The Dev Craft·52wI built this Chrome Extension, roast me.
Introducing Entropy, a Chrome extension designed to automatically hide secrets and personally identifiable information (PII) from your screen during screen sharing. This feature addresses security concerns around information leaks. The creator welcomes feedback and ideas for improvement.
Troy Hunt·1yHave I Been Pwned 2.0 is Now Live!
The revamped Have I Been Pwned website has been launched, introducing new features, improved search functionality, and a dedicated breach page with targeted advice. Email verification is enhanced, domain search is refined, and a new central dashboard consolidates user features. The site maintains the same API while adopting modern web technologies for better performance. A merch store is also available as part of the new offerings.
Dev Tools·1yShe Shared Her Screen… and Her AWS Secret (Yes, she's a FANG)
A senior engineer accidentally exposed her AWS credentials during a Zoom meeting, highlighting the risks of screen sharing without adequate safeguards. The post discusses the widespread issue of accidentally sharing sensitive information and introduces Entropy, a Chrome extension that detects and redacts secrets and PII in real-time. Entropy aims to prevent such leaks by securing data during screen sharing and is customizable for different security needs.
WebCraft·1yThe Backend-for-Frontend (BFF) Pattern: Secure Auth Done Right
The Backend-for-Frontend (BFF) pattern addresses security risks in web applications by storing JWTs server-side in Redis, eliminating exposure to XSS attacks and enhancing session management. This pattern is particularly suited to SPAs and mobile apps, offering improved scalability and user experience with silent token refreshes and instant logouts.
ByteByteGo·1yEP161: A Cheatsheet on REST API Design Best Practices
REST API design involves best practices such as using resource-oriented paths, applying HTTP verbs properly, maintaining API versioning, and utilizing standard error codes. Ensuring APIs are idempotent and supporting pagination can enhance performance and reliability. Security measures like using API Keys, JWTs, OAuth2, and HTTPS are crucial for protecting APIs in production.
.NET Blog·1yWhy we built our startup in C#
Tracebit chose C# for building their B2B SaaS security product due to its productivity, cross-platform capabilities, popularity, rich standard library, expressive language features, and excellent tooling. Despite its reputation as a stable language without much buzz in the startup community, C# provides advantages such as a large talent pool, quality libraries, robust documentation, and fewer unexpected roadblocks. Its performance and open-source nature further enhance value for startups looking for a solid development foundation.
Microservices.io·52wAuthentication and authorization in a microservice architecture: Part 2 - Authentication
Implementing authentication in a microservice architecture can be complex and error-prone. The API Gateway serves as a central point for handling authentication, delegating the process to an identity and access management service for enhanced security. OAuth 2.0 and OpenID Connect protocols are commonly used, with tokens like JWTs facilitating secure communication between client requests and backend services.
Lobsters·1yPostman is logging all your secrets and environment variables
Postman has been found to log secret strings and environment variables, compromising user privacy. Despite claims of protecting sensitive data, the app sends unmasked variables to its servers, posing risks especially for healthcare applications. Users are advised to block Postman's analytics endpoints to prevent data leakage.
ByteByteGo·1yEP164: JWT Simply Explained
JSON Web Tokens (JWT) provide a secure method for transmitting information between parties using an open standard. They are primarily used for authentication and authorization. A JWT comprises a header, payload, and signature, with two signature types: symmetric and asymmetric, based on the use of secret and public keys. JWTs are integral to modern web applications, ensuring secure data exchange.
freeCodeCamp·1yHow to improve your code quality with SonarQube
SonarQube is an open-source tool that enhances code quality and security by analyzing codebases for issues such as duplication, bugs, and vulnerabilities. It can be integrated with CI/CD pipelines, IDEs, and version control systems, providing detailed dashboards and supporting many programming languages. The tutorial includes steps for installing, configuring, and running your first code analysis using SonarScanner, making SonarQube a vital addition for maintaining clean and maintainable code.
freeCodeCamp·1yTop Ways Hackers Exploit Web Applications (and How to Prevent Them)
Web applications, particularly those with user input, are susceptible to attacks like SQL injection, XSS, CSRF, and weak authentication. Developers can mitigate these risks by employing prepared statements for databases, escaping user inputs in HTML, using CSRF tokens, and enforcing strong authentication measures. Regularly updating libraries and ensuring secure configurations are crucial for protecting against vulnerabilities.
Last9·1yHow to Handle Logging in Microservices Architectures
Effective logging in microservices requires standardized formats, centralized storage, correlation IDs, and strong security measures. The post provides strategies for building robust logging systems, including platform selection, structured data formats, and request tracing. It includes guidelines for optimizing log levels, setting up logging pipelines, addressing common logging mistakes, and ensuring log security. An example using Node.js illustrates practical implementation, and essential tools for effective microservices logging are highlighted.
CodeHead·1yThe GO Situation Is CRAZY...
Golang is under scrutiny due to vulnerabilities exposed by a malicious package. Unlike other ecosystems, Go modules are fetched directly from version control systems without central oversight, making them susceptible to security risks. Users are advised to audit packages thoroughly before installing them as Go lacks built-in safeguards. Despite its simplicity and efficiency, the language's dependency handling is deemed naive.
