Steven Melanson

@steven-melanson

Joined on Dec 17, 2020

  • <span>Photo by <a href="https://unsplash.com/@cgower?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText">Christopher Gower</a> on <a href="https://unsplash.com/s/photos/testing?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText">Unsplash</a></span> Introduction Many people in the IT industry do not usually think from an end-users' perspective when they come up with something new. Obviously, with the domain knowledge that they have got, sometimes it gets challenging to train users, make them understand metaphors, and, more importantly, change their point-of-view. All of this is occurring due to an increasingly day-by-day difference in opinions between developers and users. For that reason, testing bridges the gap between them and provides successful implementation and deployment of a product. This article will specifically focus on User-Interface Testing and how it impacts the overall delivery of an application. Front-End Testing
     Like  Bookmark
  • A lot of things have changed as a result of the COVID 19 Pandemic. Due to it, the IT business has had to move at a very quick rate, and now it is common for people to work from home. Now, more than ever before, businesses are working to put into place a variety of security policies and procedures that will ensure the complete safety of their organization's assets. A strategy approach in cybersecurity known as "Zero Trust" protects a business by removing all forms of implicit confidence and continuously validating each stage of a digital connection. This method is designed to keep hackers out. To put it another way, the idea behind this is that you should never believe anything without first checking it out: "Never Trust Always Verify." Utilizing robust authentication and authorization procedures at each level enables the organization to safeguard modern and evolving environments while also facilitating digital transformation. This is one of zero trust's primary purposes. It protects the network in multiple ways, including by segmenting the network, blocking lateral movement, offering Layer 7 threat prevention, and simplifying granular "least access" regulations. Traditional security models that are used today are based on the antiquated assumption that everything contained within an organization's network ought to be implicitly trusted. Because of this implicit trust, once users are connected to the network, they have complete freedom to move laterally and access or exfiltrate critical data. There are no granular security measures to prevent them from doing so. The flaws discovered in this system led to the development of the Zero Trust model. Is the Zero Trust Architecture Really Necessary?
     Like  Bookmark
  • Photo by Adam Kool on Unsplash During the project planning phase, one usually lists all the functional and non-functional requirements along with other parameters. If your application is going to handle a range of different tasks, it is often preferred to use dependencies that serve the purpose and fine-tune them as per your requirements. For instance, consider you're building a coding platform. So what are the components that make up a code editor? (Note that we are talking about the layout and the frontend functioning only, and not considering the complete infrastructure.) The minimum requirements to build a coding platform are as follows: Code editor Preview/output window File structure
     Like  Bookmark
  • Photo by Carl Heyerdahl on Unsplash Building and shipping a scalable application includes the sweat & tears of multiple teams. However, the core engineering work boils down to a bunch of developers. The product needs to be built well before it is marketed. So, the foremost factor in building a great product is by bringing the best out of the developers. While user experience (UX) has been the buzz of the tech world for quite some time now, developer experience is the new talk of the town. The productivity of developers is always directly related to building a performant and efficient piece of software. Improving Developer Productivity with Developer Experience Putting it in an abstract manner, everything that removes the verbosity in the development cycle directly or indirectly contributes to the betterment of productivity.
     Like  Bookmark
  • Photo by Arnold Francisca on Unsplash Kubernetes security has come a long way since the start of the project. Started by Google in 2014, it has since become a widely popular open source container orchestration system. While this tool has evolved a lot in these 8 years, there are still certain problems that we need to work through on our own. In this article, we will learn how to protect our Kubernetes pods and clusters and discuss some of the Kubernetes security best practices. 1. Enable RBAC Role-based access control (RBAC) is one of the best security practices in Kubernetes, allowing administrators to grant and limit access to certain users and groups, and specify who can and cannot do what on the Kubernetes cluster. To enable RBAC permissions for Kubernetes resources, we must give a role for a namespaced resource and a ClusterRole for a non-namespaced resource to Kubernetes. RBAC adds an extra layer of security by allowing administrators to create administrative rules, give or take permissions, provide access to users, cluster role binding, and allow role binding.
     Like  Bookmark
  • Photo by Darya Jum on Unsplash Consumers focus on functionality, not underlying security. But on analyzing the damage caused by previous data breaches and hacks, it is easy to see that security flaws can be more catastrophic than errors in functionality, having a direct impact on both customers and sellers. Keeping an application secure and up to date each time you do a deployment can be overwhelming, especially if you have daily or even weekly release cycles. Then how can you ensure the integrity of the delivered application without putting an excessive burden on the budget or cutting spending on required functionalities? One effective solution is to integrate application security testing into the software development lifecycle and have it run automatically for each deployment. What is DevSecOps? In the past, application security was an isolated, different from the rest of the development lifecycle, and was assigned to a specific team that tested the application's security at the final stage before it was released or updated. This was not a problem back in the days when development cycles lasted several months. But this is not how software development works these days.
     Like  Bookmark
  • Photo by Utsman Media on Unsplash If you are in the tech ecosystem, 'bugs' are undoubtedly the bane of your existence. An experienced developer knows that they come up in the application building lifecycle of every mobile application. They are impossible to avoid, and yet they have to be weeded out. One way to pre-emptively find and remove bugs before they are found and reported by end-users is through mobile device testing. Mobile testing is the exercise of checking an application software that has been built for cell phones to test its functioning and usability. In this article, we will discuss bugs and the role mobile testing can play in getting rid of them. What is a Bug? Source
     Like  Bookmark
  • Writing secure web applications is something that everyone wants. For this, developers use the best practices forimplementing different sensitive techniques, like a login system or a DoS protection, and sometimes they even test the application themselves to see if they can hack something. The security of the code you write is 100% in your hands, and you have total control over it. But what about all the open-source code you integrated via different libraries or modules? No one expects to reinvent the wheel and write everything from the ground up, but how do you maintain your application's overall stability if there are parts you can't control? This is where open source security measures come in. Here are the principles and advice I followed. Security-First Culture Most of the time, developers choose the open-source components based on their functionality and ease of use. While this is good for your development process, these are not the first things you should consider when creating secure software. Image Source
     Like  Bookmark
  • As a developer, your primary goal is to deliver software that meets business requirements. However, given the current cyber security landscape, merely ensuring that your application works as intended is not enough. You also need to ensure that your application does not accidentally leak secrets or expose user PII. It is your responsibility as a developer to write code that prevents hackers from compromising your application. Writing Secure Code If you are too fixated from the very start about avoiding security vulnerabilities, you will never be able to write efficient code. So, it is important to continue doing what you have been doing, that is, writing code that fulfils a business need. But, along the way, keep security at the back of your mind. To write secure code as a beginner, you can rely on some useful Application Security Testing tools to make your job easier. These are automated tools which help you identify vulnerabilities in your application. These testing tools use one of the following strategies: Static Application Security Testing
     Like  Bookmark
  • For most software developers, learning programming wouldn't be complete without building a fully functioning weather application. Building weather apps introduces important concepts related to data retrieval and being able to display that data in a meaningful way to users. Before we go on, let us first remind ourselves of what an API is... One of the most important aspects in building weather applications is the API (or Application Programming Interface). Very briefly, an API is a communications middleman between two applications. One application acts as the requester, and the other as the requestee. Normally, the requester needs to read, update or delete information from the requestee (which is commonly a database application). Now back to weather APIs... Maybe you're a hobbyist developer building a toy weather application you can show to your friends. Or, you might be a startup founder with a fabulous idea you wanna try out to help tame the effects of global warming.
     Like  Bookmark