For more behind-the-scenes content, follow us @justshiftleft on Facebook, Instagram, Twitter, and LinkedIn.

We've got a mix of topics this week, started with a bit of discussion around the recent Rapid Reset denial of service attack, before diving into a few vulnerabilities. A Node "permissions" module escape due to having a fail-open condition when unexpected but supported types are passed in. Then we talk about some common AWS Cognito issues, a fun little privilege escalation in Confluence, and a log injection bug leading to RCE. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/219.html [00:00:00] Introduction [00:00:15] HTTP/2 Rapid Reset Attack [CVE-2023-44487] [00:04:35] [Node] Path traversal through path stored in Uint8Array [00:09:44] Attacking AWS Cognito with Pacu [00:14:33] Privilege Escalation Vulnerability in Confluence Data Center and Server [CVE-2023-22515] [00:21:15] Not Your Stdout Bug - RCE in Cosmos SDK The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec

Google Cloud Security Assessment from a pentester's lens. Anjali from NotSoSecure will be sharing her research into Google Cloud IAP & finding ways to assess the use of Google Cloud IAP in your environment and what are some of the low hanging fruits that you can remove today to reduce any potential risk from the service to your Google Cloud environment. Episode YouTube Video Link Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠) Guest Socials: Anjali S's Linkedin (Anjali S) Podcast Twitter - ⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠ - ⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠ Spotify TimeStamp for Interview Questions A word from our sponsors - you can visit them on ⁠⁠⁠⁠⁠snyk.io/csp⁠⁠⁠⁠⁠ (00:00) Introduction (04:31) A bit about Anjali Shukla (05:23) What is GCP IAP? (07:18) Why is IAP so important? (09:55) IAP and Identity Federation (11:34) SSH vs Jump Box (13:57) GCP IAP vs AWS Cognito (16:22) Misconfigurations in GCP IAP (23:17) Potential security scenarios (25:45) Cloud Security Assessment in GCP (28:13) Doing your own cloud security assessment (30:49) The Fun Questions See you at the next episode!

Jim and Jeff talk with Sarah Cecchetti, Head of Product for AWS Cognito and co-founder and board member of IDPro, about managing IAM teams, products, projects, and everything in between. Connect with Sarah: https://www.linkedin.com/in/sarahcecchetti/ IDPro: https://idpro.org/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.

This is a special episode recorded live during a live coding session on YouTube (2022-09-28). The audio-only experience might not be the best one, so if you are curious to see the video and enjoy our diagrams and screen sharing, please check this episode on YouTube: https://youtu.be/b-FoqIcOcPw. How can you build a WeTransfer or a Dropbox Transfer clone on AWS? This is our sixth (and last!) live coding stream. In this episode, we completed the authentication layer for our file transfer application. Specifically, we completed the OAuth 2 device flow on top of AWS Cognito and updated the weshare CLI application to support this new authentication flow. We also added an authorization layer in front of our file upload API. All our code is available in this repository: https://github.com/awsbites/weshare.click In this episode we mentioned the following resources: GitHub PR with the final OAuth 2.0 device flow step: https://github.com/awsbites/weshare.click/pull/2 jwtinfo CLI tool: https://github.com/lmammino/jwtinfo enquirer package: https://npm.im/enquirer undici HTTP client package: https://npm.im/undici open package to open the browser at a specific URL: https://npm.im/open ora: animated spinner package: https://npm.im/ora conf package for persisting user settings: https://npm.im/conf You can listen to AWS Bites wherever you get your podcasts: - Apple Podcasts: https://podcasts.apple.com/us/podcast/aws-bites/id1585489017 - Spotify: https://open.spotify.com/show/3Lh7PzqBFV6yt5WsTAmO5q - Google: https://podcasts.google.com/feed/aHR0cHM6Ly9hbmNob3IuZm0vcy82YTMzMTJhMC9wb2RjYXN0L3Jzcw== - Breaker: https://www.breaker.audio/aws-bites - RSS: https://anchor.fm/s/6a3312a0/podcast/rss Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on Twitter: - https://twitter.com/eoins - https://twitter.com/loige #AWS #livecoding #transfer

