Best of Security — December 2022
- 1
- 2
Spacelift·3y
The Most Comprehensive List of DevOps Tools for 2023
The Most Comprehensive List of DevOps Tools for 2023 gathers some of the most useful and commonly used DevOps tools and technologies. Git Git is the most commonly used distributed version control system and is the clear winner in this space. GitHub GitHub is the default and most broadly used code repository management system.
- 3
DEV·3y
DevOps Trends for Developers in 2023
The year 2022 saw a huge momentum in the topics such as AI/ML, automation, security, etc. DevOps practices are constantly evolving, and it is our job to keep an eye on what to focus on in the coming year. Let us see those trends and how they will impact developers and organizations.
- 4
Web Security 101 - Part 1: Secrets
There are ways to expose environment variables to front-end code in the browser. There are packages like dotenv that allow you to configure environment variables in files. You can configure them when you host a site using a platform like Heroku or Netlify. You can also set them in your terminal environment manually.
- 5
DZone·3y
10 Best Practices to Launch APIs
The guide can help launch successful APIs while gauging the potential issues and keeping things on track. Join the DZone community and get the full member experience. Join For Free Application programming interfaces or APIs are becoming ubiquitous in the digital world. The Global API management market is estimated to reach 41.5 billion by the end of 2030.
- 6
Community Picks·3y
How JWTs Could Be Dangerous and Its Alternatives
JWTs are the most popularly used tokens for web authentication and managing user sessions in modern-day software applications. They are a standardized format for securely transferring cryptographically signed data across systems. JWTs can make websites vulnerable to a variety of high-security threats and attacks if not managed properly.
- 7
GitGuardian·3y
Infrastructure as Code Security [Security Zines]
IaC allows organizations to define and manage their infrastructure using code, rather than manually configuring resources. This can greatly improve efficiency, automation, and consistency in managing infrastructure. It also introduces new security risks if not properly implemented and managed. This article looks at how we can keep our infrastructure as code secure.
- 8
Golang News·3y
A Golang based SQL console for API queries
The Steampipe community has grown a suite of plugins that map APIs to tables. The interactive query shell is one way you can query those tables. You can run queries on the command line and include them in scripts. Other commands run benchmarks, launch Steampipes as a service, and start the dashboard server.
- 9
The New Stack·3y
GitHub Now Enables You to Find and Fix Code for Free
GitHub's Secret scanning partner program will let you scan for your secrets in your code for free. In 2022 to date, GitHub notified its partners of over 1.7 million potential secrets exposed in public repositories. The service is only available to GitHub Enterprise customers.
- 10
freeCodeCamp·3y
How to Speed up Your Software Development Pipeline
The most important thing a development manager can do to keep work flowing smoothly through their team's work pipeline is to create a detailed roadmap for every project before work begins. It's always better to clear the road ahead before getting to work if you want to keep a software project moving forward at a high rate of speed.
- 11
Cisco·3y
Tech Trends and Predictions That Will Shape 2023
The digital economy is the new tech green space. Nearly 8 out of every ten companies have experienced at least one cloud data breach. The transition to net-zero will be as disruptive as the industrial revolution. Businesses need to separate the trends from the hype to capture competitive value.
- 12
Thinking Like a Hacker: Finding Leaked Code on GitHub
Poor Corp's security team received an email that was sent to all of their publicly listed email addresses. The email contained a vague message stating that the sender had found a security vulnerability and needed Poor Corp to reach out to them immediately. Poor Corp’s security team was confused, but they had locked down their policy to not allow public repositories.
- 13
Stream·3y
How To Build a Fintech App in 8 Steps
The type of app you build will impact every aspect of the project, from who leads development to the features and interface users interact with. Personal banking and insurance apps are two of the most expensive, complex, and time-consuming apps to develop. Conduct market research by checking for recent articles from industry publications to keep up with changing trends.
- 14
InfoSec Write-ups·3y
The Big Danger With Laravel ( .env file )
The file in Laravel is a configuration file that contains sensitive information such as database credentials and API keys. It is important to keep this file secure and out of reach of unauthorized users. One potential security vulnerability with the file is that it is not included in the version control system (e.g. Git) by default.
- 15
GitHub Blog·3y
Increase developer productivity, save time on developer onboarding, and drive ROI in 2023
Forrester Consulting commissioned a Total Economic Impact™ study to examine the potential return on investment (ROI) businesses can gain by using GitHub. Over three years, using GitHub drove 433% ROI for the organization simply with the combined power of all GitHub’s enterprise products.
- 16
The Hacker News·3y
GitHub Announces Free Secret Scanning for All Public Repositories
GitHub Announces Free Secret Scanning for all public repositories on the code hosting platform for free. Secret scanning is designed to examine repositories for access tokens, private keys, credentials, API keys, and other secrets. It's expected to complete the rollout by the end of January 2023.
- 17
- 18
Top 5 Web App Vulnerabilities and How to Find Them
Web application attacks are involved in 26% of all breaches, and app security is a concern for enterprises. The size of a startup does not exempt it from cyber-attacks – that's because hackers constantly scan the internet looking for flaws. It takes many years to build a reputation as a startup – and this can be ruined overnight with a single flaw.
- 19
What Rust Brings to Frontend and Web Development
The year 2022 may well have been the year of Rust, with its introduction into the Linux Kernel. But should frontend/web developers concern themselves with this popular language in 2023? It depends on what you need to do. It can also be coupled with WebAssembly to deliver a fast, secure app at the edge.
- 20
The Register·3y
LastPass admits attackers copied password vaults
LastPass admits attackers copied password vaults in August 2022 attack on its systems. The Register LastPass admitted attackers have a copy of customers’ passwords. LastPass is confident that the files copied from its cloud will resist brute force attempts to crack the master password.
- 21
GitLab·3y
Top 10 technical articles of 2022
With 2022 coming to a close, we wanted to ensure everyone gets one more chance to explore our top 10 technical blog posts of the year. The ultimate to GitLab 10 will get the most of choosing the right pipelines for the job. How to troubleshoot a GitLab pipeline failure is more frustrating than that red X.
- 22
Flutter Programming and Security Vulnerabilities
Flutter is an open-source mobile application development framework created by Google. It is used to build natively compiled applications for mobile, web, and desktop from a single codebase. As with any software, it is important to keep Flutter up to date in order to address any vulnerabilities.
- 23
Snyk·3y
5 “no experience needed” tips for building secure applications
Developers don't need to be security experts to build secure apps — they just need the right tools. Snyk is a security tool created specifically for developers. Use static code analysis to find and fix security vulnerabilities in the code you write and the dependencies you use.
- 24
5 Software Security Goals All CTOs Should Prioritize
When software is developed with security gaps, there is a risk that it can be exploited by cyberattacks. A design with a good separation of concerns will perform well, keep the application security code simple and ensure that security behavior is easy to extend. A zero trust architecture should be used to protect against both external and internal threats.
- 25
7 DevOps Best Security Practices
The ability to ship software at speed has become imperative to stay competitive in today’s ever-evolving digital world. DevOps has enabled IT businesses to embrace speed by seamlessly collaborating with developers and operations teams. Security teams often considered security as an infrastructural component rather than an application design element.
