OWASP Dependency Check for Vulnerability Reporting

John Hoestje Java, Security, Technology Snapshot, Tutorial Leave a Comment

TL;DR: Add OWASP Dependency-Check to your build process to get insight into your dependency vulnerabilities.

Recent major data losses and security vulnerabilities in open source frameworks *(and the applications that use them)* have caused the companies that use those frameworks to have elevated concerns regarding vulnerabilities. The elevated awareness is for good reason, too. After all, no one wants to be the next one to lose sensitive data, be the punching bag of others, or be the example of what *not* to do security-wise.

If you happen to be in a group that doesn’t have any open source vulnerability reporting, OWASP Dependency-Check may be your short-term answer to get at least something in place. Adding OWASP Dependency-Check into your build process takes a relatively low effort. Other than not having the technology that stack Dependency-Check can help you with, there isn’t a reason not to at least add Dependency-Check to give a little insight into your open source dependencies.

The following parts will help you get Dependency-Check integrated into your Java project’s build process. The instructions will be adaptable to the other technologies Dependency-Check supports, like Gradle or JavaScript. Dependency-Check is also available as a command line tool for your favorite OS. In this example, I’ll use a Java project with Maven….



Rethinking REST Practices: An Introduction to GraphQL with AWS AppSync

Mat Warger Amazon Web Services, AWS, JavaScript, Programming, Technology Snapshot Leave a Comment

The basic premise of data transfer and involves requesting and receiving lists. This is simplistic, but it gets to the root of why we’ve developed the technologies and best practices to pass data using web services. RESTful APIs have grown to serve the needs of numerous individuals, startups, and enterprise companies across the world. They are useful, productive, and the concepts surrounding them are relatively standardized. If you don’t know how to create one, you can quickly find information building a great API that can grow to fit your needs. That’s when things get complicated…

If you start digging into REST, you’ll realize there’s quite a bit more to throwing lists. There are common threads that many people encounter when developing an API, and you begin to encounter many of the same questions so many others have before, such as: How strictly should you adhere to the principles of REST? How should you handle versioning? Should you bother? How do you want to structure your objects? Are users able to easily figure out what API endpoints are available and how they should be used?

There are many ways approach these. It boils down to communicating the structures that a given endpoint will return or accept. The cascade of questions that results from the choices made here will ripple through from the back-end to the client. The secondary issue is that these questions and choices are not at all uncommon. There are answers to these that follow Best Practices. But there is still plenty of ambiguity involved when attempting to build a flexible API that works well. These are the Commonly Tolerated Situations.

If you hadn’t already guessed, there is a solution that frees us from the dogma of REST and allows us to solve all these issues in a declarative, powerful, and fun way. That solution is GraphQL. In this blog, I’ll provide an introduction to the GraphQL specification with code examples…



Taking on the Azure Developer Certification (70-532) Exam

Vince Pendergrass .NET, Azure, Opinion, Service Fabric 6 Comments

Many of the companies that we work with use various cloud providers (such as Google, Amazon and Microsoft) for IT Service Delivery. This has created a great need for those who assist these companies to possess the technical skills required for proper and effective implementation of such services.

An excellent way to make yourself stand apart from the crowd in this space (and your company for that matter), is to obtain a developer/architect certification, such as the Microsoft Azure Developer Certification. Plus, if your company is focusing on becoming a Microsoft partner, it may be necessary to have a few developers on your team spend some time working to become certified. Fortunately, my awesome company Keyhole Software presented me with this opportunity.

In this blog, I share what I did to prepare for the Azure developer certification, specifically the 70-532 Developing Microsoft Azure Solutions Certification exam. I’ll include a couple of prep tools that helped me significantly, as well as a few unexpected “gotchas” I encountered when taking the exam…



Web Development Business

Technical Debt – Observe, React, Prevent

Keith Shakib Consulting, Opinion, Soft Skills Leave a Comment

The term “technical debt” was coined over a decade ago to help highlight a common problem in software development. Generally you can think of technical debt like this:

The cost of additional rework created by choosing an easy, shortcut solution now instead of the better approach that would take longer.

Delivering software to meet deadlines or functional goals that are wrought with technical debt is like buying items before you can afford them. Both practices can drastically affect your ability to reach your future goals, both long term and short term.

This article is a gentle reminder to recognize, fix, and avoid technical debt in your software projects.



Core ML

Core ML After Dark

Derek Andre Machine Learning, Mobile, Technology Snapshot, Tutorial Leave a Comment

So you’ve made this great social media app, and you are about to sit back and wait for the money to roll in. But, there is a problem: people keep trying to upload nude photos to it.

What if we could have a trained machine learning model that could detect not safe for work (NSFW) content and do it on a iOS device, before any image would be uploaded to a server?

Developing this trained machine learning model is way out of scope for this blog post. Luckily, the good people at Yahoo have already done this with their open-sourced trained Caffe models. The question now is, how can we use this on an iOS device?

In this post: The sultry side of your iPhone can collide with acceptable use policies. We introduce a machine learning solution that can help your application decide what is truly too hot for the internet using Core ML on iOS…