This is a special episode recorded live during a live coding session on YouTube (2022-09-21). The audio-only experience might not be the best one, so if you are curious to see the video and enjoy our diagrams and screen sharing, please check this episode on YouTube: https://www.youtube.com/watch?v=0TzfkbisMEA. How can you build a WeTransfer or a Dropbox Transfer clone on AWS? This is our fifth live coding stream. In this episode, we continued adding some security to our application. Specifically, we implemented 75% of the OAuth 2 device flow on top of AWS Cognito to allow our file upload CLI application to get some credentials. In order to implement this flow, we need to store some secrets. We decided to use DynamoDB and spent a lot of time discussing our data design and how and why we used the famous and controversial DynamoDB single table design principle. All our code is available in this repository: https://github.com/awsbites/weshare.click In this episode we mentioned the following resources: OAuth 2 Device Auth flow RFC8628: https://www.rfc-editor.org/rfc/rfc8628 The DynamoDB book by Alex DeBrie: https://www.dynamodbbook.com/ LevelDB: https://github.com/google/leveldb OAuth 2 Authorization framework RFC6749: https://www.rfc-editor.org/rfc/rfc6749 You can listen to AWS Bites wherever you get your podcasts: - Apple Podcasts: https://podcasts.apple.com/us/podcast/aws-bites/id1585489017 - Spotify: https://open.spotify.com/show/3Lh7PzqBFV6yt5WsTAmO5q - Google: https://podcasts.google.com/feed/aHR0cHM6Ly9hbmNob3IuZm0vcy82YTMzMTJhMC9wb2RjYXN0L3Jzcw== - Breaker: https://www.breaker.audio/aws-bites - RSS: https://anchor.fm/s/6a3312a0/podcast/rss Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on Twitter: - https://twitter.com/eoins - https://twitter.com/loige #AWS #livecoding #transfer

This is a special episode recorded live during a live coding session on YouTube (2022-09-16). The audio-only experience might not be the best one, so if you are curious to see the video and enjoy our diagrams and screen sharing, please check this episode on YouTube: https://www.youtube.com/watch?v=vVic3oqqqfY. How can you build a WeTransfer or a Dropbox Transfer clone on AWS? This is our fourth live coding stream. In this episode, we started looking into adding some security to our application. Specifically, we started implementing a device auth flow on top of AWS Cognito to allow our file upload CLI application to get some credentials. All our code is available in this repository: https://github.com/awsbites/weshare.click In this episode we mentioned the following resources: Content-Disposition Header on MDN: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition OAuth 2 Device Auth flow RFC8628: https://www.rfc-editor.org/rfc/rfc8628 XKCD Comic about password security: https://xkcd.com/936/ crypto-random-string package: https://www.npmjs.com/package/crypto-random-string Dash offline documentation app: https://kapeli.com/dash You can listen to AWS Bites wherever you get your podcasts: - Apple Podcasts: https://podcasts.apple.com/us/podcast/aws-bites/id1585489017 - Spotify: https://open.spotify.com/show/3Lh7PzqBFV6yt5WsTAmO5q - Google: https://podcasts.google.com/feed/aHR0cHM6Ly9hbmNob3IuZm0vcy82YTMzMTJhMC9wb2RjYXN0L3Jzcw== - Breaker: https://www.breaker.audio/aws-bites - RSS: https://anchor.fm/s/6a3312a0/podcast/rss Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on Twitter: - https://twitter.com/eoins - https://twitter.com/loige #AWS #livecoding #transfer

