Time management has long been the linchpin of operational efficiency. TED's holistic approach offers transparent time management, efficient budget control, integrated customer feedback, and even an understanding of team motivation.
Try now: https://t.co/eLmquP4uZk
TDD is programming hygiene. It keeps the code orderly while supporting incremental and iterative development with continuous integration. https://t.co/aFol0jXLoV
We’ve started deploying changes to Amazon S3 to make unauthorized requests with certain error codes which were not initiated by you to be free of charge. This change covers a range of HTTP 3xx/4xx status codes. It will take a few weeks for the roll out to complete in all #AWS Regions.
For more details check out https://t.co/BHaACMP4Fx
Unlock the Power of your team - Why tracking time, skills and health at the same time matters - for employees, projects and your business. https://t.co/pgOJV92AyQ
𝗢𝗪𝗔𝗦𝗣 𝗧𝗼𝗽 𝟭𝟬 𝗔𝗣𝗜 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗥𝗶𝘀𝗸𝘀
Here is the list of the top 10 API security risks in 2023.
𝟭. 𝗕𝗿𝗼𝗸𝗲𝗻 𝗢𝗯𝗷𝗲𝗰𝘁 𝗟𝗲𝘃𝗲𝗹 𝗔𝘂𝘁𝗵𝗼𝗿𝗶𝘇𝗮𝘁𝗶𝗼𝗻 - APIs tend to expose endpoints that handle object identifiers, creating a broad attack surface of Object Level Access Control issues.
𝟮. 𝗕𝗿𝗼𝗸𝗲𝗻 𝗔𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 - Authentication mechanisms are often implemented incorrectly, allowing attackers to compromise authentication tokens or exploit implementation flaws to temporarily or permanently assume other users' identities.
𝟯. 𝗕𝗿𝗼𝗸𝗲𝗻 𝗢𝗯𝗷𝗲𝗰𝘁 𝗣𝗿𝗼𝗽𝗲𝗿𝘁𝘆 𝗟𝗲𝘃𝗲𝗹 𝗔𝘂𝘁𝗵𝗼𝗿𝗶𝘇𝗮𝘁𝗶𝗼𝗻 - The lack of or improper authorization validation at the object property level.
𝟰. 𝗨𝗻𝗿𝗲𝘀𝘁𝗿𝗶𝗰𝘁𝗲𝗱 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲 𝗖𝗼𝗻𝘀𝘂𝗺𝗽𝘁𝗶𝗼𝗻 - Satisfying API requests require network bandwidth, CPU, memory, and storage resources.
𝟱. 𝗕𝗿𝗼𝗸𝗲𝗻 𝗙𝘂𝗻𝗰𝘁𝗶𝗼𝗻 𝗟𝗲𝘃𝗲𝗹 𝗔𝘂𝘁𝗵𝗼𝗿𝗶𝘇𝗮𝘁𝗶𝗼𝗻 - Complex access control policies with different hierarchies, groups, and roles, and an unclear separation between administrative and regular functions, tend to lead to authorization flaws.
𝟲. 𝗨𝗻𝗿𝗲𝘀𝘁𝗿𝗶𝗰𝘁𝗲𝗱 𝗔𝗰𝗰𝗲𝘀𝘀 𝘁𝗼 𝗦𝗲𝗻𝘀𝗶𝘁𝗶𝘃𝗲 𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗙𝗹𝗼𝘄𝘀 - APIs vulnerable to this risk expose a business flow - such as posting a comment - without compensating for how the functionality could harm the business if used excessively in an automated manner.
𝟳. 𝗦𝗲𝗿𝘃𝗲𝗿 𝗦𝗶𝗱𝗲 𝗥𝗲𝗾𝘂𝗲𝘀𝘁 𝗙𝗼𝗿𝗴𝗲𝗿𝘆 - Can occur when an API fetches a remote resource without validating the user-supplied URI.
𝟴. 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗠𝗶𝘀𝗰𝗼𝗻𝗳𝗶𝗴𝘂𝗿𝗮𝘁𝗶𝗼𝗻 - APIs and the systems supporting them typically contain complex configurations, meant to make the APIs more customizable.
𝟵. 𝗜𝗺𝗽𝗿𝗼𝗽𝗲𝗿 𝗜𝗻𝘃𝗲𝗻𝘁𝗼𝗿𝘆 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 - APIs expose more endpoints than traditional web applications, making proper and updated documentation necessary.
𝟭𝟬. 𝗨𝗻𝘀𝗮𝗳𝗲 𝗖𝗼𝗻𝘀𝘂𝗺𝗽𝘁𝗶𝗼𝗻 𝗼𝗳 𝗔𝗣𝗜𝘀 - Developers tend to trust data received from third-party APIs more than user input and adopt weaker security standards.
Check the details in the comments.
_______
If you like my posts, please follow me, @milan_milanovic, and hit the 🔔 on my profile to get a notification for all my new posts.
Grow with me 🚀!
#technology #softwareengineering #programming #techworldwithmilan #api
How do services communicate with each other?
This is an important decision when designing the implementation of any multi-service architecture.
Here’s a quick guide to the most commonly used techniques, use it as a starting point for your decision:
gRPC is an open-source remote procedure call framework developed by Google. It uses Protocol Buffers to define service and message types which make data compact and efficient to transmit and store. It supports bi-directional streaming and offers flow control features.
WebSockets provide a full-duplex channel over a TCP connection. They allow both the client and server to send messages to each other at the same time. WebSockets require an open connection which is more resource-intensive than stateless options.
RESTful APIs provide an interface for services to communicate with each other. It uses the standard HTTP methods GET, POST, PATCH, and DELETE. It is stateless in nature which means requests must contain all the information required to process it.
GraphQL is another API-based approach. It is a data query and manipulation language that provides a way to consolidate APIs so that services can communicate via a single API endpoint. This simplifies communication with a consistent and unified interface.
In an event-driven approach, services respond to changes in state (referred to as an event). Services send events to a message broker or an event bus which forwards the event to relevant services. This promotes loose coupling, allows services to scale independently, and improves resilience.
A service mesh adds an infrastructure layer to each service. It adds a network proxy (called a sidecar) where network traffic is routed through. Because it does this to each individual service, features such as authentication and load balancing can be done on a very granular level.
Choosing the right approach for a system can be challenging, given the many options available and their varying use cases. Understanding your system’s requirements is essential, and often the best approach requires a mix of the options above to accommodate for different components in your system.
Hey @AWSSupport, in a workload we need ACM to request and renew certs from an ACM-PCA in short-lived mode. We receive 'ACM does not support Private CA short-lived mode.' as an error. Pls advise. Thanks #aws#cloud
Die Unternehmerverbände @stadtdortmund haben uns eingeladen: Am 24.1. zeigen wir, wie mit #TEDtime Teams entlastet, #Produktivität gesteigert, #Fluktuation verringert und auch eine mögliche Dokumentationspflicht der #Arbeitszeit umgesetzt werden kann. https://t.co/4GubvRoGjy
There are people who insist that estimates, deadlines, and tactical goals are essential.
There are people who insist that delighting the customer with things they'll actually want to buy is essential.
There is no overlap between these groups.
We've fixed an issue preventing the https://t.co/OqOumFkYVi share website from being displayed. This was caused by a network component upgrade with different security configuration.
5. Generated Photos
Unique, worry-free model photos.
Enhance your creative works with photos generated completely by AI.
Find model images through our sorted and tagged app, or integrate images via API.
🔗 https://t.co/DBKHJM9rjz