Articles

Building on Ethereum (Part 3): Set Up and Test

,
In this series, I’m discussing the phases of a project encompassing a non-trivial set of Ethereum smart contracts and the React/Redux application that communicates with them.

The project, called In-App Pro Shop, aims to help Ethereum developers easily support in-app purchases, and it was written over the last half of 2018 as a way of learning about the Ethereum development ecosystem.

This project revealed many aspects of the power and constraints of Ethereum and its programming language Solidity. I hope to pass as much of that on to you as possible in this series.

Source de l’article sur DZONE

/0 Commentaires/par

Why and When to Use Java for Developing Your Application

,

Java is a general-purpose language that follows the object-oriented programming style with a Write-Once-Run-Anywhere approach to development. It was designed for an interface with Internet-enabled devices, and over the course of the last two decades, this particular design choice has ensured Java’s relevance in the developer community.

Even now, in 2019, Java is ubiquitous and often used to develop virtually everywhere and on every platform; from smartphones and Android devices to websites, video games, cars, and even IoT devices.

Source de l’article sur DZONE

/0 Commentaires/par

51% Attack Proves Blockchain Is ‘Unhackable’ The Way The Titanic Was ‘Unsinkable’

,

Ethereum BlockchainPhoto credit Flickr/Descryptive.com

Turns out, blockchain technology isn’t quite as foolproof as all the hype would have you believe. A new article from MIT Technology Review explains that as blockchain systems become increasingly complicated, the likelihood that they can – and most assuredly will – be hacked goes through the roof.

Source de l’article sur DZONE

/par

The Need for Layer 3 on the Internet of Value

,

Over the past decade, we have witnessed the emergence of revolutionary innovation, of which the evolutionary significance is yet to be fully recognized. Of course, we’re referring to the blockchain, cryptocurrencies, and, more generally, the phenomenon that we describe as the Internet of Value. Blockchain and related technologies have the opportunity to transform the world of finance and other value systems, in exactly the manner by which the Internet has transformed the way we exchange information.

There have been some key milestones leading up to this point: the launch of Bitcoin in 2008; the emergence of altcoins from 2011 onwards; the launch of Ethereum in 2015. We call this Layer 1 — the foundational level — with the economic function of value creation and the technical one of ensuring the basic functionality of accounting and transfer of crypto assets. All of this is implemented on the basis of distributed registries and with the conditions of interaction strictly regulated at the code level.

Source de l’article sur DZONE

/0 Commentaires/par

To Succeed, DevSecOps Must Actually Include DevOps

,

Before implementing any DevSecOps tools, you have to embrace that DevSecOps is disruptive to the entire security tool landscape. Too many tools are just putting lipstick on a pig.

But how do you know which ones are lipstick and which ones transform the pig from the inside out? Larry Maccherone laid this out in his talk at our Nexus User Conference. If you’re not already familiar with Larry, he is an industry-recognized thought leader on DevSecOps, Lean/Agile, and Analytics and currently leads the DevSecOps transformation at Comcast. In other words, he knows what he’s talking about.

Source de l’article sur DZONE

/0 Commentaires/par

GitHub Security for Repositories: Comparing WhiteSource Bolt, Snyk, Depshield, and GitHub Alerts

,

Millions of repositories are hosted on GitHub, and lots of projects hosted there make their way into your project as dependencies. Developers can just look for modules that cover their use-case and import it into their project, which is actually great! The not-so-great part about importing third-party code is that developers usually just ignore the security aspects of it altogether.

According to GitHub, its security scan for vulnerabilities in Ruby and JavaScript unearthed more than four million bugs, which sparked a significant clean-up effort by project owners. As demonstrated by Equifax’s massive data breach, vulnerable open-source software libraries may contain significant security repercussions. GitHub has made some improvements in terms of notifying the user about the security issues in their code, but the users are required to opt into their security alerts.

Source de l’article sur DZONE

/0 Commentaires/par

API Security Weekly: Issue #11

,

As we are wrapping up 2018, you can’t help looking back at the record number of high profile API breaches that happened this year and wondering what can be expected next year. However, it is not all about the holiday mood: this week was also marked by a security hole in mutual TLS authentication in the Go language, XSS at Google Code-in, another Facebook glitch, hundreds of vulnerable Kubernetes deployments, and an announcement of the upcoming healthcare API standards in the US.

Vulnerabilities

The big one this week is the mutual TLS authentication issue in the Go language. The vulnerability that got fixed this week allowed attackers to launch CPU DoS attacks. With Go being one of the most popular programming languages in the microservices and backend implementation world and mutual TLS is one of the most popular security mechanisms, the impact of the vulnerability is significant.

Source de l’article sur DZONE

/0 Commentaires/par

What Is SNI and How Does It Work?

,

Want to know what is SNI and how it works? Well, you’ve come to the right place (not sure about the right time though). Quite often, this great technology goes under the radar, and that’s somewhat understandable. So, here we are doing what we always do – unscrambling the “technical” stuff.

Let’s get under the hood of the technology that is Server Name Indication.

Source de l’article sur DZONE

/0 Commentaires/par

OpenSSL Moves to Apache 2.0 Software License

,

OpenSSL has completed a re-licensing effort, resulting in adoption of Apache 2.0. The project announced this effort in 2015. The project got permission from contributors via a CLA.

The OpenSSL/SSLeay license was a non-standard permissive license, which included attribution clauses of the kind deprecated in Apache 1.0, such as:

Source de l’article sur DZONE

/0 Commentaires/par

Marriott Confirms Breach Impacts as Many as 500 Million Guests

,

Marriott International has disclosed that the guest reservation database of its Starwood division has been breached, affecting as many as 500 million guests. The company has also confirmed that there has been unauthorized access to the Starwood network since 2014.

According to a report from the BBC, for roughly 327 million guests, the attacker was able to access personally identifiable information including a combination of name, address, phone number, email address, passport number, account information, date of birth, and gender. In some cases, the compromised records also included encrypted credit card information. The company is still trying to determine whether or not the encryption keys have also been stolen.

Source de l’article sur DZONE

/0 Commentaires/par