Jim and Jeff talk with Sarah Cecchetti, Principal Product Manager for AWS Identity and Co-founder, Board Member, and President of IDPro, about AWS Cognito and the new IDPRO Certified Identity Professional (CIDPRO) certification. Connect with Sarah on LinkedIn: https://www.linkedin.com/in/sarahcecchetti/ IDPro certification link: https://idpro.org/cidpro/ Learn more about AWS Cognito: https://aws.amazon.com/cognito/ Connect with Jim and Jeff on LinkedIn here: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show at www.IdentityAtTheCenter.comand follow @IDACPodcast on Twitter. Have a question for Jim and Jeff? Ask us here: https://anchor.fm/identity-at-the-center/message --- Send in a voice message: https://anchor.fm/identity-at-the-center/message

Kicking off the week with some awesome vulns, an "almost" padding oracle in Azure Functions, a race-condition in AWS Cognito, some sound engine bugs, and a Foxit Reader Use-after-free. [00:00:52] Arbitrary Code Execution in the Universal Turing Machine [CVE-2021-32471] Our discussion of this topic was probably a bit premature and there does seem to be a bit more to it than the title implied. Still no real-world impact, but a bit more interesting of situation none-the-less. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32471 https://arxiv.org/abs/2105.02124 [00:03:18] Detecting and annoying Burp users https://dustri.org/b/detecting-and-annoying-burp-users.html https://www.youtube.com/watch?v=I3pNLB3Cq24 [00:08:08] Enabling Hardware-enforced Stack Protection (cetcompat) in Chrome https://security.googleblog.com/2021/05/enabling-hardware-enforced-stack.html [00:13:00] Password reset code brute-force vulnerability in AWS Cognito https://www.pentagrid.ch/en/blog/password-reset-code-brute-force-vulnerability-in-AWS-Cognito/ [00:16:52] ASUS GT-AC2900 Authentication Bypass [CVE-2021-32030] https://www.atredis.com/blog/2021/4/30/asus-authentication-bypass [00:20:10] The False Oracle - Azure Functions Padding Oracle Issue https://polarply.medium.com/the-false-oracle-azure-functions-padding-oracle-issue-2025e0e6b8a [00:25:30] How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit https://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html [00:38:01] Workplace by Facebook | Unauthorized access to companies environment https://mvinni.medium.com/workplace-by-facebook-unauthorized-access-to-companies-environment-27-5k-a593a57092f1 [00:42:39] Exploiting the Source Engine (Part 2) - Full-Chain Client RCE in Source using Frida https://ctf.re//source-engine/exploitation/2021/05/01/source-engine-2/ https://phoenhex.re/2018-08-26/csgo-fuzzing-bsp [00:53:11] [Valve] OOB reads in network message handlers leads to RCE https://hackerone.com/reports/807772 [01:01:07] Security probe of Qualcomm MSM data services https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/ [01:05:17] Foxit Reader FileAttachment annotation use-after-free vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2021-1287 [01:09:45] Attack llvmpipe Graphics Driver from Chromium https://insinuator.net/2021/05/attack-llvmpipe-graphics-driver-from-chromium/ [01:16:00] Privilege Escalation Via a Use After Free Vulnerability In win32k [CVE-2021-26900] https://www.zerodayinitiative.com/blog/2021/5/3/cve-2021-26900-privilege-escalation-via-a-use-after-free-vulnerability-in-win32k [01:26:25] 21Nails: Multiple vulnerabilities in Exim https://www.qualys.com/2021/05/04/21nails/21nails.txt [01:27:22] nRF52 Debug Resurrection (APPROTECT Bypass) https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/ [01:28:56] Capture The Flag - Discussion Video https://www.youtube.com/watch?v=4u5MDsIfQM8 Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

