In software development, ensuring the security of API calls through robust authorization and authentication is crucial. Developers must secure their API endpoints to handle the escalating cybersecurity threats prevalent in modern software development. In this blog post, we outline key aspects of OAuth, the de facto standard for authorization, to provide the basic building blocks for writing secure applications for most industries and enterprises that can be the target of malicious cyberattacks.
Imagine you are working in the next feature for the main app of your employer and suddenly you notice something terrible: there is a hardcoded secret committed in the remote repository. This is something we must avoid at all costs because anyone with access to that repository can see the secret and potentially use it to access live data or bring the system down.
After some investigation, you notice that the commit that introduced the secret is quite old, and lots of new commits have been added since then.
In today’s world of cloud application development, there has been a push toward distributed computing. Long gone are the days when native applications had all of their business logic locally, or when server systems all lived in the same bare-metal machine. To understand how to build resilient cloud applications, we need to understand the theory behind distributed systems. In this blog post, we are going to dive into the 101 of system design: the CAP Theorem.
There are times where we have secret values to configure in our cloud resources for our system to work properly. For example, we might need to add an Api Key to a deployed application that communicates with a third party Api, or we have to connect to a SQL Server that only supports traditional user and password authentication. In this blog post we are going to explain how to pass secret values to an Infrastructure as Code pipeline in a secure way using Github Actions and Terraform.
Terraform is an open source CLI tool created by Hashicorp to simplify the task of creating and managing the underlying infrastructure of applications. The idea behind it is to write the desired state of our infrastructure with code in plain-text files. The tool reads these files and updates the real infrastructure on our cloud providers to match what is stated in the files.
This way of working makes managing the infrastructure of our projects very efficient.