OWASP Dependency Check for Vulnerability Reporting

John Hoestje Articles, Development Technologies & Tools, Java, Security, Tutorial Leave a Comment

TL;DR:ย Add OWASP Dependency-Check to your build process to get insight into your dependency vulnerabilities.

Recent major data losses and security vulnerabilities in open source frameworks *(and the applications that use them)* have caused the companies that use those frameworks to have elevated concerns regarding vulnerabilities. The elevated awareness is for good reason, too. After all, no one wants to be the next one to lose sensitive data, be the punching bag of others, or be the example of what *not* to do security-wise.

If you happen to be in a group that doesnโ€™t have any open source vulnerability reporting, OWASP Dependency-Check may be your short-term answer to get at least something in place. Adding OWASP Dependency-Check into your build process takes a relatively low effort. Other than not having the technology that stack Dependency-Check can help you with, there isnโ€™t a reason not to at least add Dependency-Check to give a little insight into your open source dependencies.

The following parts will help you get Dependency-Check integrated into your Java projectโ€™s build process. The instructions will be adaptable to the other technologies Dependency-Check supports, like Gradle or JavaScript. Dependency-Check is also available as a command line tool for your favorite OS. In this example, Iโ€™ll use a Java project with Maven….

Rethinking REST Practices: An Introduction to GraphQL with AWS AppSync

Mat Warger API Development, Articles, AWS, Cloud, Development Technologies & Tools, GraphQL, JavaScript, Programming, REST Leave a Comment

The basic premise of data transfer and involves requesting and receiving lists. This is simplistic, but it gets to the root of why weโ€™ve developed the technologies and best practices to pass data using web services. RESTful APIs have grown to serve the needs of numerous individuals, startups, and enterprise companies across the world. They are useful, productive, and the concepts surrounding them are relatively standardized. If you donโ€™t know how to create one, you can quickly find information building a great API that can grow to fit your needs. Thatโ€™s when things get complicatedโ€ฆ

If you start digging into REST, youโ€™ll realize thereโ€™s quite a bit more to throwing lists. There are common threads that many people encounter when developing an API, and you begin to encounter many of the same questions so many others have before, such as: How strictly should you adhere to the principles of REST? How should you handle versioning? Should you bother? How do you want to structure your objects? Are users able to easily figure out what API endpoints are available and how they should be used?

There are many ways approach these. It boils down to communicating the structures that a given endpoint will return or accept. The cascade of questions that results from the choices made here will ripple through from the back-end to the client. The secondary issue is that these questions and choices are not at all uncommon. There are answers to these that follow Best Practices. But there is still plenty of ambiguity involved when attempting to build a flexible API that works well. These are the Commonly Tolerated Situations.

If you hadnโ€™t already guessed, there is a solution that frees us from the dogma of REST and allows us to solve all these issues in a declarative, powerful, and fun way. That solution is GraphQL. In this blog, Iโ€™ll provide an introduction to the GraphQL specification with code examples…

What’s New in JUnit 5.2

Billy Korando Articles, Development Technologies & Tools, Effective Automated Testing With Spring Series, Java, Testing Leave a Comment

The JUnit team continues to make great progress in adding new features and enhancements to the JUnit 5 framework. We already have a second significant feature update after just seven months from the initial release of JUnit 5.

In this article, we look at some of the key features and enhancements added in JUnit 5.2 which was released on April 29th. We’ll focus on build tool enhancements that help in the adoption/migration to JUnit 5 for existing test suites and resolve annoyances, as well as what new changes further improve parameterized tests.

Why Am I Writing This Test?

Billy Korando Articles, Development Technologies & Tools, Effective Automated Testing With Spring Series, Testing Leave a Comment

… The highlight of this episode for me was when Dan laid out the three major concerns of automated tests. I hadn’t previously heard all the major purposes for automated testing laid out in such a succinct fashion. They are paraphrased:

Using Tests to Specify the Requirements of the System
Using Tests to Document the System
Using Tests to Build Confidence in the System

With purpose in mind, it is good practice for both developers and automated testers to ask themselves the following questions when writing a test:ย Why am I writing this test?ย Am I specifying system requirements?ย Documenting system behavior?ย Building confidence in the system?ย I’m a firm believer that asking the right questions when writing tests can lead to a better design for individual tests, in addition to more coherent and effective automated test suites.

In this article, we look into the three major purposes for writing automated unit tests. We discuss how they should be approached and what developers and automated testers can do right now toย establish better, more purposeful, practices.ย 

Cucumber Testing in Spring Batch

Dallas Monson Articles, Development Technologies & Tools, Spring, Spring Batch, Testing 3 Comments

With the evolution of microservices and the scalable nature of modern distributed architectures, batch processing seems to be falling out of favor. In fact, the term batch processing itself seems to be unfavorably associated with monolithic mainframe applications and thus does not seem to have much appeal.

Unless, of course, you are working on a project that is being designed to replace or modernize one of those mainframe applications. If that is the case, then likely some sort of batch process has come up with a non-functional requirement that needs to be dealt with in the new system.

For this specific concern, a very powerful framework has been provided: Spring Batch. It has many of the same features of a mainframe batch process like restart/recovery, chunk processing, and error handling along with exit codes. This framework allows developers to create powerful batch processing applications in the Spring Framework and enjoy the rich backplane of capabilities that this provides.

Continuing with the modernization thread, you will likely be tasked with providing some assurances to the business that the new, modernized process will produce the same outcome as the one that is being replaced. Here is where testing comes in, and where Cucumber specifically shines.

Cucumber provides behavioral testing support in the Spring universe. This allows developers and business users to collaborate through a common set of conventions and verbiage to validate that the app is behaving how the business intended as well as how the developer coded it.

In this post we will cover the following:
Why use Cucumber with Spring Batch
An overview of Cucumber and an example Cucumber Test
How to start with Cucumber and Spring Batch…