Articles

Last year we saw the launch of a new Web programming language Dart – Structured Web Programming from Google. A very interesting approach to support web application development. Not so long after Go, Groovy, Ruby, Scala, << Name your DSL here >>; we see Dart. Is it a good thing to have at least one programming language to solve one problem? The answer is, like we already know, it depends.

Stay Away From “Do it Yourself”

It is your choice as to if you will try to do things yourself or allow the truly seasoned professionals to help out. Some decide that they are going to try to go it alone when they are programming something new, but this often ends up in a less than desirable place. It may even be more expensive than just hiring an expert who can help you get it programmed for you in the first place.

Source de l’article sur DZONE

What benefits does SAST have? What’s the difference between SAST and DAST? What’s IAST? What do all these words mean?! Let’s talk about this and more in the overview of the main types of Application Security Testing (AST).

Informational Security

Before we start deciphering these terms, let’s figure out why we need security testing at all. In modern world, software integrates into automation processes almost everywhere, the number of code lines in applications is increasing. As a result, the number of possible vulnerabilities and errors is increasing as well. This creates the need for effective checking and testing of the source code.

Source de l’article sur DZONE

In application development, microservices is an architectural style where larger applications are structured as a collection of smaller, independent, yet interconnected services. While this allows for highly maintainable and testable applications (as each service can be maintained independent of the larger application), the problem with this method is the inherent complexity of interactions between microservices. It can be difficult for developers and team members to visualize how these microservices are connected to each other. We have been looking for ways to produce architectural diagrams that illustrate these interactions. We found that GraphViz helped us to solve part of this problem, as it can take the microservices structure of an application in the DOT language and convert it into a PNG format. However, we wanted this process to be even more user-friendly and more automatic, so that the user would not have to manually generate a DOT file of their microservices architecture. 

In-Browser Tool

As we could not find such a tool, we decided to create one ourselves. We decided that the most user-friendly interface would be to create an in-browser tool that allows the user to upload a jar  file containing a packaged service, and to have an image automatically rendered. This article discusses how we went about creating this tool and includes an example of what happens « behind the scenes » of this interface. 

Source de l’article sur DZONE

By automating the entire test procedure, your company will not only save money and time but also deliver superior quality products. Selenium has reined top as the go-to tests framework for almost any sort of test requirement that includes a browser-based application. However, as the world of automation testing continues to step forward, the newest tools have emerged. Chief amongst them is Cypress.io, an automated test framework that is becoming a more and more popular alternative to Selenium. Is Cypress or Selenium a perfect choice for your automation test requirements? Keep reading this blog and understand some tips on why you might willing to choose one or the other – or even use both at a similar time.

Here are a few commonly asked queries that might come up when doing a Selenium vs Cypress comparison:

Source de l’article sur DZONE

When I first heard the term DevOps, What I understood from my peers is that,

“The process of deploying the application in any environment (dev/QA/prod) is called DevOps. It’s just another synonym for operations.”

Source de l’article sur DZONE

The introduction of the continuous integration/continuous deployment (CI/CD) process has strengthened the software release mechanism, helping products go to market faster than ever before and allowing application development teams to deliver code changes more frequently and reliably. Regression testing ensures no new mistakes have been introduced to a software application by testing newly modified code as well as any parts of the software that could potentially be affected. The software testing market size is projected to reach $40 billion in 2020 with a 7% growth rate by 2027. Regression testing accounted for more than 8.5% of market share and is expected to rise at an annual pace of over 8% through 2027, as per reports from the Global Market Insights group.

The Importance of Regression Testing

Regression testing is a must for large-sized software development teams following an agile model. When many developers are making multiple commits frequently, regression testing is required to identify any unexpected outcome in overall functionality caused by each commit. The CI/CD setup identifies that and notifies the developers as soon as the failure occurs and makes sure the faulty commit doesn’t get shipped into the deployment. 

Source de l’article sur DZONE

In the early days of the internet, security was little but an afterthought. Then as hackers started to exploit businesses’ lax security postures, things gradually started to change. At first, nonprofits like the Electronic Frontier Foundation started pushing web users to embrace HTTPS Everywhere. In response, certification authorities began offering free SSL certificate variations to any site admin that wanted one. As a result, at least 79.6% of all active websites now use SSL.

That was only the beginning. In the ensuing years, developers and web application administrators gradually started to harden their apps against all manner of attacks. They rolled out more complex password requirements. They started to add two-factor authentication as a default measure. They even started putting public-facing services behind high-performance web application firewalls.

Source de l’article sur DZONE

As more and more organizations making the shift to cloud-native technologies, Kubernetes has become the de facto choice to orchestrate container-based applications. As applications grow in size, the number of microservices increases and so does the data they process. Hence, handling data, especially sensitive data becomes critical. Out of the box, Kubernetes supports « Secrets » objects to store sensitive information — like passwords, tokens, ssh keys, and so on — securely.

Kubernetes secret eliminates the need to hard-code sensitive data in the application code. Secrets provide this sensitive information as data mount or expose them as environment variables.

Source de l’article sur DZONE

E-commerce storefronts have been slow to offer crypto payment methods to their customers. Crypto payment plug-ins or payment gateway integrations aren’t generally available, or they rely on third-party custodians to collect, exchange, and distribute money. Considering the growing ownership rate and experimentation ratio of cryptocurrencies, a « pay with crypto » button could greatly drive sales.

This article demonstrates how you can integrate a custom, secure crypto payment method into any online store without relying on a third-party service. Coding and maintaining smart contracts needs quite some heavy lifting under the hood, a job that we’re handing over to Truffle suite, a commonly used toolchain for blockchain builders. To provide access to blockchain nodes during development and for the application backend, we rely on Infura nodes that offer access to the Ethereum network at a generous free tier. Using these tools together will make the development process much easier.

Source de l’article sur DZONE

Imagine a microservice application consisting of dozens of continuously-deployed autonomous services. Each of the application’s constellation of services has its own repository, with a different versioning scheme and a different team continually shipping new versions.

Riddle me this: How can I tell the (whole) application’s version? Being that the change history is scattered among dozens of repositories, what’s the most efficient approach to keeping track of changes? And how do we manage application releases?

Source de l’article sur DZONE