Posted on

5 Reasons Why Technologists are Optimistic About Full-Stack Observability

The world has become more app-centric, increasing the demand for always-on, seamless, and secure digital experiences. As a result, organizations in all sectors ramped up their efforts to achieve full-stack observability to bring together disconnected tools and generate unified visibility across their IT environment.

A recent report from Cisco AppDynamics, "The Journey to Observability," reveals the transition to full-stack observability is now a priority for 90% of organizations around the world.

Posted on

12 Useful JavaScript Newsletters

As any software developer knows, it's vital that you keep learning to improve your game and stay on top of things. This is especially important in the JavaScript ecosystem, where things keep evolving quickly, especially with all the awesome frameworks we have today.

One of the simplest ways to do this is by subscribing to useful JavaScript newsletters and getting updates and tutorials straight into your inbox. In this post, let's look at 12 of the best ones.

Posted on

Why Do We Encourage Poor Coding Patterns?

For what feels like an eternity at this point, we’ve discussed “shifting left” in the SDLC, taking into account security best practices from the start of software development. DevSecOps was a great leap forward, in no small part because of the emphasis on shared responsibility for security, and the power of a security-aware developer to thwart common vulnerabilities as they write code. 

We have also known — again, for eons — that the type of secure code training chosen to engage and upskill developers makes all the difference. Low-effort solutions motivated solely by regulatory compliance do not build up the bright security minds of the future, and most security awareness professionals have worked that out. Dynamic, contextually relevant learning is best, but it’s critical that the nuances within are understood. 

Posted on

‘Tis the Season to Give Teams What They Need

With another holiday season and a new year ahead, it’s time for organizations to reflect on the past year of explosive digital transformation and plan for new technologies and challenges on the horizon. It’s also a good time for technologists and team leaders to consider how they might better understand the different types of people within their IT organization and what can be done to break down the silos that often exist between developers, security, and operations teams.  

Enterprise teams involved in application development and deployment include many different personalities, but understanding what they as teams and individuals have gone through during the pandemic helps foster understanding and leads to better collaboration. Here’s what leaders can do to help each team reach its full professional potential.

Posted on

Bouncy Castle and the Impact of Cryptographic Vulnerabilities

In December 2020, a vulnerability in the Bouncy Castle cryptographic library was publicly revealed. This vulnerability was discovered in October and fixed in November 2020. However, the nature of supply chain vulnerabilities means that many organizations remain vulnerable months later.

Inside the Bouncy Castle Vulnerability

The Bouncy Castle vulnerability was a flaw in the implementation of the OpenBSDBcrypt.doCheckPassword() function. The purpose of this function is to compare the hash of a password submitted during user authentication with a hash stored by the system. If these hashes match, then the user authenticates successfully.

Posted on

3 Common Encryption Mistakes That Are Easy to Avoid

At Ubiq Security we focus on data security and making it easier for developers to incorporate encryption into their applications.  As part of our work, we spend time on Slack, Stack Overflow, Reddit, etc. and we see several common mistakes that can cause security vulnerabilities that are easy to resolve.  While we don’t think any developer wants to make an insecure product, it is easy to understand how developers not experienced in data security might not realize the impact of grabbing some sample code from the Internet and incorporating it into their application.  I often say that writing programs incorporating encryption or data security is not like other software development.  Just because an application runs, doesn’t mean you are done or that your application is secure.

Common Mistake 1: Inadvertently Reducing the Range of A Hashed Value

I have lost count of how many times I have seen someone use sha256 thinking they are creating a 256-bit value stored in 32 bytes when they are actually creating a 128-bit value stored in 32 bytes.

Posted on

5 Ways To Implement Cryptography in Java

Introduction

Cryptographic functionality is essential to a massive number of applications.  As data protection regulations mandate how certain types of data should be protected, developers are increasingly required to build cryptography into their code. Java is currently one of the most popular programming languages used across a wide range of applications including Minecraft and Hadoop, so it’s important that developers know what to consider when implementing cryptography correctly.

However, cryptography can be complicated, and most developers are not secretly cryptographers on the side.  Requiring developers to jump through hoops and blindly make crucial decisions is not a good or safe way to implement core security functionality.

Posted on

Why Developer-first IAM, and Why Okta’s Auth0 Acquisition Matters

In the article, The Next TCP/IP Moment in Identity, I discussed why the enterprises will demand developer-first IAM. As every company is becoming a software company and starting to build their competitive advantage on the software they build, the developer-first IAM will free the developers from inherent complexities in doing Identity integrations.

The announcement came yesterday on Okta’s intention to acquire Auth0 for $6.5B, which is probably 40 times the Auth0’s current revenue, which is a true validation of the push towards developer-first IAM. However, this is not Okta’s first effort towards developer-first IAM. In 2017, Okta acquired Stormpath, a company that built tools to help developers to integrate login with their apps. Stormpath soon got absorbed into the Okta platform, but yet, Okta’s selling strategy didn’t change. It was always top-down.