Jesse Trucks is the Minister of Magic at Splunk, where he consults on security and compliance program designs and develops Splunk architectures for security use cases, among other things. He brings more than 20 years of experience in tech to this role, having previously worked as director of security and compliance at Peak Hosting, a staff member at freenode, a cybersecurity engineer at Oak Ridge National Laboratory, and a systems engineer at D.E. Shaw Research, among several other positions. Of course, Jesse is also the host of Meanwhile in Security, the podcast about better cloud security you're about to listen to.TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Announcer: If your mean time to WTF for a security alert is more than a minute, it's time to look at Lacework. Lacework will help you get your security act together for everything from compliance service configurations to container app relationships, all without the need for PhDs in AWS to write the rules. If you're building a secure business on AWS with compliance requirements, you don't really have time to choose between antivirus or firewall companies to help you secure your stack. That's why Lacework is built from the ground up for the cloud: low effort, high visibility, and detection. To learn more, visit lacework.com. That's lacework.com.My recent experience prepping a commercial space for a state fire marshal office inspection and approval has me thinking about compliance and security and ever-present ‘temporary' fix for things. How many times have we said, “Oh, I'll just do this quick fix to get us by,” and that quick fix becomes the de facto supported production implementation? Repeat after me: all changes are permanent until replaced. All changes are permanent until replaced.Anything we alter at all, whether it in computing or in real life, is a permanent alteration until it is replaced by a new alteration, or by a natural corrective or evolutionary process, like decay. We cut our hair and it grows back. We weed our gardens and the weeds return. If you don't want temporary changes happening in your environment, then implement hard controls that will correct any aberrations that come up. Cloud-native architectures give us the tools to force this by making it seamless to close down and erased from existence anything that veers from your ideal. Take advantage of this now.Meanwhile, in the news. Password reset code brute force vulnerability in AWS Cognito. If you use this AWS service, you should read this one. Although it is now patched, it's good to understand how AWS Cognito works more closely, which is true for any other security service you rely upon that is hosted by your cloud provider or other vendor.Task force seeks to disrupt a ransomware payment. This is tangentially related to cloud security because both Amazon and Microsoft has joined up on this one, but I'm personally fascinated by strange frenemy combinations who work together on these things. I'm watching for either interesting things to happen with their recommendations that could have an impact on disclosure of ransomware incidents, or for it all to fizzle out to do nothing.Is your cloud raining sensitive data? Kubernetes generally needs securing like any other service. Time to stop ignoring your newest infrastructure and lock Kubernetes down. However, if you want real security for your Kubernetes clusters, you should look at a robust solution like Fairwinds Insights. I'm a big fan of outsourcing tool development to experts.Enterprise lift and shift to the public cloud requires a newer type of API and cloud security program to prevent data breaches. Ignoring some glaring editing mistakes, which is rather difficult for me to do, I'd like this easy-to-read case study of a traditional on-prem infrastructure going through a lift-and-shift cloud migration. This piece specifically addresses some of the serious security implications of doing this, and how your attack surface changes dramatically in the process.NOAA shifts some key environmental data processing to the cloud. This one is important to me personally. Years ago, when I was a security engineer for the United States Department of Energy Oak Ridge National Laboratory High-Performance Computing Group—boy, that's a mouthful—I helped ensure security for one of the National Oceanic and Atmospheric