Published on 11 May

The Most Effective SQL Server Activity Monitor Strategy

By Alexander FO , In DevOps, Software Architecture
sql monitoring

The most common databases used today are relational or SQL databases, where data is stored in interconnected tables. In turn, you can query those tables using a query language that resembles plain English, Standard Query Language (SQL). To get the most value of the SQL databases you use as a developer, system administrator, or database administrator, it’s vital that you have visibility into what’s going on via SQL monitoring. That way you can take a deep dive under the hood and routinely check and monitor the database activity.

# , ,
Read More

Published on 11 May

Server Management Software: 5 Tools to Check Out

By Alexander FO , In DevOps
server management toools

Introduction Around 30 years ago, a server was usually a standalone PC or mainframe that provided only one service. Think of a dedicated mainframe for emails, for instance. Things evolved from this to single standalone hardware that provides multiple services (email, http, ftp combined, for example) through virtual machines that can host multiple operating systems running dozens of services, and up to today, where servers are software defined and can run on anything from your washing machine to a drone. What Is Server Management Software? Even in the scenario of a single …

# , ,
Read More

Published on 11 May

What Exactly Does An Engineering Manager Do? A Candid Look

By Alexander FO , In R&D Management

Introduction Engineering is the department in the organization that actually builds the product that the enterprise sells. In the world of the knowledge worker, employees don’t stand near the assembly line tightening screws. The modern knowledge worker is a software developer who creates products using code. The role of the engineering manager, likewise, doesn’t resemble the worker of an overseer or foreman in a factory. This post is about what an engineering manager does and what exactly their role is in the department in particular and in the enterprise in general. Beginnings …

# , ,
Read More

Published on 29 May

Spring Excessive Data Exposure: Examples and Prevention

By Alexander FO , In Backend

An API is essentially a tool to provide an interface for the client with the software—that’s what they do. Some of the API methods modify application state and some return data to the client. Further, some methods can do both. Once we return data to the client, we need to make sure that we return only what’s necessary and don’t expose any sensitive information. This post will cover excessive data exposure in APIs with examples and prevention methods. The examples will be given in the context of the Java Spring framework. REST …

# , , ,
Read More

Published on 18 May

Types of Test Data You Should Use for Your Software Tests

By Alexander FO , In Backend, Misc, Software Architecture

Testing is an integral and vital part of creating software. In fact, test code is as important as your production code. When you create test code, you need to generate test data for your code to work against. This post is about the different types of test data that are used in software testing. I’ll elaborate on each type and explain what test types are used in which scenarios. Types of Test Data Valid Data As the name implies, this is the data that your program expects and should operate on. You …

# ,
Read More

Published on 03 May

Spring Broken Object Level Authorization Guide: Examples and Prevention

By Alexander FO , In Backend

If a malicious user gains access to functionality that only system administrators should have access to, there can be dire consequences. This post is about a specific type of vulnerability called broken object level authorization, or BOLA. This happens when an attacker gains access to API methods that should be restricted. In addition to talking about what this is, I’ll discuss ways to mitigate this attack in general, and specifically in Java Spring Boot. Broken Object Level Authorization Defined Back-end APIs are basically a set of functions that return answers to requests. …

# , , ,
Read More

Published on 29 April

Spring Broken Authentication Guide: Examples and Prevention

By Alexander FO , In Backend

Broken authentication vulnerability was recognized as one of the OWASP’s top 10 vulnerabilities. Broken authentication vulnerability essentially is when an attacker gains unsolicited access to restricted data and/or functionality. It can lead to identify theft, data leakage and, in worst-case scenarios, give total control of the compromised system to the attacker. This post will cover broken authentication vulnerability in general and in Java Spring in particular. What Is Broken Authentication Vulnerability? Broken authentication means an attacker can gain access to restricted data by pretending to be a different user. The attacker provides …

# , ,
Read More

Published on 11 April

Cordova vs. React Native: A Detailed Analysis

By Alexander FO , In Frontend, Misc

Mobile apps have exploded in popularity over recent years. The introduction of the iPhone 3G in 2008 spawned a new industry overnight. App development is now an industry that generates more than $34 billion in revenue. To reach all potential users, developers need to develop applications for (at least) the two leading platforms: Android and iOS. Since the development for the platforms is time-consuming and requires different expertise (Swift/iOS vs. Java/Kotlin), cross-platform solutions were introduced over the years. Among them, Unity, Ionic, Cordova, and React Native. Those solutions ideally allow you to …

# , ,
Read More

Published on 11 April

How to Conduct a Developer Performance Review

By Alexander FO , In R&D Management

Performance reviews are a common and well-established practice in almost all companies, from startups to large enterprises. In this post, I’ll give my take on how to conduct an effective performance review for developers. I’ll provide general guidelines that apply to any profession. In addition, I’ll provide some tips that apply specifically to conducting performance reviews with developers. What Performance Reviews Do Regardless of the type of company you work for, performance reviews accomplish the following: Setting Up the Stage First thing first, both parties should do their homework before conducting the …

#
Read More

Published on 11 April

Spring XML External Entities (XXE) Guide: Examples and Prevention

By Alexander FO , In Backend

XML is a markup language that we use to define and categorize data. Data stored in XML format can move between multiple servers or between a client and a server. Once a server receives an XML input, it parses it via an XML parser. XML external entities are basically references in the XML document to files or URLs outside of the XML document. Essentially, it’s an XML standard feature that enables accessing and/or loading external resources. However, this feature can be dangerous, as it can allow malicious actors to retrieve unauthorized sensitive …

# , ,
Read More