CodingThunder

A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources. The issue could affect sites running behind reverse proxy cache systems like Varnish and some widely-used Content Distribution Networks (CDNs) services, including Amazon CloudFront, Cloudflare, Fastly, Akamai, and CDN77. In brief, a Content Distribution Network (CDN) is a geographically distributed group of servers that sit between the origin server of a website and its visitors to optimize the performance of the website. A CDN service simply stores/caches static files—including HTML pages, JavaScript files, stylesheets, images, and videos—from the origin server and delivers them to visitors more quickly without going back to the originating server again and again. Each of the geographically distributed CDN server, kn...

Google is known for moonshot projects. Often they're just that, without much hope of being brought to fruition in the near future. But Flutter is not one of those: it's here now and it works, wonderfully. How Flutter Was Born: Bridging Mobile Platforms Flutter was released back in 2017 as a mobile development framework aiming to seamlessly bridge Android and iOS development without taking away any control over the hardware and low-level operating system features from the hands of the software developer, like many other frameworks do. It got lots of attention because Google showed impressive performance results, which are achieved thanks to the use of a low-level rendering engine that doesn't rely on the operating system's native interface elements like similar technologies such as Facebook's React Native do. It also got so much attention because it is being pointed to as the primary way of developing apps for Google's upcoming Fuchsia OS, which is set to replace...

Every company nowadays uses a variety of enterprise applications to enable employees to perform their duties. These applications include ERP, CRM, file sharing, and other tools. Often, business applications are targeted by cybercriminals. One unprotected vulnerability opens up opportunities for serious cyber attacks. As a result, the offender can get access to financial instruments, confidential data and personal information of clients. Moreover, the affected company itself may unwittingly become a tool in fraudulent schemes. The Scale of the Problem More than 70% of the applications used in the corporate environment get damaged by at least one vulnerability that will be detected during the first scan using special tools. For Java applications, this number is even higher — more than 80%. At the same time, less than 30% of companies conduct regular checks for any vulnerable components. It is not easy to provide the necessary maintenance for all applications in the enterprise since its n...

Although they’ve been around since the dawn of web programming, application program interfaces — more commonly known as APIs — are a foundational tool for web developers. APIs can save time and resources while offering better end-user experiences, making them increasingly popular.  ProgrammableWeb  found that over the past four years, more than 2,000 application program interfaces have been added to their site’s directory annually. In the next three years, API abuses will become the  most common attack vector  for breaching enterprise web applications. The increased use of APIs is largely due to the recent popularity of mobile apps. Unlike traditional websites, native mobile apps manage the user interface on a device and make requests for data against APIs, thus leading developers to use them more often. Similarly, AJAX-driven websites, which refresh only specific parts of a web page rather than the entire page, use APIs to function and have grown increasingly favore...

Fundamentals The first thing you’ll need if you want to get better at algorithms and data structures is a solid base. This base can be learned one of several ways, either through a computer science program at university, some coding bootcamps focus a bit on the topics below, or you can learn on your own from  books , videos, or  online lectures . So you’ll need a basic understanding of the following topics to get started: Data Structures Learn about arrays, linked lists, binary trees, hash tables, graphs, stacks, queues, heaps, and other fundamental data structures. Computer Architecture Learn how data is represented in a computer, the basics of digital logic design, boolean algebra, computer arithmetic, floating-point representation, cache design.  Try and learn a little about C and Assembly programming. Moving Forward Past the Fundamentals Once you feel like you have a good understanding of most of the concepts listed above, it’s time to start diving into the algorithms...

History Lesson As I'd previously described in the blog, " There's gold in them thar hills , " within an enterprise, there are layers upon layers of technologies deployed over time. Many of the older technologies still bring value, making it far from obsolete. Consider that even though many enterprises are undergoing  digital transformations , the technology and associated data that is contained within their old and deep layers still provide value. They cannot simply be removed, because after all it is the layers beneath that create the foundation for new pillars to be placed. Many of these layers will often have legacy interfaces such as CORBA, RMI, SOAP, etc. So, why do we continue to add layers on top of layers? If we approach this question as a paleontologist we would take a core sample and analyze each layer; let's try this approach with our technologies and dig through the various layers. Each layer represents a historical view, on the topmost/outer layer you...

It was the early 2000’s, your .NET application was the best thing to hit the streets since the IBOOK G3 came out. Let’s just say that your application was so money, it didn’t even know it. It had its shiny new (insert any sweet .NET functionality here) and all of the Java-based applications were jealous of it. Those were the days… Now turn to today. You feel like John Ritter and your application is the problem child from hell. It’s stuck in the past; it won’t allow you to update it. You’re constantly supporting all of its bad consumption habits and it won’t play nice with your other applications. Where do you turn for help when you feel like your only option is to send your application “to a nice farm, where it can live out its days and play with other applications”?  Containers! Containers you say!? Yes, containers. Containers are like boarding school for your applications. Send them away for a few weeks/months and they’ll come back well behaved and buttoned up.  But What Are...

The Hack programming language, as the authors proudly tell us, is “ a dominant web development language across large technology firms with over 100 million lines of production code .” Nail that niche! Does your market get any smaller if we also require those firms to have names starting with ‘F’ ? ;) In all serious though, Hack powers large chunks of Facebook, running on top of the HipHopVM (HHVM). It started out as an optionally-typed dialect of PHP, but in recent times the Hack development team decided to  discontinue PHP support  ‘ in order open up opportunities for sweeping language advancements ’. One of those sweeping advancements is the introduction of support for probabilistic reasoning. This goes under the unfortunate sounding name of ‘HackPPL’. I’m not sure how it should officially be pronounced, but I can tell you that PPL stands for “probabilistic programming language”, not “people”! This paper is interesting on a couple of levels. Firstly, the mere fact that proba...

One of the biggest changes that the Angular team introduced with the complete rewrite of Angular was the adoption of RxJS and Functional Reactive Programming as a core part of the framework. For many, it was the holy grail. But for others, instead, it was an obstacle towards adopting and learning Angular — possibly a reason to say away from the framework. I want to help you demystify Rx and learn enough about it to have a smooth learning experience with Angular. **Tip: Use  Bit  to easily share and reuse your Angular components across projects, suggest updates from any project, sync changes and  build faster as a team ! Gradually turn your components into a design system, in actual code. Components with Bit: Easily share across projects as a team Is RxJS difficult? RxJS is undoubtedly a big shift compared to how we used to write code in Angular.js. At first, it is scary for new people to digest and developers mostly hate things they don’t know. On top of that, at the time...