Administration—or NOAA—supercomputers doing climate research. NOAA moving any of its compute systems supporting global research is a very big deal, and this is a great example of why AWS GovCloud is helping the US federal government modernize and move to the cloud. Also, mixing an acronym-heavy industry with government work turns into a pile of TLS so fast. Also, as another aside, this was back when I met The Duckbill Group CEO, Mike Julian, in Knoxville, Tennessee.Announcer: This episode is sponsored by ExtraHop. ExtraHop provides threat detection and response for the Enterprise (not the starship). On-prem security doesn't translate well to cloud or multi-cloud environments, and that's not even counting IoT. ExtraHop automatically discovers everything inside the perimeter, including your cloud workloads and IoT devices, detects these threats up to 35 percent faster, and helps you act immediately. Ask for a free trial of detection and response for AWS today at extrahop.com/trial. That's extrahop.com/trial.ClearDATA expands flagship solution to facilitate health care's adoption of containers and serverless tech. Speaking of outsourcing to experts, there are lots of compliance reporting options out there, and like my favorite, Qmulos. Full disclosure, remember I do work for Splunk. But there are less options for actively managing compliance in your cloud environment. Does anyone have experience with ClearDATA's Comply offering? Email me, I want to know more.Expanding security, visibility, and automation across AWS environments. I'm most interested in the AWS Graviton to ARM-based security in the asset discovery for AWS environments announcements in this piece. First, I love me some chip geekery, especially when security-related, and second, the thing most of us suck at is tracking your assets. Any help managing an asset list for our security tools is gravy.As Microsoft nears a $2 trillion market cap, Amazon is most likely to reach that level next. I'm always looking at economics and how that drives both behavior and technology. Also, looking at how markets move and companies grow and die tells us more about trends in technology decisions and spend than many other indicators. Stop and think about the implications of this: four of the world's five largest companies by market capitalization are us tech giants. Three of these are the parent companies of the three cloud giants: Microsoft, Amazon, and Alphabet or Google. It's a cloudy forecast for sure.Seven modern-day cybersecurity realities. None of these are earth-shattering news, but at least some of these will make you cringe when you consider your own environment. Feeling uncomfortable thinking about any of these is a good thing if you act on that feeling. Go forth and fix things.The challenge of securing non-people identities. Most of us wearily monitor people's account activity to ensure they aren't compromised. But the art and science behind monitoring accounts not tied to a person is more difficult to master. I argue some of the recent big security breaches shine light on these accounts being more critical to risk mitigation than human-used accounts.And now for the tip of the week. Turn off instances or containers or cloud services you aren't using. We turn off unused services on a system, right? Not using Postgres or MySQL? Shut it down. Not using the webserver? Shut it down.Leaving something answering on the network that isn't being actively used, or worse, not actively monitored, is an attack vector that can be easily leveraged by malware and bad actors. This is true for whole systems or cloud services that aren't actively part of your functional environment. If you aren't using your testing system, it should not be running at all. Leaving unused whole systems is far worse than leaving an extra service running because an intruder now has free reign over a whole machine that isn't in the spotlight, not just a corner of a well-used system. Given you can programmatically turn whole servers or containers on and off, there's no excuse for leaving them up when not in use. Turn those systems off. When in doubt, close the route.And that's a wrap for the week. This is Meanwhile in Security. Securely yours, Jesse Trucks.Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.Announcer: This has been a HumblePod production. Stay humble.

