Articles

API Security Weekly: Issue 162

,

This week, we have details of compromised Google Cloud accounts being used to mine cryptocurrency (mainly with weak or no passwords on API connections), there’s an article on how GraphQL can be used as an API gateway (including security controls), a very comprehensive guide to all things relating to API security, and a new API security training course from AppSecEngineer.

Vulnerability: Compromised Google Cloud Accounts Used to Mine Cryptocurrency

The main story this week comes from HackerNews and describes how attackers are able to exploit improperly secured Google Cloud Platform (GCP) tenants. The impact on affected users included compromising their cloud resources, like uploading cryptocurrency mining software, and ransomware and phishing attacks.

Source de l’article sur DZONE

/par

Building Modern 3factor Apps in 2021 With Event-Driven Programming

,

Before OOP languages, the programmer would control how the program is executed and that would be from the app’s main routine. In modern programming, that control is delegated to the external non-main loops, and the main routine becomes an event-loop that waits for events to occur and then executes it with the relevant event handler.

This new model of programming (it has been around since the 70s though) is called event-driven programming.

Source de l’article sur DZONE

/par

An Introduction to GraphQL (for Developers)

,

This article was originally published at Coder Society, and we’ll explore GraphQL’s core features, how to interact with a GraphQL API, and some development and operational challenges.

The Story of GraphQL

Nowadays, REST seems to be the default approach for building APIs, typically based on the familiar HTTP protocol. While REST is relatively simple to work with and enjoys widespread popularity, its use of multiple endpoints to address resources sometimes gets in the way of flexibility.

Source de l’article sur DZONE

/par

How to Best Monitor GraphQL APIs

,

Since its release in 2015, GraphQL has become the alternative to REST. It gives frontend developers the flexibility they had craved for for so long.

Over are the days of begging backend developers for one-purpose-endpoints. Now a query can define all the data that is needed and request it in one go, cutting latency down considerably.

Source de l’article sur DZONE

/par

GraphQL: The Future of APIs

,
GraphQL: The Future of APIs

When discussing API design, REST or Representational State Transfer is what comes to mind first. It is a standard tool used for data retrieval from the server that accesses data by URLs.

Client applications whilst progressing into the new millennium was relatively simple. That is when REST had been developed and it became a good fit for many applications in due course of time.

Source de l’article sur DZONE

/par