InfoSec Write-ups·52wProfiler: Your Digital Detective Platform
Profiler is a platform that simplifies the process of gathering Open Source Intelligence (OSINT) by compiling data from over 250 sources in one place. It offers both basic and advanced search functions to help users verify email addresses, phone numbers, usernames, and monitor data breaches. Profiler is user-friendly and provides an all-in-one solution for those looking to investigate online identities and protect against potential scams or data leaks.
The Coding Gopher·1yDocker Just Got Some MASSIVE Upgrades
Docker continues to revolutionize software development by enhancing its platform with advanced tools like Docker Scout and Docker Compose watch, focusing on optimization, security, and improving developer workflows. Docker Scout embeds security analysis directly into the development lifecycle, while Compose watch automates feedback loops and accelerates the inner development cycle. Additionally, the Docker build cloud offers robust remote build execution, significantly reducing build times.
InfoSec Write-ups·52wHow to Build a Secure Password Manager in Python
This guide provides a step-by-step approach to building a secure password manager using Python. It covers key components such as encryption with the cryptography library, data storage using SQLite, and secure handling of master passwords. The project aims to enhance cybersecurity knowledge through practical implementation, while emphasizing security best practices.
DevOps·1yMastering AWS in 2025 isn't about memorizing services
Mastering AWS in 2025 involves understanding how different services connect to solve real-world problems rather than memorizing them. Key skills include knowing when to use services like EC2, Lambda, and ECS, choosing the appropriate database, utilizing S3 effectively, ensuring security with IAM, KMS, and Shield, integrating apps seamlessly with EventBridge, SNS, and SQS, optimizing performance with VPC and CloudFront, and using CloudWatch for observability. Learn services in context for meaningful applications.
JetBrains·51wPHP Annotated – May 2025
PHP Annotated May 2025 covers major PHP developments including the upcoming pipe operator in PHP 8.5, new array_first() and array_last() functions, security updates across PHP versions 8.1-8.4, and the introduction of the #[\NoDiscard] attribute. The edition highlights PHP's 30th anniversary celebration, FrankenPHP's official support by The PHP Foundation, and various tools for building desktop applications with PHP. It also covers AI tooling growth in the PHP ecosystem, framework updates including Laravel 12 and Symfony 7.3, and upcoming PHP conferences.
DevOps·1yMost Starred DevOps Projects on Github
The post highlights the most starred DevOps projects on GitHub as of April 2025. Key tools include Kubernetes for container orchestration, Grafana and Prometheus for monitoring, Ansible and Terraform for automation, Vault for security, Helm and Docker CLI for container management, and Jenkins for CI/CD. These tools are considered industry favorites and reflect real-world usage.
Awesome Go·1yBuild your own ResponseWriter: safer HTTP in Go
Learn how to build a custom ResponseWriter in Go to prevent common HTTP handling errors, such as forgetting status codes or improperly modifying headers. This guide shows how to wrap the ResponseWriter to enforce custom rules, making HTTP handlers more secure and maintainable.
Devtron·1yHow to Add Security Scanning to Your CI/CD Pipeline
Integrating security scanning into CI/CD pipelines mitigates risks such as secret leaks, supply chain attacks, and misconfigurations. Implementing early scans using tools like SAST, SCA, and IaC can enhance security posture, expedite development cycles, optimize resources, and ensure compliance. Devtron simplifies the process with built-in integrations for continuous security checks.
Faun·1yDo These 5 Ansible Projects — DevOps Job Guaranteed
The post outlines five Ansible projects that can enhance the skills of someone pursuing a DevOps role. It describes real-life scenarios ranging from setting up a workstation to managing Docker containers and building scalable web platforms with CI/CD. Each project increases in complexity and offers practical implementations to build a portfolio, focusing on automation, security, and integration of tools like Ansible, Docker, and CI/CD pipelines.
Awesome Go·51wJSON Web Tokens in Go
JWT (JSON Web Tokens) is an open standard for securely transmitting information between parties. The guide covers JWT structure (header, payload, signature), explains the difference between symmetric (HS256) and asymmetric (RS256) signing methods, and provides a complete Go implementation using the golang-jwt library and Echo framework. It demonstrates how to generate RSA keys, create a login endpoint that issues JWTs, implement middleware for token verification, and follows security best practices including using RS256 signing and HTTPS.
WebDev·1yGreyOS: The Meta-OS Redefining Cloud Computing
GreyOS is a revolutionary Meta-OS developed by George Delaportas and supported by PROBOTEK. It's a hybrid web and cloud-based operating system built with PHP, JavaScript, and HTML5. Notably, it uses CHAOS Microkernel to achieve massive scalability and supports up to 100 million concurrent users per VM. Its browser-based deployment and cloud-first approach eliminate hardware dependencies, while VeNUS, its enterprise-grade version, offers enhanced security, scalability, and integration capabilities for business needs.