On todays guest-free rant we'll discuss Prisma JS, Typescript ORM's/query builders, AWS Cognito, and why you should build everything yourself instead of trusting other peoples code. Postgres, NPM, FaunaDB and other Javascript topics also continue to exist. Questions? Comments? Find out more on our site podcast.unrulysoftware.com (https://podcast.unrulysoftware.com). You can join our discord (https://discord.gg/NGP2nWtFJb) to chat about tech anytime directly with the hosts.

In episode 47 of Mobycast, we take a high level look at AWS Cognito and discuss when it's a good option for your projects. Welcome to Mobycast, a weekly conversation about containerization, Docker, and modern software deployment.

In episode 47 of Mobycast, we take a high level look at AWS Cognito and discuss when it's a good option for your projects. Welcome to Mobycast, a weekly conversation about containerization, Docker, and modern software deployment.

Panel: Charles Max Wood Guest: Gareth McCumskey This week on My JavaScript Story, Charles talks with Gareth McCumskey who is a senior web developer for RunwaySale! They talk about Gareth’s background, current projects and his family. Check out today’s episode to hear all about it and much more! In particular, we dive pretty deep on: 0:00 – Advertisement: Get A Coder Job! 0:53 – Chuck: Hey everyone! Welcome! We are talking today with Gareth McCumseky! 1:05 – Gareth: Hi! 1:22 – Chuck: Are you from Cape Town, Africa? (Guest: Yes!) 1:35 – Gareth and Chuck talk about his name, Gareth, and why it’s popular.  1:49 – Chuck: I am in my late 40’s. You were here for JSJ’s Episode 291! It’s still a hot topic and probably should revisit that topic. 2:20 – Guest: Yes! 2:30 – Chuck: It’s interesting. We had a long talk about it and people should go listen to it! 2:45 – Guest: I am a backend developer for the most part. 3:03 – Chuck: Yeah I started off as an ops guy. It probably hurt me. 3:21 – Guest: Yeah, if you poke it a certain way. 3:29 – Chuck: Let’s talk about YOU! How did you get into programming? 3:39 – Guest: South Africa is a different culture to grow-up in vs. U.S. and other places. I remember the computer that my father had back in the day. He led me drive his car about 1km away and I was about 11 years old. We would take home the computer from his office – played around with it during the weekend – and put it back into his office Monday morning. This was way before the Internet. I was fiddling with it for sure. The guest talks about BASIC. 6:20 – Chuck: How did you transfer from building BASIC apps to JavaScript apps? 6:30 – Guest: Yeah that’s a good story. When I was 19 years old...I went to college and studied geology and tried to run an IT business on the side. I started to build things for HTML and CSS and build things for the Web. The guest goes into-detail about his background! 9:26 – Chuck: Yeah, jQuery was so awesome! 9:34 – Guest: Yeah today I am working on an app that uses jQuery! You get used to it, and it’s pretty powerful (jQuery) for what it is/what it does! It has neat tricks. 10:11 – Chuck: I’ve started a site with it b/c it was easy. 10:19 – Guest: Sometimes you don’t need the full out thing. Maybe you just need to load a page here and there, and that’s it. 10:39 – Chuck: It’s a different world – definitely! 10:48 – Guest: Yeah in 2015/2016 is when I picked up JavaScript again. It was b/c around that time we were expecting our first child and that’s where we wanted to be to raise her. Guest: We use webpack.js now. It opened my eyes to see how powerful JavaScript is! 12:10 – Chuck talks about Node.js. 12:21 – Guest: Even today, I got into AWS Cognito! 13:45 – Chuck: You say that your problems are unique – and from the business end I want something that I can resolve quickly. Your solution sounds good. I don’t like messing around with the headaches from Node and others. 14:22 – Guest: Yeah that’s the biggest selling point that I’ve had. 15:47 – Chuck: How did you get into serverless? 15:49 – Guest: Funny experience. I am not the expert and I only write the backend stuff. Guest: At the time, we wanted to improve the reliability of the machine and the site itself. He said to try serverless.com. At the time I wasn’t impressed but then when he suggested it – I took the recommendation more seriously. My company that I work for now... 17:39 – Chuck: What else are you working on? 17:45 – Guest: Some local projects – dining service that refunds you. You pay for a subscription, but find a cheaper way to spend money when you are eating out. It’s called: GOING OUT. Guest: My 3-year-old daughter and my wife is expecting our second child. 18:56 – Chuck and Gareth talk about family and their children. 22:17 – Chuck: Picks! 22:29 – Advertisement – Fresh Books! 30-Day Trial! END – Cache Fly Links: React Angular JavaScript Webpack.js Serverless jQuery Node AWS Cognito Gareth’s Website Gareth’s GitHub Gareth’s Twitter Sponsors: Cache Fly Get A Coder Job Fresh Books Picks: Charles Max Wood Podcasts: MFCEO Project & Gary Vaynerchuk Pokémon Go! Gareth McCumskey Serverless.com Ingress Prime

