DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

The Latest Software Design and Architecture Topics

article thumbnail
DevSecOps: Explaining Best Practices, Benefits and Tools
Adopting DevSecOps and integrating security into software is an obvious answer. Sooner or later, this method will conquer the software development field.
October 10, 2022
by Praise Iwuh
· 6,119 Views · 1 Like
article thumbnail
AWS Step Function for Modernization of Integration Involving High-Volume Transaction: A Case Study
The serverless offerings of AWS are getting more and more popular. But it remains a challenge to know them well enough to leverage them properly.
October 9, 2022
by Satyaki Sensarma
· 4,423 Views · 3 Likes
article thumbnail
Message Routing and Topics: A Thought Shift
This article makes some observations on the advancements in real-time, event-driven messaging with hierarchical topics from the MoM perspective.
October 9, 2022
by Giri Venkatesan
· 4,484 Views · 5 Likes
article thumbnail
Using Redis on Cloud? Here Are Ten Things You Should Know
This blog covers a range of Redis-related best practices, tips and tricks including cluster scalability, client-side configuration, integration, metrics etc.
October 7, 2022
by Abhishek Gupta DZone Core CORE
· 28,215 Views · 2 Likes
article thumbnail
Data Warehouse and Data Lake Modernization: From Legacy On-Premise to Cloud-Native Infrastructure
Learn how to build a modern data stack with cloud-native technologies, such as data warehouse, data lake, and data streaming, to solve business problems.
October 7, 2022
by Kai Wähner DZone Core CORE
· 5,912 Views · 4 Likes
article thumbnail
How Zero Trust Improves Ransomware Response
Zero trust is often discussed as a critical solution to cybersecurity problems. Here's how it can help with the rising threat of ransomware.
October 7, 2022
by Zac Amos
· 6,707 Views · 1 Like
article thumbnail
Decorating Microservices
The Decorator pattern is a great fit for modifying the behaviour of a microservice. Native language support can help with applying it quickly and modularly.
October 7, 2022
by Fabrizio Montesi
· 10,498 Views · 4 Likes
article thumbnail
Upload Single and Multiple Files Using the .NET Core 6 Web API
We will discuss file uploads with the help of the IFormFile Interface and others provided by .NET and step-by-step implementation using .NET Core 6 Web API.
October 7, 2022
by Jaydeep Patil
· 12,740 Views · 2 Likes
article thumbnail
Configure Cucumber Setup in Eclipse and IntelliJ [Tutorial]
Here's how to start using Cucumber, the widely used BDD framework for Selenium automation testing. This article helps you get set up in Eclipse and IntelliJ IDEA. It also provides a step-by-step guide on setting up Maven Cucumber project in Eclipse.
October 7, 2022
by Harshit Paul
· 9,541 Views · 1 Like
article thumbnail
Top 5 Cloud-Native Message Queues (MQs) With Node.js Support
The benefits of cloud-native, why we need it for message queues, and the top five cloud-native MQs that can be easily run with Node.js.
October 6, 2022
by Rose Chege
· 4,689 Views · 3 Likes
article thumbnail
Databricks vs Snowflake: The Definitive Guide
Discover the key differences between Databricks and Snowflake around architecture, pricing, security, compliance, data support, data protection, performance, and more.
Updated October 6, 2022
by Luke Kline
· 14,964 Views · 12 Likes
article thumbnail
How to Migrate From Kubernetes Pod Security Policies (PSPs) to Kyverno
Migrating from Kubernetes PSP to Kyverno is just as simple as defining any other Kubernetes resource.
October 6, 2022
by Abhinav Sinha
· 4,688 Views · 2 Likes
article thumbnail
2-Tier Architecture vs 3-Tier Architecture in DBMS
This article talks about the architecture of DBMS (Database Management Systems), with their structure, advantages, features, and more.
Updated October 6, 2022
by Bikash Jain
· 10,775 Views · 3 Likes
article thumbnail
Develop a Full-Stack Java Application With Kafka and Spring Boot
This tutorial shows how to publish and subscribe to Kafka messages in a Spring Boot application and how to display the messages live in the browser.
Updated October 6, 2022
by Marcus Hellberg
· 7,607 Views · 4 Likes
article thumbnail
5 Important Kubernetes Concepts Made Easy
Getting Started with Kubernetes is NOT easy. This article will help you understand some of the most important concepts of Kubernetes.
October 5, 2022
by Ranga Karanam
· 7,287 Views · 3 Likes
article thumbnail
Mule Snowflake Operations With Snowflake Configuration
This tutorial covers a few operations in the Mule Snowflake Connector along with the Snowflake configuration for those operations.
October 5, 2022
by Sajal Biswas
· 6,235 Views · 1 Like
article thumbnail
Top 10 Programming Languages to Use in Cyber Security Programming
This article will run through the top 10 coding languages you may want to learn to kickstart your cyber security career.
October 5, 2022
by Alister Esam
· 9,342 Views · 3 Likes
article thumbnail
Developing With AWS Cost and Usage (CUR) Files
Building internal cost tools with AWS starts from understanding the CUR schema.
October 5, 2022
by Everett Berry
· 5,741 Views · 1 Like
article thumbnail
Automate Amazon Aurora Global Database Using CloudFormation
This article will help automate the process of creating and configuring an Amazon Aurora Postgres Global Database. It also describes ways to handle fail-over scenarios.
Updated October 5, 2022
by KONDALA RAO PATIBANDLA
· 6,469 Views · 6 Likes
article thumbnail
Appsec and Technical Debt
