Best of Security — May 2024

1
Article
DEV·2y
SSL in localhost takes 5 seconds now.
Setting up SSL for localhost traditionally requires tedious manual configurations and repetitive steps. However, Ophiuchi simplifies the process by automatically generating certificates, updating the hosts file, providing an integrated web server, and ensuring instant trust. It saves time and allows developers to focus on building great software.
2.4K
123
2
Article
Community Picks·2y
JavaScript Security: Simple Practices to Secure Your Frontend
Learn simple practices to secure your frontend JavaScript code, including keeping dependencies up-to-date, using security headers, and sanitizing user input.
766
31
3
Article
DEV·2y
Top Programming Blogs to Read in 2024
Discover top programming blogs to read in 2024 and immerse yourself in the coding culture. Stay informed about the latest developments and technologies in the industry with these resources.
459
11
4
Article
DEV·2y
Why You Should Self-Host Everything
Take back control of your digital life by self-hosting everything. Enjoy privacy, control, flexibility, and financial benefits. Compare the cost of self-hosting with cloud services.
428
32
5
Article
Javarevisited·2y
6 Best Cybersecurity Courses for Beginners and Experienced in 2024
Discover the best cybersecurity courses on Udemy for beginners and experienced individuals in 2024. These courses cover topics like cyber security, ethical hacking, network security, and information security.
337
5
6
Article
Community Picks·2y
Docker vs Podman: A New Era in Secure Orchestration
Explore the differences between Docker and Podman in terms of secure orchestration and enhanced security.
275
6
7
Article
System Design Codex·2y
How LinkedIn Authorizes 10 Million API Calls Per Second
LinkedIn utilizes Access Control Lists (ACLs) to manage access control at scale, facing challenges such as quick authorization checks, prompt ACL changes delivery, managing a large number of ACLs, and monitoring ACL data. They handle these challenges by running an authorization client module on every service, periodically refreshing ACL data, storing ACLs in a database with a cache, and logging authorization checks for monitoring purposes.
235
2
8
Article
Lobsters·2y
Your API Shouldn't Redirect HTTP to HTTPS
This post argues that APIs should not redirect HTTP to HTTPS due to the downsides and potential security risks involved. It highlights the importance of a fail-fast approach for unencrypted API calls and suggests disabling the HTTP interface or returning clear error responses for unencrypted requests. The post also mentions popular APIs that either redirect or respond with plaintext, and suggests amending best practices to explicitly recommend against redirecting HTTP to HTTPS for APIs.
111
4
9
Article
Community Picks·2y
Stop Recommending JWTs (with symmetric keys) ◆ Truffle Security Co.
This post discusses the issues with using symmetric key JWTs, including the high percentage of guessable keys and the risk of undermining authentication and authorization security.
104
12
10
Article
Towards Dev·2y
JWT attacks
JWT attacks can allow attackers to modify tokens and escalate privileges or impersonate users. These attacks can be prevented by using strong algorithms, verifying signatures, validating claims, and implementing proper security measures.
63
1
11
Article
Community Picks·2y
Sudo for Windows
Sudo for Windows is not yet available for Windows 10, but may be in the future. It can be enabled through the Settings menu, and offers three different configuration options. Users can prepend 'sudo' to a command to run it as an administrator. Security considerations include risks associated with the different configurations.
52
2
12
Article
Product Hunt·2y
EchoDuck - Share files privately from anywhere
EchoDuck is a file sharing platform that allows users to share files privately and securely from anywhere. It has various features and prioritizes data security.
51
2
13
Article
Node.js developers·2y
Awesome Node.js Security resources
A collection of Node.js security resources available on the 'awesome-nodejs-security' GitHub repository.
49
3
14
Article
Community Picks·2y
jassics/awesome-aws-security: Curated list of links, references, books videos, tutorials (Free or Paid), Exploit, CTFs, Hacking Practices etc. which are related to AWS Security
A curated list of links, books, videos, tutorials, and tools related to AWS Security.
38
15
Article
InfoSec Write-ups·2y
How I Got My First Bounty: The Exciting Story of My Bug Bounty Breakthrough
Learn how the author achieved their first bug bounty by discovering a GraphQL API key leak and cache poisoning vulnerability.
37
16
Article
Javarevisited·2y
The 2024 Cyber Security Analyst RoadMap
A comprehensive roadmap to becoming a Cyber Security Analyst in 2024. Covers key skills, tools, and knowledge areas. Recommended courses for learning Python, computer networking, and cloud security.
37
1
17
Article
Security Boulevard·2y
Danile Stori’s ‘Vulnerable Code’
A blog post by Danile Stori titled 'Vulnerable Code'
34
1
18
Video
ThePrimeTime·2y
Private EMPTY S3 Bucket COST ME $1300
Discover how an empty private S3 bucket can cause a skyrocketing AWS bill, due to unauthorized requests from third parties and misconfigurations of an open-source tool. Learn about the potential risks and security measures to prevent such incidents.
33
1
19
Article
Lobsters·2y
Why, after 6 years, I’m over GraphQL
The author explains why they no longer recommend GraphQL due to security risks, performance issues, coupling, complexity, and more. They suggest considering an OpenAPI-compliant JSON REST API as an alternative.
32
20
Article
InfoSec Write-ups·2y
All About API Security Pentesting
This post discusses API security pentesting and the steps involved, including understanding the scope and attack surface, information gathering, and attacking. It also provides a summary of the OWASP API Top 10 - 2023 Security Risks.
31
21
Article
Medium·2y
Obfuscation in Flutter and Dart: Mysterious codes
Learn how to do Flutter and Dart Obfuscation, a process of making code unreadable to increase security and protect intellectual property. Enable obfuscation in Flutter and Dart projects for enhanced security.
31
22
Article
freeCodeCamp·2y
How to Implement an OAuth2 Resource Server with Spring Security
Learn how to implement an OAuth2 resource server with Spring Security. Secure your APIs using OAuth2 and access tokens. Set up a Spring Boot application, configure web security, and extract user details from the access token.
30
1
23
Article
System Design Codex·2y
Stateless Architecture - What's the Deal?
Learn about stateless architecture and its advantages, including scalability and easier deployment. Discover techniques for building stateless services and externalizing state, as well as the challenges that come with it.
26
24
Article
Hacker News·2y
Google for Developers
Cobalt is a high-performance, small-footprint platform that implements a subset of HTML5/CSS/JS for running applications. It is efficient, secure, and supports cross-platform development.
25
25
Article
Cerbos·2y
The technical complexities of decoupled authorization
Decoupling authorization from the main application code can improve scalability, maintenance, and integration. However, it introduces technical complexities such as integration challenges, user account management, authorization checks for resource lists, security weaknesses, and performance bottlenecks. By following best practices, using standard protocols, and considering dedicated authorization platforms, these complexities can be mitigated.
24
6

See all Security archives