APIs are a critical component of today’s development landscape because of their importance in microservices. Since modern software is often composed of various microservices, certain functionalities may be beyond the scope of an individual API. With an API gateway, we can aggregate those services to behave as if they were a single API, and return complex responses from disparate microservices through a single call to an API gateway.
Snyk provides plugins or extensions for Visual Studio Code, Jetbrains IDEs like IntelliJ, WebStorm, PHPStorm, GoLand, and Visual Studio. But have you ever wanted to integrate Snyk in your daily work when your favorite editor or IDE is Vim, Emacs, Sublime, or Eclipse? This is going to be possible soon, as we’ve published our Eclipse plugin, including the new Snyk Language Server Protocol.
Where do open source dependencies go to die, and why do they come to an end? What happened to the npm faker module? Can it happen again? Join me to learn how open source software libraries rise to glory and how they reach their end of life. I’ll also include some takeaways for developers and ops engineers.
Hack The Box (HTB) is a platform that gamifies cybersecurity training. It’s suitable for aspiring pen testers, as well as developers who want to become security champions — or simply understand the mindset of adversaries a bit better — in order to make their applications more secure.
Throughout the pandemic, the increasing number of security vulnerabilities affecting major products and services reached alarming levels, according to our analysis of NIST’s (National Institute of Standards and Technology) National Vulnerability Database data.
During a recent engagement, Trustwave SpiderLabs discovered an Indirect Object Reference (IDOR) vulnerability within Squiz Matrix CMS which would allow any low privileged user to change the contact details of any other user on a Squiz Matrix instance (including administrators). An attacker exploiting the vulnerability could change an administrator’s email address to an attacker-controlled email address after which the attacker could reset the administrator’s password.
Containerization with Docker has become a major trend in web application development that many.NET developers have adopted. There are many compelling advantages for developers and DevOps engineers to containerize.NET applications, even when working with the older.NET Framework 4.x versions. However, if we don’t know how to use containers properly, we’ll experience little benefit from them.
