This post gives an overview of the 12 solutions offered at Black Hat 2022. These are representative of the themes presented and discussed during the conference.

Encryption encodes data, so only programs that know how to decode it can read it. Most encryption programs use a "key" to transform plaintext into ciphertext.

What if we could enumerate all the software components we use and produce, and we could distribute and consume it easily? This is what SBOM is trying to solve.

Learn more about Renovate, a dependabot alternative.

This article provides some essential steps you can implement to bring security guardrails into your AppSec program.

This in-depth tutorial demonstrates how to add video calls to an Angular/Spring Boot project with WebRTC in TypeScript.

Securing a cloud-native application properly is not trivial. API gateways and mutual trust are key to ensuring our communication channels are kept safe.

Unlock the power of no-code automation and empower your team to work on more meaningful work that adds strategic value to your organization's business objectives.

Which virtualization technology will keep you more secure?

This article outlines the difficulties in extracting plain text from regular PDF documents at scale and demonstrates two API solutions that efficiently perform that task.

Pro-coders and low-coders can work together if each recognizes the unique talents and skills the other brings to enterprises.

Learn the practical steps in building a SaaS application, what is a SaaS application, why you need one for your business, and the types of SasS platforms.

Developers looking to write smart contracts have a couple of solid choices, but which one is currently better ... and why?

It's going to get worse before it gets better, but cybersecurity professionals can lead the way to improvement.

How to use this toolkit to test your upgrade process and how it helps you upgrade your TiDB with ease and happiness.

NAS is not a new technology but still plays a crucial role in providing capable data storage and accessibility through centralized storage connected to a network.