Technical debt is a fact of life for anyone working in software development: work that needs to be done to make the system cleaner and simpler and cheaper to run over the long term, but that the business doesn't know about or doesn't see as a priority. This is because technical debt is mostly hidden from the people that use the system: the system works ok, even if there are shortcuts in design that make the system harder for developers to understand and change than it should be; or code that’s hard to read or that has been copied too many times; maybe some bugs that the customers don’t know about and that the development team is betting they won’t have to fix; and the platform has fallen behind on patches. It’s the same for most application security vulnerabilities. The system runs fine, customers can’t see anything wrong, but there’s something missing or not-quite-right under the hood, and bad things might happen if these problems aren't taken care of in time. Where does Technical Debt come from? Technical debt is the accumulation of many decisions made over the life of a system. Martin Fowler has a nice 2x2 matrix that explains how these decisions add to a system’s debt load: I think that this same matrix can be used to understand more about where application security problems come from, and how to deal with them. Deliberate Decisions Many appsec problems come from the top half of the quadrant, where people make deliberate, conscious decisions to short cut security work when they are designing and developing software. This is where the “debt” metaphor properly applies, because someone is taking out a loan against the future, trading off time against cost – making a strategic decision to save time now, get the software out the door knowing that they have taken on risks and costs that will have to be repaid later. This is the kind of decision that technology startups make all the time. Thinking Lean, it really doesn't matter if a system is secure if nobody ever uses it. So build out important features first and get customers using them, then take care of making sure everything’s secure later if the company lasts that long. Companies that do make it this far often end up in a vicious cycle of getting hacked, fixing vulnerabilities and getting hacked again until they rewrite a lot of the code and eventually change how they think about security and secure development. Whether you are acting recklessly (top left) or prudently (top right) depends on whether you understand what your security and privacy obligations are, and understand what risks you are taking on by not meeting them. Are you considering security in requirements and in the design of the system and in how it’s built? Are you keeping track of the trade-offs that you are making? Do you know what it takes to build a secure system, and are you prepared to build more security in later, knowing how much this is going to cost? Unfortunately, when it comes to application security, many of these decisions are made irresponsibly. But there also situations when people don’t know enough about application security to make conscious trade-off decisions, even reckless decisions. They are in the bottom half of the quadrant, making mistakes and taking on significant risks without knowing it. Inadvertent Mistakes Many technical debt problems (and a lot of application security vulnerabilities) are the result of ignorance: from developers not understanding enough about the kind of system they are building or the language or platform that they are using or even the basics of making software to know if they are doing something wrong or if they aren't doing something that they should be doing. This is technical debt that is hidden even from people inside the team. When it comes to appsec, there are too many simple things that too many developers still don’t know about, like how to write embedded SQL properly to protect an app from SQL Injection, or how important data input validation is and how to do it right, or even how to do something as simple as aForgot Password function without messing it up and creating security holes. When they’re writing code badly without knowing it, they’re in the bottom left corner of the technical debt quadrant – reckless and ignorant. But it’s also too easy for teams who are trying to be responsible (bottom right) to miss things or make bad mistakes, because they don’t understand the black magic of how to store passwords securely or because they don’t know about Content Security Policy protection against XSS in web apps, or how to use tokens to protect sessions against CSRF, or any of the many platform-specific and situation-specific security holes that they have to plug. Most developers won’t know about these problems unless they get training, or until they fail an audit or a pen test, or until the system gets hacked, or maybe they will never know about them, whether the system has been hacked or not. Appsec Vulnerabilities as Debt Thinking of application security vulnerabilities as debt offers some new insights, and a new vocabulary when talking with developers and managers who already understand the idea of technical debt. Chris Wysopal at Veracode has gone farther and created a sensible application security debt model that borrows from existing cost models for technical debt, calculating the cost of latent application security vulnerabilities based on risk factors: breach probability and potential breach cost. Financial debt models like this are intended to help people (especially managers) understand the potential cost of technical debt or application security debt, and make them act more responsibly towards managing their debt. But unfortunately tracking debt costs hasn't helped the world’s major governments face up to their debt obligations and it doesn't seem to affect how most individuals manage their personal debt. And I don't think that this approach will create real change in how businesses think of application security debt or technical debt, or how much effort they will put in to addressing it. Too many people in too many organizations have become too accustomed to living with debt, and they have learned to accept it as part of how they work. Paying off debt can always be put off until later, even if later never comes. Adding appsec vulnerabilities to the existing debt that most managers and developers are already dealing with isn't going to get vulnerabilities taken care of faster, even vulnerabilities that have a high “interest cost”. We need a different way to convince managers and developers that application security needs to be taken seriously.
Updated October 5, 2022
by Jim Bird
· 10,195 Views · 1 Like
  • Previous
  • ...
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • ...
  • Next
  • RSS
  • X
  • Facebook

ABOUT US

  • About DZone
  • Support and feedback
  • Community research

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 215
  • Nashville, TN 37211
  • [email protected]

Let's be friends:

  • RSS
  • X
  • Facebook
×