Best of Security — February 2024
- 1
- 2
Bits and Pieces·2y
Best-Practices for API Authorization
API authorization is crucial for securing digital assets and maintaining user trust. Best practices include using token-based authorization with JWT, implementing fine-grained access control, securing API Gateway configuration, and encrypting sensitive data in transit and at rest.
- 3
- 4
- 5
- 6
Snyk·2y
5 Node.js security code snippets every backend developer should know
Learn about essential Node.js security code snippets, including using the Node.js Permissions Model, implementing input validation with Fastify JSON schema, securing password hashing with Bcrypt, preventing SQL injection attacks with Knex.js, and implementing rate limiting with fastify-rate-limit.
- 7
- 8
InfoSec Write-ups·2y
Securing the Frontend: A Practical Guide for Developers
This post explores the relationship between frontend development and cybersecurity. It discusses the cybersecurity threats in the frontend, best practices for secure frontend development, and strategies for integrating security into the user experience. Real-world case studies from Google, GitHub, Facebook, Stripe, and Slack are also presented.
- 9
- 10
- 11
Medium·2y
Modern Android Development in 2024
This post discusses various topics related to modern Android development in 2024, including the use of Kotlin, key features of Jetpack Compose, architecture patterns, dependency injection, modularization, testing, in-app updates and reviews, security, loggers, Google Play Instant, AI coding assistants, and Kotlin Multiplatform.
- 12
Developer Tech·2y
Apple is killing web apps in the EU
Apple is discontinuing support for web apps in the EU, raising concerns among developers and users alike. The decision is attributed to the complexities of aligning web apps with the requirements of the Digital Markets Act (DMA). Apple defends its stance by highlighting the security and privacy framework of iOS's native apps.
- 13
DEV·2y
🔒Securing Web: A Deep Dive into Content Security Policy (CSP)
Content Security Policy (CSP) is a security feature that protects websites by setting rules for loading external resources. It helps prevent attacks like Cross-Site Scripting (XSS) and data theft. This post explains the importance of CSP, its directives, and how to implement it in web applications.
- 14
Community Picks·2y
Security layer for developers
Next.js developers can easily add a security layer to their apps with just a few lines of code. The security layer provides features such as rate limiting, bot protection, and email verification. It can be tested locally and works with platforms like Vercel and Netlify.
- 15
GitGuardian·2y
Top Secrets Management Tools for 2024
This post discusses the importance of secrets management in software development and provides a list of top secrets management tools. It covers the main elements of secrets management, what to look for in a secrets management tool, and highlights several popular tools in the market.
- 16
10 GitHub Security Best Practices
Learn how to improve GitHub security with best practices including enabling 2FA, limiting access to repositories, avoiding storing credentials in code, scanning for vulnerabilities with Snyk, using branch protection rules, rotating SSH tokens and personal keys, automatically updating dependencies, using private repositories for sensitive data, and making smart choices about GitHub apps.
- 17
- 18
iOS 17.4 Update Ends PWA Support in the European Union
The latest iOS 17.4 update removed Progressive Web App (PWA) support in the European Union due to security challenges and compliance with the Digital Markets Act (DMA). Web apps can still be used through bookmarks on the Home Screen but will lack certain functionalities like offline support and notifications.
- 19
- 20
Cerbos·2y
Top 5 identity & access management (IAM) tools for 2024
Explore the top IAM tools for 2024 and how they enhance security and manage user access. Learn about the challenges and benefits of implementing IAM solutions and integrating Cerbos with IAM tools. Discover the potential impact of AI, machine learning, and blockchain on IAM. Stay informed about the latest trends in IAM and learn about Cerbos Hub, a robust authorization management system. Sign up for Cerbos Hub and book a free Policy Workshop with Cerbos.
- 21
- 22
- 23
GitHub Blog·2y
Build code security skills with the GitHub Secure Code Game
The Secure Code Game is a gamified learning experience that helps developers improve their code security skills. It allows players to fix vulnerable code and progress to the next level by running tests. The game is designed to be developer-first and can be accessed through GitHub Codespaces. It addresses pain points in secure coding training and offers personalized challenges based on programming languages and frameworks.
- 24
- 25
Theo - t3․gg·2yMicrosoft Added Sudo To Windows (And I Love It)
Microsoft has added a 'sudo' command to Windows 11, which is widely used on Unix-based operating systems like Linux and Mac OS. This command allows developers to run programs with higher security privileges or as another user. It is seen as a positive development for the developer experience on Windows.