Posted on

What Mac App Developers Can Expect In 2021

Every year since 2016, when I started working on Setapp — a platform now offering over 200 top Mac apps in a single subscription — we’ve conducted a comprehensive survey of Mac developers around the world to improve market perception and monitor emerging trends.

The Mac Developers Survey of 2020 continued this tradition, with a few adjustments to get at the unique ways such an unprecedented year affected the community. 

Posted on

Game Development Trends To Look for in 2021

2020 was a great motivation and, at the same time, a universal delayer when it came to game app development companies. On the one hand, the restrictive measures, the lack of proper delivery systems, and the challenges of self-isolation made game developers think creatively to develop new strategies, reconsider game development balance, and change the primary direction of the gaming sector. On the other hand, the industry lost its revenue, and the analytics have yet to calculate how much the actual income differs from the projections.

Nonetheless, last year brought about many new trends that are likely to persist in the industry for quite a while. Thus, some aspects, such as virtual reality and augmented reality, have acquired a new role, while the socialization of game app development is expected to become one of the top priorities in the short run. Read on to learn about the prevailing trends in the gaming domain and keep your game app development company on track with world leaders.

Posted on

Best Tips to Manage Your Remote Software Development Teams

For a few years now, remote software development has become quite the trend and favorite. Remote software development teams who constitute remote development are usually a team of designers, product engineers, scrum masters, developers, and product managers. All of them work individually over the project cumulatively, resulting in a product's delivery. 

Generally, in outsourcing, the concerned remote software development company will have dedicated managers overseeing the projects. But post the outbreak of the dreaded pandemic, things are changing. Due to work from home, remote teams operate from different locations. For Business Owners, it is a tedious task to ensure the management of these teams. If you happen to be outsourcing your product development or hiring a remote team to design, develop, and deliver projects, here are a few coolest tips to help you manage them. 

Posted on

20 Questions From New Scrum Master to the Development Team

TL; DR: 20 Questions from New Scrum Master to the Development Team

From Scrum Master to Development Team members, this set of questions addresses the foundations of a Scrum Team's capability to build valuable products: technical excellence and what it takes to achieve this proficiency level. The questions have been modeled after some basic principles that high performing teams have in common—from keeping technical debt at bay to collaboratively creating a Product Backlog.

The Essential Role of the Development Team for the Success of the Scrum Team

No matter whether you picked Scrum for the right purpose—building emergent products in the complex domain—, whether your Product Backlog is actionable 24/7 or whether your Scrum Team is entirely self-organizing. If your technological basis is drowning in technical debt, and the Development Team lacks technical skills, you cannot be successful as a Scrum Team. Therefore, as the new Scrum Master, you need to immediately determine the Development Team’s state of affairs.

Posted on

Ultimate Tutorial about Microsoft Graph APIs

What is Microsoft Graph?

In this article, we’ll talk about Microsoft Graph APIs and will show you a quick preview of the essential features. This technology is growing too fast so some existing features may not be longer available at the time of reading and surely new features will be added to it after the time of writing.

Microsoft Graph API – formerly known as Office 365 unified API - is the new service-oriented architecture owned by Microsoft to allow developers to access a vast amount of data from the Microsoft cloud platforms. Microsoft web API is essentially designed to collaborate with Office 365 and some other services hosted on the MS Azure cloud platform.

Posted on

Building a Mission-Critical Open Source Java Platform – The Web Layer

Currently the Java platform is one of the most consolidated in the world, much of this is due to platform's ability to support other languages such as Kotlin, Groovy and Scala, etc. Thousands of web and mobile applications are developed using the platform as a base. The Java platform has changed a lot in recent years and probably will keep evolving.

In parallel with these changes, we see the evolution application servers, that increasingly offer highly complex features such as load balancing components, smart asynchronous messaging, transaction control and many other technologies facilitating application development and standardization. They also provide a stable and scalable infrastructure for mission critical applications. One of the biggest challenges for application servers is to couple highly complex services, making them stable and flexible.

Posted on

Why App Developers Need to Adapt CIAM Today More Than Ever

As B2C companies look to offer an elevated user experience across all touchpoints, app developers are increasingly turning to customer identity and access management (CIAM) solutions that can help protect customer data and enhance the customer experience.

Customers have become increasingly receptive to new technologies and are using a wide array of digital solutions such as smartphones, wearable devices, virtual reality (VR), and Internet of Things-enabled systems in their daily lives. These digital solutions have made the execution of tasks easier and faster, bringing about a major change in customers’ behavior – i.e. the need for instant gratification of their demands.