Tight coupling between modules is a bad idea, and the worst form of coupling is cyclic dependencies between modules. Fortunately, there are a few techniques we can use to break the cycles. They are Callback, Escalation, and Demotion, and I’m going to walk through some examples that show each of them in action. Then, once the dependencies are broken, we’ll look at two more techniques that allow us to invert and eliminate the relationship altogether. The code for each of the samples can be found in the edcie project on my Google code repository. Each example includes a build script and a simple test case. To execute them though, you’ll need GraphViz if you want to use JarAnalyzer. To invoke the build scripts without invoking JarAnalyzer, you can simply type: ant compile Keep in mind that each variation of the system has the exact same behavior! Modules Can Teach Us Plenty There are a number of amazing lessons that we can all learn when we use modules to help mold our software products and help us create things that customers will truly want to check out. However, we should experiment carefully with the different modules that are available to us before settling on any particular one. It may be the case that we need to sample several of them before we ultimately decide that one or the other is a better use of our time. Think about this carefully, and make sure you tweak your modules as necessary to get the best possible results out of them. You may discover that there are more than a few out there that make the most sense for you in the long run. The Example The example we’re going to use to drive the remainder of our discussion is incredibly simple. We’ve got a Customer and a Bill class that we’re going to bundle into two separate modules - cust.jar and bill.jar. There’s also a test case called PaymentTest that serves as a sample client to drive the interactions between the two classes. The test case is bundled into the billtest.jar module. The initial class diagram is seen on the right. Note the bi-directional relationship between the two classes. As we progress, we’ll add more classes and abstractions to the system to help increase the modularity. Additionally, we’re going to use JarAnalyzer to illustrate the relationships between the modules and also help us assess the quality of our design. The module structure is below, as generated by JarAnalyzer. You can see how to use JarAnalyzer in the build by reviewing the build file. Again, our goal is to break the cyclic dependency between cust.jar and bill.jar, and we’re going to look at three different ways to do this before moving on to examine different ways to massage acyclic module relationships. Initial Module Structure with Cyclic Dependencies Escalation The first technique we’re going to apply is called Escalation. With Escalation, we break the cyclic dependencies by escalating the cause of the dependency to a higher-level entity. Before we do that, we need to more fully understand why a cyclic dependency exists in this example. This reason follows: A Customer has a list of Bill instances. When the payment method on Bill is invoked, the Bill needs to determine if a discount should be applied. The discount is a product of the Customer the bill belongs to, not necessarily the Bill. Therefore, the Bill class calls for a method for Customers to determine the appropriate discount amount. Think of it this way…The Customer represents a payee and we negotiate a discount with each payee. The calculation of this discounted amount is encapsulated within the Customer. To break this dependency, we want to escalate the cause of the dependency up to a higher level class - the CustomerMediator. The mediator now encapsulates the calculation of the discount and passes that to the bill class. The best way to see this change is to look at the modified PaymentTest class. Now, I’ve modified the build script and have bundled the mediator into its own module, as shown below. If you dig a bit more deeply into the class structure, you’ll wonder why I didn’t just pass the discount amount from the Customer into Bill. Don’t worry about that. This example is slightly contrived because escalation isn’t the best way to solve this type of problem. The key takeaway is that we’ve escalated the dependency up to the mediator.jar bundle, breaking the cyclic dependency. Escalating the Cause of the Cyclic Dependency Demotion A slightly better way to solve this particular type of cyclic dependency (where we have a true composite relationship between Customer and Bill) is to use demotion. With demotion, we push the cause of the dependency to a lower-level module. Exactly the opposite of escalation. We do this by introducing a DiscountCalculator class that will be passed into the Bill class. Our modified PaymentTest class will create the calculator and pass it in for us. The Customer class will serve as the factory for the DiscountCalculator, since it’s the Customer that knows the discount that must be applied. The new class structure can be seen on the right. Now we’ll modify our build script to create an additional calc.jar bundle which will contain the DiscountCalculator class. Our resulting module structure is shown below. Demoting the Cause of the Cyclic Dependency Already you can see how this is a more natural solution than escalation for this particular type of cyclic dependency problem. What’s the key difference you might ask? With escalation, notice how I would be able to deploy the cust.jar and bill.jar modules independently. While demotion is a more natural solution in this situation, it also means that to deploy bill.jar or cust.jar, I must also deploy calc.jar. The right solution is always going to be contextual and the ideal solution is likely to shift throughout the development lifecycle. Callback Using a Callback is similar to the Observer pattern. With this approach, we’ll refactor our DiscountCalculator class to an interface, and then modify the Customer class to implement this interface. This new class structure can be seen on the right. As it happens in this specific situation, using a Callback represents a combination of demotion and our initial solution. We’ll go back to passing the Customer into the Bill, but will pass it in as a DiscountCalculator type. Whereas in the Demotion example we bundled the DiscountCalculator in a separate module, we’ll now just include it in our bill.jar module. Note that putting the DiscountCalculator in the cust.jar module would introduce the cyclic dependency we’re trying to get rid of. The new module structure, which resembles our original version minus the cyclic dependency, is shown below. Using a Callback to Eliminate the Cyclic Dependency Inverting Relationships Now we’re going to play around a bit with the module relationships. While Callback seems like the most logical solution, what if we wanted to use the cust.jar module without the bill.jar module? Callback, as it’s implemented, doesn’t allow us to do this. But with a bit of trickery, I can actually invert the relationship between the cust.jar and bill.jar modules. I start by refactoring the Bill class to an interface. Then, to avoid split packages (where classes in the same package are bundled into separate modules), I move the Bill class into the same package as the Customer class. The new class diagram is shown on the right, and the inverted module structure is shown below. Inverted Module Structure Eliminating Relationships Inverting the relationships allows us to deploy the cust.jar module independent of the bill.jar module. Again, it’s all about need. But I’d like to explore another option based on another important need - the ability to test modules independently. Before inverting the relationships, I am able to test the bill.jar module independently. After inverting the relationships, I can test the cust.jar module independently. But what if I want to test (or deploy) both modules independently? To do this, I need to completely eliminate the relationship altogether. As it turns out, because I’ve got a pretty flexible class structure after I inverted the relationships (lots of abstract coupling), I can do this by simply bundling the two interfaces - Bill and DiscountCalculator - into a separate module. No other coding changes are required. I start by moving them to a new package called base. Then, I modify my build script to bundle these two interfaces into a separate base.jar module, and we successfully eliminated the relationship between the bill.jar and cust.jar modules, as shown below. Eliminating Relationships Between Modules Wrapping Up We’ve come a long way from our original version of the system. Two modules with a cyclic relationship to a module structure where the original modules don’t have any relationship to each other. This means these modules can be tested and deployed independently. If you follow this blog, you know I’ve written plenty about the tradeoffs between flexibility and complexity, use and reuse, and many other architectural and design challenges. I hope this little exercise has helped drive some of those concepts home. As a final note, to explore some of these design decisions a bit more deeply, and to examine the tradeoffs a bit more objectively, I encourage you to run the builds for each of the projects and examine the dependencies.html file in the stats directory. To do this, you’ll need to make sure JarAnalyzer is executed, which requires GraphViz. As you’ll see when comparing the initial version to the final version, we made considerable progress in improving the quality of the design.

Read an overview of the basics of cryptographically secured communications, with some real-world use cases to highlight the importance of this security measure.

In this article, we’ll be going over the 1.1 revision of the Secure Software Development Framework that was published earlier this year.

Security remediations occupy a growing portion of developers’ time. We can reframe how we define a "critical" vulnerability and ask: Is it attackable?