Panel: Charles Max Wood Guest: Gareth McCumskey This week on My JavaScript Story, Charles talks with Gareth McCumskey who is a senior web developer for RunwaySale! They talk about Gareth’s background, current projects and his family. Check out today’s episode to hear all about it and much more! In particular, we dive pretty deep on: 0:00 – Advertisement: Get A Coder Job! 0:53 – Chuck: Hey everyone! Welcome! We are talking today with Gareth McCumseky! 1:05 – Gareth: Hi! 1:22 – Chuck: Are you from Cape Town, Africa? (Guest: Yes!) 1:35 – Gareth and Chuck talk about his name, Gareth, and why it’s popular.  1:49 – Chuck: I am in my late 40’s. You were here for JSJ’s Episode 291! It’s still a hot topic and probably should revisit that topic. 2:20 – Guest: Yes! 2:30 – Chuck: It’s interesting. We had a long talk about it and people should go listen to it! 2:45 – Guest: I am a backend developer for the most part. 3:03 – Chuck: Yeah I started off as an ops guy. It probably hurt me. 3:21 – Guest: Yeah, if you poke it a certain way. 3:29 – Chuck: Let’s talk about YOU! How did you get into programming? 3:39 – Guest: South Africa is a different culture to grow-up in vs. U.S. and other places. I remember the computer that my father had back in the day. He led me drive his car about 1km away and I was about 11 years old. We would take home the computer from his office – played around with it during the weekend – and put it back into his office Monday morning. This was way before the Internet. I was fiddling with it for sure. The guest talks about BASIC. 6:20 – Chuck: How did you transfer from building BASIC apps to JavaScript apps? 6:30 – Guest: Yeah that’s a good story. When I was 19 years old...I went to college and studied geology and tried to run an IT business on the side. I started to build things for HTML and CSS and build things for the Web. The guest goes into-detail about his background! 9:26 – Chuck: Yeah, jQuery was so awesome! 9:34 – Guest: Yeah today I am working on an app that uses jQuery! You get used to it, and it’s pretty powerful (jQuery) for what it is/what it does! It has neat tricks. 10:11 – Chuck: I’ve started a site with it b/c it was easy. 10:19 – Guest: Sometimes you don’t need the full out thing. Maybe you just need to load a page here and there, and that’s it. 10:39 – Chuck: It’s a different world – definitely! 10:48 – Guest: Yeah in 2015/2016 is when I picked up JavaScript again. It was b/c around that time we were expecting our first child and that’s where we wanted to be to raise her. Guest: We use webpack.js now. It opened my eyes to see how powerful JavaScript is! 12:10 – Chuck talks about Node.js. 12:21 – Guest: Even today, I got into AWS Cognito! 13:45 – Chuck: You say that your problems are unique – and from the business end I want something that I can resolve quickly. Your solution sounds good. I don’t like messing around with the headaches from Node and others. 14:22 – Guest: Yeah that’s the biggest selling point that I’ve had. 15:47 – Chuck: How did you get into serverless? 15:49 – Guest: Funny experience. I am not the expert and I only write the backend stuff. Guest: At the time, we wanted to improve the reliability of the machine and the site itself. He said to try serverless.com. At the time I wasn’t impressed but then when he suggested it – I took the recommendation more seriously. My company that I work for now... 17:39 – Chuck: What else are you working on? 17:45 – Guest: Some local projects – dining service that refunds you. You pay for a subscription, but find a cheaper way to spend money when you are eating out. It’s called: GOING OUT. Guest: My 3-year-old daughter and my wife is expecting our second child. 18:56 – Chuck and Gareth talk about family and their children. 22:17 – Chuck: Picks! 22:29 – Advertisement – Fresh Books! 30-Day Trial! END – Cache Fly Links: React Angular JavaScript Webpack.js Serverless jQuery Node AWS Cognito Gareth’s Website Gareth’s GitHub Gareth’s Twitter Sponsors: Cache Fly Get A Coder Job Fresh Books Picks: Charles Max Wood Podcasts: MFCEO Project & Gary Vaynerchuk Pokémon Go! Gareth McCumskey Serverless.com Ingress Prime

