devpractices

Things you should never do

There is always a temptation to code from scratch rather than improve existing code because you may get a lot of excitement in building something grand. It is also harder to read code than to write it.…

scaling software

Seven deadly sins of a software project

“Maintainability is the most valuable virtue of modern software development.” Do these seven things to make maintainable software.…

devpractices

When DRY fails

DRY (Don’t Repeat Yourself) is about avoiding duplication of effort when writing the code. It also makes sure that when a bug is found it’s fixed across the board. Like many other principles, this one doesn’t work all the time.…

mongodb

Security best practices for MongoDB

Configure Transport Layer Security to encrypt all traffic to and from the database. Use at rest encryption to protect the contents of the DB in the event that someone is able to copy the database files (in a backup, for instance) or the server image.…

api

Ways to hack an API and how to defend

Use base-level encryption to allow functionality to operate as expected but obscure relationships between data to defend against reverse engineering. To defend against spoofing you can encrypt all traffic in transit.…

security

Top 5 cybersecurity predictions for 2020

Credential stuffing, where hackers steal login credentials from one site and use the same credentials to break into a user’s accounts on other sites, will continue to be an easy attack.…

performance engineering

Want to debug latency?

Latency is a critical measure to determine whether our systems are running normally or not. There are many collections libraries available that help you collect latency metrics.…

security

Production secret management at Airbnb

Airbnb built an internal tool Bagpiper which is a collection of tools and framework components that it uses for the management of production secret assets. They designed it to decouple secret management from other app configurations as Airbnb scaled, and to ensure a least-privileged access pattern…

serverless

4 serverless myths to understand before getting started with AWS

One myth is that serverless implies Functions as a Service (FaaS). Cloud services are serverless if no servers are exposed for you to administer, if they scale automatically and you pay for what you use only.…

serverless

Tips & tricks for developing a serverless cloud app

Focus on limiting the scope of your functions. Protect your code from malfunctioning by setting up a queue, or buffer requests..…