security

32 posts
api

How to safely throttle high traffic APIs

Adopting a scalable language and framework can help spread the traffic across multiple endpoints and systems, spreading the load across a wider structure.…

python

Common security gotchas in Python and how to avoid them

Prevent input injections (SQL or command injections) by sanitizing input using utilities that come with your web framework, avoid constructing SQL queries manually, and use shlex module to escape input correctly.…

http

HTTP headers to secure your app for the busy web developer

Set an X-Frame-Options header to prevent someone from creating an iframe wrapper around your site to clickjack your site. Your safety options are DENY, SAMEORIGIN, and ALLOW-FROM.…

security

Top security best practices for Go

You should validate user entries (using native Go packages or 3rd party packages) not only for functionality but also to avoid attackers sending intrusive data.…

security

Ways to secure your applications

More than 70% of exploited applications are due to outdated dependencies. Ensure dependencies are up to date by using the latest packages and automating dependency management.…

security

Tips to power-up your Java security

Protect against SQL injections by binding variables in prepared statements, using the prepareStatement() function to validate inputs.…

mongodb

Security best practices for MongoDB

Configure Transport Layer Security to encrypt all traffic to and from the database. Use at rest encryption to protect the contents of the DB in the event that someone is able to copy the database files (in a backup, for instance) or the server image.…

api

Ways to hack an API and how to defend

Use base-level encryption to allow functionality to operate as expected but obscure relationships between data to defend against reverse engineering. To defend against spoofing you can encrypt all traffic in transit.…

security

Top 5 cybersecurity predictions for 2020

Credential stuffing, where hackers steal login credentials from one site and use the same credentials to break into a user’s accounts on other sites, will continue to be an easy attack.…

security

Production secret management at Airbnb

Airbnb built an internal tool Bagpiper which is a collection of tools and framework components that it uses for the management of production secret assets. They designed it to decouple secret management from other app configurations as Airbnb scaled, and to ensure a least-privileged access pattern…