Community Picks·4yPlease Stop Using Local Storage
Local storage is just one big old JavaScript object that you can attach data to (or remove data from) Local storage provides at least 5MB of data storage across all major web browsers. This is a fairly low limit for people building apps that are data intensive or need to function offline. If the app you're using doesn't fit the above description: don't use local storage.
asayer·4y11 Authentication Mistakes and how to fix them
When authenticating a form on your web application, you must be careful not to display just one error message. Displaying a specific error message is dangerous because it could let an attacker use an automated trial-and-error method to determine a user’s username and password. Injection attacks, memory leaks, and compromised systems can occur if data provided in form input is not properly checked. All of the libraries I recommend for validation.
Community Picks·4yWhy You Should Choose NestJS as Your Backend Framework
Open-source NestJS is an open-source project with 47,000 stars on GitHub. The framework needs to be fast and able to handle concurrent requests at scale. NestJS’s built-in modules system naturally results in a neat separation of concerns.
System Weakness·4yHacking for Beginners: Exploiting Open Ports
Metasploit is an easy-to-use tool that has a database of exploits which you can easily query. The next step is to try and exploit some open ports on one of Hack the Box’s machines. The vulnerability allows an unauthenticated user to view private or draft posts due to an issue within WP_Query.
Community Picks·4yWebhooks.fyi
Webhooks are the foundation of modern API development. They enable us to react to changes in our systems, an incoming text message, a successful payment, or that latest pull request no matter our stack. We have many webhooks to document, patterns to uncover, and best practices to highlight.
Red Hat Developer·4y8 elements of securing Node.js applications
Security practices apply to both the code itself and your software development process. Validate user input Unvalidated input can result in attacks such as command injection, SQL injection, and denial of service, disrupting your service and corrupting data.
freeCodeCamp·4yHTTP vs HTTPS – What's the Difference?
HTTPS makes a secure connection by using a secure protocol that encrypts your data. For most websites, the best way to have HTTPS is by getting an SSL (Secure Sockets Layer) Certificate or a TLS (Transport Layer Security) certificate. When encrpytion and decryption happens in HTTPS, it becomes heavier.
The New Stack·4yWhere Can Heroku Free Tier Users Go?
Salesforce Heroku announced it will cease to support the free tier for Heroku Dynos, Postgres and Data for Redis. The company also laid out its product roadmap plans, which some skeptics viewed as lackluster and a sign that Salesforce is sunsetting Heroku.
Geekflare·4y12 Best Frameworks and Toolkits to Build Desktop Applications
Tauri 1.0 uses the Rust programming language, which has become rapidly popular as a language for building next-generation applications. Tauri has a dedicated team that works on security patches regularly to make the platform capable of resisting sophisticated cyber threats.
InfoSec Write-ups·4ySmart contract security best practices: PART 1
Smart contracts are pieces of code that run on the blockchain and handle millions of dollars. A simple flaw could result in the loss of a million dollars. To avoid this, we will learn about security best practices today. Let’s have a look at the fixed code.
gitconnected·4y5 Tips To Design For Multi-Tenancy Architecture
Multi-Tenancy Architecture refers to a system which allows multiple instances of an application operate in a shared environment. Features built need to be generic and extensible for all tenants. Design needs to include mandatory tenantId attribute in all requests. Customizations should be introduced as configuration options that are available to all tenants.
Permit.io·4yThe four mistakes you make building permissions
Developers often overuse JWTs, sometimes going as far as storing all the routes that a user should access within them. Mixing the authentication and authorization layers messes up our code. The best way to avoid this is to have the JWT only include the claims and scopes for the user's identity and their relationship within the organization and keep all other authorization-related information.
DevBlogs·4y.NET 6 is now in Ubuntu 22.04
.NET 6 is now in Ubuntu 22.04 (Jammy) and can be installed with just apt install dotnet6.NET in Chiseled Ubuntu Containers.NET delivers the smallest container footprint while still being the Ubuntu you know and trust.NET is similar to conventional distroless, with a tool that is customized for slicing.deb packages. The images will be offered in our nightly repos.
System Weakness·4yCross-Site Scripting (XSS) Attacks
Cross-Site Scripting (XSS) is a common security vulnerability that is more prevalent in web applications. It’s estimated that more than 60% of web applications are susceptible to XSS attacks. As a result, the dangerous code will be presented to the victim anytime they perform a desired action on the corrupted web page. The persistent cross-site scripting attack takes place just like the non-persistent attack.
The Register·4yLastPass source code, blueprints stolen by intruder
password manager maker says someone broke into one of its developer's accounts, stole source code and documents. LastPass insists that its users' passwords are still safe, and the contents of people's vaults are also untouched. The software house says it has contained the security breach, taken steps to prevent it happening again.
Hacker News·4yHackerNews/API: Documentation and Samples for the Official HN API
The v0 API is essentially a dump of our in-memory data structures. It's possible to implement most of HN using it, but it's the one we could release in the time we had. Justin.tv is the biggest live video site online. We serve hundreds of thousands of video streams a day, and have supported up to 50k live concurrent viewers. We just added a 10 gbps line to our colo.
