Security Best Practices | The Blog Pros

October 6, 2023

Security Best Practices for ReactJS in Web App Development

In today's digital age, web applications have become an integral part of our lives. From online banking to social media and e-commerce, we rely on web apps for a multitude of tasks. With the increasing complexity and sophistication of web applications, security has become a paramount concern for developers, businesses, and users alike. One of the most popular frontend libraries used for building web applications is ReactJS. However, like any other technology, ReactJS is not immune to security vulnerabilities. In this comprehensive guide, we will explore the best security practices for ReactJS in web app development, ensuring that your applications are robust and resilient against potential threats.

Understanding ReactJS

Before diving into the security best practices, let's briefly understand what ReactJS is and why it's so popular for web development.

January 13, 2023

BSides SLC: Community, Fun, and Security Best Practices in Salt Lake City

With 2022 coming to a close, there was one last conference for the year, which happened in the snowy cold of Salt Lake City on December 16th. This event brought together security experts from multiple backgrounds, developers working to bring better security practices into their work, as well as students who were just starting down the path into InfoSec. No matter what skill level or area of security you forced on, there was something for everyone at BSidesSLC.

What Are BSides?

There are a lot of security conferences out there, but BSides stands out as unique. Rather than just a collection of talks, BSides is a community lead event that features hands-on labs, workshops, and collaboration, as well as industry experts presenting on a wide variety of cybersecurity topics.

January 3, 2022

Why Assessing Security Risk in Compute Lifecycle Development Should Be a Community Effort

Supply chain risks continue to be a major concern for manufacturers, and the organizations and customers they serve. According to recent research, software supply chain attacks are up 650 percent in the past year alone and ENISA expects these types of attacks to quadruple by the end of 2021.

But assessing supply chain risks can be a complex task for product teams. And when not done properly, can have devastating impacts. Just look at the SolarWinds attack and the recent blog from Microsoft showing that the group behind that attack, Nobelium, has since targeted 140 additional resellers and service providers.

December 19, 2021

API Security Beginner’s Guide

Historial API Evolution

As per the documented history, the occurrence of web APIs transpired towards the end of 1990 with the launch of Salesforce's sales automation solution. At that point in time, it was an open resource, awarded to everyone.

Salesforce's automation tool was XML-driven and the format used for interchanging the data for this tool later got acknowledged as standard SOAP API. It featured message format specifications and encoding-specific rules related to allowing or disallowing requests.

December 15, 2021

Tune the Need for Speed With Quality and Security Through Continuous Testing Practice in DevSecOps

The Need for Speed With Quality

The slow speed of feedback to the dev team through the results of manual tests decreases productivity significantly. Re-executing manual tests in every iteration of SDLC is not a sustainable pattern in current world. There is never enough time, and adding more personnel to execute manual regression tests leads to reduced returns. Test effectiveness is a critical aspect to keep up with the faster-paced development life cycles so that sufficient quality of the system can be ensured and time and money can be saved. To have better test effectiveness, we need to think differently with the increasing adoption of agile and DevOps practices. We need to have automations in all layers of the test pyramid. This includes unit tests, component tests/service tests, and UI tests.

Finding the Right Set of Tests

The number of new features, and therefore the number of tests, increases significantly after a few iterations in almost all agile teams. The only way to keep up with the needed regression testing is to automate the right set of tests to ensure the change hasn’t impacted existing functionality. Realistically, we can’t test everything, and we can’t automate all our tests. So, we need to find the right balance. To accomplish this balance, mature DevOps teams use a combination of test automation and manual exploratory testing, both running in a continuous pattern.

August 4, 2021

5 Security Measures For Open Source Based Apps

More and more app development teams are utilizing an Open Source base model, with the majority of developers now turning away from custom code.

And with good reason. Open source allows faster development, more innovation, and lower costs.

February 16, 2021

[SKP’s Novel Concept #01] Information Engineering Principles for the Internet

An Extract from my Paper "The Socially Acceptable Social Networks: A Reality Check for Information Engineering on the Internet"

Working Copy of the Paper — National Journal for Computer Science and Technology, Volume 5, Issue 1 (2014) - Narsinbhai Institute of Computer Studies and Management, Gujarat, India

April 26, 2019

JavaScript and Node.js Security: The Common Pitfalls [Video]

JavaScript and Node.js have shown themselves to be amazing platforms. Their sheer ease of use has empowered an entire community of creative individuals to build amazing things. As in all cases, however, amongst the goodness lurk some risks. Nobody’s perfect, including Node.js and JavaScript, and a language’s strength can quickly translate to its vulnerability if looked through an evil (or paranoid) lens.

We created a cheat sheet on 10 npm Security Best Practices that we encourage you to follow where you will find npm security and productivity tips for both open source maintainers and developers.