Tips, Expertise, Articles and Advice from the Pro's for Your Website or Blog to Succeed
XSS, or Cross-Site Scripting, is one of the most common vulnerabilities found in applications. In bug bounty programs of different organizations, XSS consistently ranks as the most common vulnerability found. Today, let’s learn how these attacks work, how they manifest in code, and how to prevent them in your programming language. Let’s dive right in!
XSS happens whenever an attacker can execute malicious scripts on a victim’s browser.
Today we're going to learn how to use SQLite with Go. By the time you finish this tutorial, you can easily build CRUD (Create Read Update Delete) applications with Go.
Go is one of the hottest languages in development right now, known for its simple structure and blazing performance. SQLite has been trending among developers for its ability to host small data very quickly, safely, and contained in a single file.
Securing applications is not the easiest thing to do. An application has many components: server-side logic, client-side logic, data storage, data transportation, API, and more. With all these components to secure, building a secure application can seem really daunting.
Thankfully, most real-life vulnerabilities share the same root causes. And by studying these common vulnerability types, why they happen, and how to spot them, you can learn to prevent them and secure your application.
Go, often referred to as Golang, is a popular programming language built by Google. Its design and structure help you write efficient, reliable, and high-performing programs. Often used for web servers and rest APIs, Go offers the same performance as other low-level languages like C++ while also making sure the language itself is easy to understand with a good development experience.
Go’s httptest package is a useful resource for automating your server testing process to ensure that your web server or REST API works as expected. Automating server testing not only helps you test whether your code works as expected; it also reduces the time spent on testing and is especially useful for regression testing. The httptest package is also useful for testing HTTP clients that make outbound requests to remote servers.
Many developers and DevOps engineers have been deploying Kong Gateway in front of their microservices-based applications. While the extensive library of built-in plugins can add a lot of flexibility and power to your deployments, you might encounter the occasional use case where you need a custom plugin that’s just not found in the library.
Fortunately, you can use Go to create and run plugins for Kong Gateway. This post will cover how to get set up for writing Kong plugins. We’ll look at the parts of the request/response lifecycle that you can tap into, and we’ll walk through an example of how to put it all together.
My ability to remember things can drive my wife crazy. Earlier this week, she asked me two questions after I finished telling her a story that I had recalled from my long-term memory:
How do you remember such things?
Batching is a common scenario developers come across to basically split a large amount of work into smaller chunks for optimal processing. Seems pretty simple, and it really is. Say we have a long list of items we want to process in some way. A pre-defined number of them can be processed concurrently. I can see two different ways to do it in Go.
The first way is by using plain old slices. This is something most developers have probably done at some point in their careers. Let's take this simple example:
Lancet is a comprehensive, efficient, and reusable util function library of Go, inspired by the Java Apache Commons package and lodash.js.
go get github.com/duke-git/lancet
Lancet organizes the code into package structure, and you need to import the corresponding package name when using it. For example, if you use string-related functions, import the strutil package as below:
There are over 50+ tools and solutions available in the market for performance testing your application and services. Now it is time to check out Ddosify, a high-performance load testing tool that offers free and commercial features to test web applications and services over HTTP(S), HTTP/2, and other protocols are on their way. In this blog article, let us deep-dive into the Ddosify tool and see whether it satisfies a typical performance engineer or not.
Before we see Ddosify, let us try to understand the name of the tool. Ddosify contains Ddos term. DDoS stands for Distributed Denial of Services. Below is the Wikipedia entry for Denial of Service:
Say you have a web service running as a Kubernetes Deployment. There are a bunch of ways to access it over a public URL, but Kubexpose makes it easy to do so. It’s a Kubernetes Operator backed by a Custom Resource Definition and the corresponding controller implementation.
Kubexposeis built using kubebuilder and available on GitHub.
The Go programming language (Golang) is an easy-to-use and secure programming language that compiles into high-performance native applications. It is a very popular choice for writing software infrastructure and frameworks.
A key requirement for software frameworks is the ability for users to extend and customize it with their own code. However, in Golang, adding user-defined functions or extensions to an existing app is not easy. Oftentimes, you need to integrate at the source code level by combining the source code for the framework and the user-defined functions. While it is possible to create dynamic shared modules with Golang, support for shared modules is lacking on ARM-based systems, which are widely used in edge computing. Furthermore, neither source code integration nor dynamic modules provide isolation for the user-defined functions. The extension could interfere with the framework itself, and it is unsafe to integrate user-defined functions from several parties. As the language for "cloud-native", Golang needs a better extension mechanism.
Package management is one of the things Go has always missed. One of the major drawbacks of the previous (pre 1.11) go get was lack of support for managing dependency versions and enabling reproducible builds. The community has developed package managers and tools like Glide, dep, and many others serving as de-facto solutions for versioning dependencies.
“I use
go getfor production builds.” — said no one ever.
I started looking into Heroku as an option for creating personal applications in my free time. In fact, I converted an existing application from the AWS ecosystem to Heroku which was captured in a series on DZone.com:
Welcome to this series of blog posts that cover Redis Streams with the help of a practical example. We will use a sample application to make Twitter data available for search and query in real-time. RediSearch and Redis Streams serve as the backbone of this solution that consists of several co-operating components, each of which will be covered in a dedicated blog post.
The code is available in this GitHub repo - https://github.com/abhirockzz/redis-streams-in-action
This is the second part of a short blog-series about using CDK and AWS services to build and deploy a personal solution for monitoring electricity usage. In this part, we’ll look more closely at the Golang-based lambdas.
The full CDK and Go source code for this project can be found here: https://github.com/eriklupander/powertracker
Sometimes, we need to work with legacy applications, and legacy applications can be hard to rewrite and change. Imagine, for example, we have an application that is using raw TCP sockets to communicate with another process. Raw TCP sockets are fast, but they have various problems. For example, all data is sent in plain text over the network and without authentication (if we don’t implement a protocol).
One solution is to use HTTPS connections instead. We can also authenticate those requests with an Authentication Bearer. For example, I’ve created a simple HTTP server with Python and Flask:
Many organizations adopt cloud native development practices with the dream of shipping features faster. Although the technologies and architectures may change when moving to the cloud, the fact that we all still add the occasional bug to our code remains constant. The snag is that many of your existing local debugging tools and practices can’t be used when everything is running in a container or on the cloud.
Easy and efficient debugging is essential to being a productive engineer, but when you have a large number of microservices running in Kubernetes the approach you take to debugging has to change. For one, you typically can’t run all of your dependent services on your local machine. This then opens up the challenges of remote debugging (and the associated fiddling with debug modes and exposing ports correctly). However, there is another way. And the CNCF Telepresence tool enables this path.
Excelize is a library written in pure Go providing a set of functions that allow you to write to and read from XLSX / XLSM / XLTM files. Supports reading and writing spreadsheet documents generated by Microsoft Excel™ 2007 and later. Supports complex components by high compatibility, and provided streaming API for generating or reading data from a worksheet with huge amounts of data. This library needs Go version 1.10 or later.
Create dependent drop list in the spreadsheet with Excelize using Go like this: