Month: April 2022

Published on 29 April

Spring Broken Authentication Guide: Examples and Prevention

By Alexander FO , In Backend

Broken authentication vulnerability was recognized as one of the OWASP’s top 10 vulnerabilities. Broken authentication vulnerability essentially is when an attacker gains unsolicited access to restricted data and/or functionality. It can lead to identify theft, data leakage and, in worst-case scenarios, give total control of the compromised system to the attacker. This post will cover broken authentication vulnerability in general and in Java Spring in particular. What Is Broken Authentication Vulnerability? Broken authentication means an attacker can gain access to restricted data by pretending to be a different user. The attacker provides …

# , ,
Read More

Published on 11 April

Cordova vs. React Native: A Detailed Analysis

By Alexander FO , In Frontend, Misc

Mobile apps have exploded in popularity over recent years. The introduction of the iPhone 3G in 2008 spawned a new industry overnight. App development is now an industry that generates more than $34 billion in revenue. To reach all potential users, developers need to develop applications for (at least) the two leading platforms: Android and iOS. Since the development for the platforms is time-consuming and requires different expertise (Swift/iOS vs. Java/Kotlin), cross-platform solutions were introduced over the years. Among them, Unity, Ionic, Cordova, and React Native. Those solutions ideally allow you to …

# , ,
Read More

Published on 11 April

How to Conduct a Developer Performance Review

By Alexander FO , In R&D Management

Performance reviews are a common and well-established practice in almost all companies, from startups to large enterprises. In this post, I’ll give my take on how to conduct an effective performance review for developers. I’ll provide general guidelines that apply to any profession. In addition, I’ll provide some tips that apply specifically to conducting performance reviews with developers. What Performance Reviews Do Regardless of the type of company you work for, performance reviews accomplish the following: The employee can give feedback about their general well-being and attitude toward their particular position and …

#
Read More

Published on 11 April

Spring XML External Entities (XXE) Guide: Examples and Prevention

By Alexander FO , In Backend

XML is a markup language that we use to define and categorize data. Data stored in XML format can move between multiple servers or between a client and a server. Once a server receives an XML input, it parses it via an XML parser. XML external entities are basically references in the XML document to files or URLs outside of the XML document. Essentially, it’s an XML standard feature that enables accessing and/or loading external resources. However, this feature can be dangerous, as it can allow malicious actors to retrieve unauthorized sensitive …

# , ,
Read More