Panel: Charles Max Wood Guest: Gareth McCumskey This week on My JavaScript Story, Charles talks with Gareth McCumskey who is a senior web developer for RunwaySale! They talk about Gareth’s background, current projects and his family. Check out today’s episode to hear all about it and much more! In particular, we dive pretty deep on: 0:00 – Advertisement: Get A Coder Job! 0:53 – Chuck: Hey everyone! Welcome! We are talking today with Gareth McCumseky! 1:05 – Gareth: Hi! 1:22 – Chuck: Are you from Cape Town, Africa? (Guest: Yes!) 1:35 – Gareth and Chuck talk about his name, Gareth, and why it’s popular.  1:49 – Chuck: I am in my late 40’s. You were here for JSJ’s Episode 291! It’s still a hot topic and probably should revisit that topic. 2:20 – Guest: Yes! 2:30 – Chuck: It’s interesting. We had a long talk about it and people should go listen to it! 2:45 – Guest: I am a backend developer for the most part. 3:03 – Chuck: Yeah I started off as an ops guy. It probably hurt me. 3:21 – Guest: Yeah, if you poke it a certain way. 3:29 – Chuck: Let’s talk about YOU! How did you get into programming? 3:39 – Guest: South Africa is a different culture to grow-up in vs. U.S. and other places. I remember the computer that my father had back in the day. He led me drive his car about 1km away and I was about 11 years old. We would take home the computer from his office – played around with it during the weekend – and put it back into his office Monday morning. This was way before the Internet. I was fiddling with it for sure. The guest talks about BASIC. 6:20 – Chuck: How did you transfer from building BASIC apps to JavaScript apps? 6:30 – Guest: Yeah that’s a good story. When I was 19 years old...I went to college and studied geology and tried to run an IT business on the side. I started to build things for HTML and CSS and build things for the Web. The guest goes into-detail about his background! 9:26 – Chuck: Yeah, jQuery was so awesome! 9:34 – Guest: Yeah today I am working on an app that uses jQuery! You get used to it, and it’s pretty powerful (jQuery) for what it is/what it does! It has neat tricks. 10:11 – Chuck: I’ve started a site with it b/c it was easy. 10:19 – Guest: Sometimes you don’t need the full out thing. Maybe you just need to load a page here and there, and that’s it. 10:39 – Chuck: It’s a different world – definitely! 10:48 – Guest: Yeah in 2015/2016 is when I picked up JavaScript again. It was b/c around that time we were expecting our first child and that’s where we wanted to be to raise her. Guest: We use webpack.js now. It opened my eyes to see how powerful JavaScript is! 12:10 – Chuck talks about Node.js. 12:21 – Guest: Even today, I got into AWS Cognito! 13:45 – Chuck: You say that your problems are unique – and from the business end I want something that I can resolve quickly. Your solution sounds good. I don’t like messing around with the headaches from Node and others. 14:22 – Guest: Yeah that’s the biggest selling point that I’ve had. 15:47 – Chuck: How did you get into serverless? 15:49 – Guest: Funny experience. I am not the expert and I only write the backend stuff. Guest: At the time, we wanted to improve the reliability of the machine and the site itself. He said to try serverless.com. At the time I wasn’t impressed but then when he suggested it – I took the recommendation more seriously. My company that I work for now... 17:39 – Chuck: What else are you working on? 17:45 – Guest: Some local projects – dining service that refunds you. You pay for a subscription, but find a cheaper way to spend money when you are eating out. It’s called: GOING OUT. Guest: My 3-year-old daughter and my wife is expecting our second child. 18:56 – Chuck and Gareth talk about family and their children. 22:17 – Chuck: Picks! 22:29 – Advertisement – Fresh Books! 30-Day Trial! END – Cache Fly Links: React Angular JavaScript Webpack.js Serverless jQuery Node AWS Cognito Gareth’s Website Gareth’s GitHub Gareth’s Twitter Sponsors: Cache Fly Get A Coder Job Fresh Books Picks: Charles Max Wood Podcasts: MFCEO Project & Gary Vaynerchuk Pokémon Go! Gareth McCumskey Serverless.com Ingress Prime

One of the biggest problems in the mobile application industry is optimizing the user on-boarding process. For most applications, you can't really monetize your app until a user has signed up. But implementing and managing all of the complex machinery needed to create a user identity and access systems is time consuming and not your core competency. App developers can save time, money, and effort by using AWS Cognito for on-boarding users and managing their identity, authorization, authentication, and resource access policies. Amazon Cognito: https://aws.amazon.com/cognito/