Articles

Secure Your Web Apps With an API Gateway

,

API management solutions, also known as API gateways, are a must in the day and age of APIs. However, once you’ve set up such a gateway, you can use it for different purposes unrelated to APIs. Today, I want to show you how to improve the security of web apps.

Prevent Sniffing

Browsers are fantastic pieces of technology that try to make the life of users as comfortable as possible. However, the balance between ease of use and security may sometimes tip on the former to the latter’s detriment. For example, if an HTTP response doesn’t set the content type, the browser may try to infer it:

Source de l’article sur DZONE

/par

Kafka vs. JMS: Which One Should You Be Using?

,

Two of the most popular message brokers used today are Kafka and those based around JMS. JMS is a long-standing Java API used generally for developing messaging applications, with its primary function of being able to send messages between two or more clients. Kafka, on the other hand, is a distributed streaming platform that provides a lot of scalabilities and is useful for real-time data processing. 

While both offer their own advantages and are highly useful in their own right, which of the two should you be actually using?

Source de l’article sur DZONE

/par

Building an E-Commerce API Using Nestjs, SQLite, and TypeORM

,

Introduction

Nestjs is a cutting-edge Node.js framework for developing server-side applications that are efficient, dependable, and scalable. It is simple to integrate with NoSQL and SQL databases such as MongoDB, Yugabyte, SQLite, Postgres, MySQL, and others. It supports popular object-relational mappers such as TypeORM Sequelize and Mongoose.

In this tutorial, we’ll create an e-commerce application with SQLite and TypeORM. We’ll also look at Arctype, a powerful SQL client and database management tool.

Source de l’article sur DZONE

/par

Anypoint CLI Commands in MuleSoft

,

Introduction

Anypoint CLI is a scripting and command-line tool for both Anypoint Platform and Anypoint Platform PCE. We will be using Anypoint CLI commands for Anypoint Platform accounts, API Manager, CloudHub applications, design center projects, and exchange assets.

Prerequisites

Installation

  • Verify the npm version with the command npm -version
  • Anypoint CLI installation npm install -g anypoint-cli@latest

Authentication

You can configure Anypoint CLI authentication with username and password, client ID and client secret, or a bearer token. At least one method is required.

Source de l’article sur DZONE

/par

API Security Tools: What to look For

,

Determine the Goals

In Bruce Lee’s famous movie, “Enter the Dragon,” there’s a scene of Bruce on the junk with the other contenders. One of them, Parsons, asks, “What’s your style?” Bruce answers, “The art of fighting without fighting,” after which he tricks Parsons onto the lifeboat, and Parsons is dragged in that boat behind the ship while the onlookers laugh.

Similar to the “What’s your style?” is “What’s your goal?” questions, there is no one right style, and there is no one right goal. Before testing APIs, determine the goals of testing; the goals of testing will help determine the tool specifications. Are there compliance standards to meet? What are the internal departmental and business goals? Are there contractual requirements? Does the SDLC require SAST and DAST to be applied? Does the CISO require RASP and IAST? Define and document the requirements. Remember – if it isn’t documented, it doesn’t exist.

Source de l’article sur DZONE

/par

Managing Applications in Kubernetes With the Carvel Kapp Controller

,

Any typical enterprise-grade application deployed on Kubernetes comprises several API resources that need to be deployed together. For example, the WordPress application, which is one of the example applications available on the Kubernetes GitHub repository, includes:

  • a wordpress frontend pod,
  • a wp-pv-claim persistent volume claim mounted to the frontend pod,
  • a wordpress-mysql MySQL database pod,
  • a mysql-pv-claim persistent volume claim mounted to the MySQL database pod,
  • two persistent volumes: wordpress-pv-1 and wordpress-pv-2 to serve the persistent volume claims,
  • services for the database and frontend pods.

Application (or app) is not a native construct in Kubernetes. However, managing applications is the primary concern of the developers and operations. Application delivery on Kubernetes involves upgrading, downgrading, and customizing the individual API resources. Kubernetes allows you to restrict the spread of your application resources through namespaces such that you can deploy an entire app in a namespace that can be deleted or created. However, a complex application might consist of resources spread across namespaces, and in such cases answering the following questions might be a challenge:

Source de l’article sur DZONE

/par

Introduction to Serverless With AWS Lambda and Bitrise API: Part 1

,

In the early days of software development, anyone seeking to develop a web, mobile, or backend application had to own the hardware required to run a server, which is an expensive process.

Then, when cloud computing came, it became possible to lease server space or a number of servers remotely. The developers and companies who rent these fixed units of server space generally overbuy to ensure that a spike in traffic or activity won’t exceed their monthly limits and break their applications. Because of this, a lot of the server space that gets paid for can be wasted.

Source de l’article sur DZONE

/par

Using AWS Lambda Function URL To Build a Serverless Backend for Slack

,

A combination of AWS Lambda and Amazon API Gateway is a widely-used architecture for serverless microservices and API-based solutions. They enable developers to focus on their applications, instead of spending time provisioning and managing servers.

API Gateway is a feature-rich offering that includes support for different API types (HTTP, REST, WebSocket), multiple authentication schemes, API versioning, canary deployments, and much more! However, if your requirements are simpler and all you need is an HTTP(S) endpoint for your Lambda function (for example, to serve as a webhook), you can use Lambda Function URLs! When you create a function URL, Lambda automatically generates a unique HTTP(S) endpoint that is dedicated to your Lambda function.

Source de l’article sur DZONE

/par

Hacking and Securing Python Applications

,

Securing applications is not the easiest thing to do. An application has many components: server-side logic, client-side logic, data storage, data transportation, API, and more. With all these components to secure, building a secure application can seem really daunting.

Thankfully, most real-life vulnerabilities share the same root causes. And by studying these common vulnerability types, why they happen, and how to spot them, you can learn to prevent them and secure your application.

Source de l’article sur DZONE

/par

5 Common Step Functions Issues

,

Step Functions, the serverless finite state machine service from AWS. With DynamoDB, Lambda, and API Gateway, it forms the core of serverless AWS services. If you have tasks with multiple steps and you want to ensure they will get executed in the proper order, Step Functions is your service of choice.

It offers direct integrations with many AWS services, so you don’t need to use Lambda Functions as glue. This can improve the performance of your state machine and lower its costs.

Source de l’article sur DZONE

/par