Security of users’ passwords is one of the most important aspects of developing your web application. Unfortunately, making a good authentication script, which will safely store your data is not a piece of cake. It’s incredibly easy to get it wrong. The best way is not to store passwords at all, but… sometimes you have to. Let’s think how to make it as safe as possible. Read More
Angular 1 has been a phenomenal success in the world of Single-Page Applications (SPA). This was in part due to its simplicity and easy to understand syntax. It was also aided by the fact that it is a Google backed product which instills some level of confidence in developers. After the team at Google decided to come up with version two of the popular framework, they decided to change things drastically. Angular 2 takes a very different approach in building single-page applications. Let this not stop you from diving into it because Angular 2 is geared towards using some of the best tools out there in the industry from some of the most brilliant companies. For example, Angular 2 fully supports typescript as a first class citizen. Even though typescript is not required to use the framework, I must admit that the framework feels easier and more intuitive to use when used with typescript. In addition to that, you tend to write less code. Also, a lot of the examples and blog posts out there are mostly written in typescript, so that alone is a reason to stick to using it when just starting out. Another adoption is the new
angular-cli which is based on the already brilliant
ember-cli. The command line helps with rapid development and shields you from having to make many small decisions upfront.
In light of that, we will be using
typescript and the
angular-cli to build a conference browsing application. Read More
If you’ve ever used Microsoft Excel to visualize data into charts and graphs, you’ve probably also encountered some frustration with popular spreadsheet software. The strategic use of accessible data visualization is not only common sense but also provides a significant competitive advantage. There are entire startups dedicated to building Web Applications that create compelling visual representations based off metrics and various KPI’s. Big data isn’t only valuable to accountants and C-Level executives. Metrics can provide insight into a company’s performance but they really shine when you add a layer of interactivity as you visualize your data. Thanks to Mike Bostock, developers now have an Open Source option for crafting Excel-like data visualizations. We can use D3.js for manipulating documents based on our data and visualizing that same data using SVG’s, HTML and CSS.
At the core of D3 we have a framework that allow us to associate any object or array of data with elements on a page, binding them together for further manipulation. Update data and we visually update the object tied to that data within our document, in real time. We can use any number of visualizations to interpret data, display it as a graph, a chart, an eye catching animated SVG, or as patterns and gradients. These are just the most common examples. Once the data and the object are linked, the possibilities of visualizing them are endless. We’ll cover D3.js version 3, but it has since been updated to 4.0.
Introduction to security auditing
Security audit is the final and the most important step in implementing security defenses. When you build your service, you always have to remember to make it as safe as possible. The bigger it is, the most important its security is. The first step is to run a risk analysis in order to find possible holes and find out what type of attacks you can expect. The second step is to develop a proper policy to defend against them. Finally, you undertake a security audit to check if it really works.
If you need a NoSQL database which work with JSON data, has full support for realtime searching and has a mix of paradigms between SQL and NoSQL, a good option is RethinkDB.
This is a open-source database, which all JSON’s data is persisted into tables like a conventional SQL database, allowing you to run queries among multiple tables using the classic join command. But you can also persist arrays and sub-documents like you are used to do it in MongoDB, CouchDB or PostgreSQL.
Besides giving a glance of the new products, tools and innovative ideas in firsthand, these kind of event are a really good deal for networking with some of the best professionals and companies in the field and share some experiences.
And there are no excuses for those who don’t want to leave their city, state or country to participate: these events may happen in many parts of the world and on many different dates (there might be one happening close to you right now!).
At the root of XSS attacks is a simple premise; the injection of malicious code into your website or web application.
The first line of defence against XSS usually involves sanitizing user input, particularly anything which is later echo’ed back to the page. Content Security Policy is a subtly different approach to defending against similar types of attack. In this article we’ll look at it in more detail.
Note that CSP is not a replacement for input sanitization, which remains as important as ever. Rather, it complements the best practices you’re already (hopefully!) following.