Ijeoma Ezeonyebuchi works as a Mobile Quality Assurance Engineer at NPR validating mobile applications and the backend services that power them. She currently works across multiple mobile platforms(Android/iOS) to improve manual and continuous testing practices for mobile applications such as NPR One and NPR app. She is very passionate about the “read one teach one” philosophy and you can often find her mentoring women in tech as a Java/Android Lab Lead for Women Who Code DC or volunteering in and around the Washington, DC area. For fun, you can find her spending time with those she cares for most(family and friends) and learning guitar.
Where do you work, what is your current role?
I currently work at NPR as a Test Engineer.
How do you use PHP professionally?
Professionally I’ve worked on testing many services built in PHP used in mobile applications. Additionally, I have used PHP when working with WordPress while volunteering as webmaster for a non-profit called Express Igbo, a non-profit organization that seeks to increase the number of Igbo speakers.
How and when did you get involved speaking or writing in the community?
I began speaking more widely at conferences last year.
What’s your best conference memory?
This is a hard one, way too many to count so I’ll mention the most impactful one which occurred at All Things Open(2018). After speaking at a diversity and inclusion panel, I had someone come up to me and share how they really related to the experiences I shared and how it impacted them personally. My real hope when I speak at conferences is to share knowledge and empower others, knowing I made an impact to this person is an experience I will never forget.
What advice do you have for someone going to their first conference?
Attend many sessions but don’t overdo it, meet cool people, and take it all in.
What’s your primary OS: Windows, Mac, or Linux?
Why is a security mindset important to programmers? Can’t operations handle it?
“With great power comes great responsibility.” What we build is for others, and we need to make sure it’s secure not only so our systems are safe, but so we can also create user trust.
What’s one thing people can do today to write more secure apps?
Focus on negative testing. That is testing uncommon user paths to discover hidden vulnerabilities.
What is a new or understated threat web developers should be aware of?
Use of external libraries and tools, open source is great but what even greater is ensuring that using existing software doesn’t expose your software to risks is even better.
How do you sharpen your web security skills beyond work?
In two main ways. First by educating myself on the tools out there and secondly by listening to what users say about using apps and why they won’t use them its sometimes best to take a high-level view to determine low-level problems.
OWASP 201 – Request-Based SecurityMORE INFO
OWASP 301 – Infrastructure-Based SecurityMORE INFO
Access Control & AuthorizationMORE INFO
Cryptography 101 – Introduction to CryptographyMORE INFO
Cryptography 201 – Algorithms and AnalysisMORE INFO
Fortifying Your Defenses with Threat ModelingMORE INFO
Federated Identity: OAuth, SAML, FIDO & MoreMORE INFO
Biometrics: Risks & DangersMORE INFO
Password-Based Authentication StrategiesMORE INFO
At-Rest Encryption for Complete Data ProtectionMORE INFO
Mobile PermissionsMORE INFO
Third Party Application AccessMORE INFO
Servers: Configure, Harden & ManageMORE INFO