CodeIsGo.com

In some ways, the term “passwordless” is a misnomer. Yes, it’s a password-less authentication method, greatly streamlining the login experience, and while that’s a great incentive to use passwordless for logging in, it’s not an improvement in authentication security in and of itself. By Jeremy Erickson.

To prevent phishing, there are a few general properties that your authentication solution needs:

• No Shared Secrets is the property that secrets are never shared and are always kept local to the authenticator device
• Origin Binding is the property that the site you (as a user) are attempting to log in to must match the domain, or origin, of the site you’re actually on
• Channel Binding is the property that the communication channel from the authenticator to the website must be strongly tied to the browser session attempting to authenticate

The article then looks in depth into how WebAuthn and FIDO2 implement these properties and provide a very robust resistance to phishing. Excellent!

One of the key features of being a data analyst is to query the data from files, databases etc to perform some data manipulation or visualisation and sometimes it’s much better if we can do it directly through code instead of looking into the database tables over and over again.. By Akash Mishra.

Pandas is a python library which can store query results in variables called “dataframes” and it helps us to perform data manipulations, visualisation and can convert our results back in the databases or files as write operations.

# In SQL:
SELECT name,roll_no,phone FROM student_details;

# In Pandas:
import pandas as pd

student_details = pd.read_csv('students.csv')
result = student_details(['name', 'roll_no', 'phone'])
result

This blog basically describes how one can use 10 basic SQL operations using the pandas library:

• Selecting the data
• Using aggregate functions
• Order By clause
• Group By clause
• IN and NOT IN
• Joins
• Creating new column using existing ones
• Selecting data conditionally

.. and more. You will also get 2 datasets to work with on your learning journey. This is just introduction to how one can execute basic SQL operation using pandas and there are many more operations of SQL which can be easily done using pandas. Nice one!

We talk with our IT clients on a regular basis, and also conduct primary research into emerging IT trends. One of the leading trends we hear is the adoption and deployment of cloud native applications, including containers and Kubernetes, and the infrastructure changes required. By Russ Fellows.

The result of IT transformation to using cloud native applications has significant implications for on-premises as well as public cloud environments. With containers and Kubernetes comes new storage interfaces and storage system requirements. The topics of storage and data protection for container-based applications is one of the biggest concerns we’ve heard from our IT clients for several years.

The article further mentions:

• Real world performance testing
• Performance Comparison

There are many aspects to consider when evaluating storage options for cloud native and container environments. These include ease-of use, manageability, reliability, scalability and other criteria. Undoubtedly, performance is one critical metric that impacts application service levels, and also may have significant cost and architectural implications. Follow the link to the full article to get charts and other comparison data. Nice one!

Client Hints are HTTP request header fields that a server can request from a client in order to get information about the client’s device, network, etc. The server can then determine the type of data to be displayed according to the client information received. By Hargunbeer Singh.

A server must tell the client that it supports client hints, this can be done using the Accept-CH header. When a client that supports client hints receives the Accept-CH header it can append client hint headers that match the advertised field-values to subsequent requests.

Client hints can also be specified in HTML using the <meta> tag with http-equiv attribute.

The client hints which determine which resources are sent in responses should be included in the Vary header. This ensures that a different resource is cached for every different value of the hint header. Usually, client hints like Width and DPR are specified in the Vary header. Interesting read!

Behavior Driven Development or BDD is one of the magical terms that many organizations are looking for today. The influence of the BDD methodology has significantly impacted the way the development model works. Its powerful business-driven approach has helped many teams collaborate with different stakeholders to define a better requirement. By Giridhar Rajkumar.

One of the well-known tools that help to automate the requirements for the BDD projects is Cucumber. In this article, you will learn about some of the coolest features available as part of Cucumber 6 (cucumber-jvm) & previous versions and how you can leverage them with your automation pack and business discussions:

• Rules & examples
• Other useful keywords
• Online cucumber reports

One of the major features released in cucumber-jvm 6.0.0 is the usage of the Rule keyword. In general, the Rule keyword will help the team members to think of the scenarios as examples of acceptance criteria or business rules. Examples are different types of scenarios in which the requirement has to be mapped.

The new features in Cucumber 6 will be of great help to the business stakeholders who like to define their requirements more understandably. You will also get link to Cucumber example video demo and links to further resources. Good read!

Google and Microsoft said they are pledging to invest a total of $30 billion in cybersecurity advancements over the next five years, as the U.S. government partners with private sector companies to address threats facing the country in the wake of a string of sophisticated malicious cyber activity targeting critical infrastructure, laying bare the risks to data, organizations, and governments worldwide. Ravie Lakshmanan.

The big tech sector is also rallying behind with a roster of initiatives, including —

• Microsoft will invest $20 billion over the next five years to deliver advanced security solutions, in addition to making available $150 million in technical services to help federal, state, and local governments with upgrading security protections.
• Google will invest over $10 billion to bolster cybersecurity, including expanding zero-trust programs, helping secure the software supply chain and enhancing open-source security. It’s worth noting that the search giant, earlier this June, announced a framework called the Supply chain Levels for Software Artifacts (SLSA or “salsa”) to safeguard the integrity of software supply chains.
• Apple will work with more than 9,000 of its suppliers to push for mass adoption of multi-factor authentications, vulnerability remediation, event logging, and security training.
• IBM will train 150,000 people in cybersecurity skills over the next three years, and will partner with 20 Historically Black Colleges & Universities to establish a more diverse cyber workforce.
• Amazon will make available to all Amazon Web Services account holders a multi-factor authentication device to protect against phishing and password theft at no extra cost.

While it remains to be seen how these efforts will unfold in practice, the commitments demonstrate the urgency in prioritizing and elevating cybersecurity after a relentless stretch of high-profile cyber attacks targeting SolarWinds, Microsoft, Colonial Pipeline, JBS, and Kaseya in recent months. Nice one!

In F5’s The State of Application Strategy in 2021 report, 58% of respondents said they are building a layer of APIs to modernize applications. Increasingly, though, breaches are taking the form of attacks on APIs. By Karthik Krishnaswamy.

This article then describes:

• Introducing the NGINX Controller App Security add‑on for API management
• Distributed API Security in any environment
• Enhanced visibility and analytics
• Flexible and fine-tuned policies
• DevOps friendly API security

The NGINX Controller API Management Module provides a variety of mechanisms to protect your APIs, including rate limiting, authentication and authorization. With Controller App Security, you now can now deploy a web application firewall (WAF) to protect your APIs across a multi‑cloud, distributed environment.

Built on F5’s proven security expertise, Controller App Security provides out-of-the-box protection against OWASP API Security Top 10 vulnerabilities, as well as common vulnerabilities like SQL injection and remote command execution (RCE). The add‑on checks for malformed cookies, JSON, and XML, and also validates allowed file types and response status codes. It ensures compliance with HTTP RFCs and detects evasion techniques used to mask attacks. How interesting!

Machine learning is becoming an important tool in many industries and fields of science. But ML research and product development present several challenges that, if not addressed, can steer your project in the wrong direction. By Ben Dickson.

Here are some takeaways from the article:

• Pay extra attention to data
• Know your models (as well as those of others)
• Know the final goal and its requirements
• Know what to measure and report
• Applied machine learning

When it comes to data, machine learning engineers must consider an extra set of considerations before integrating them into products. Some include data privacy and security, user consent, and regulatory constraints. Many a company has fallen into trouble for mining user data without their consent. Nice one!

Sometimes when you’re working with several different dictionaries, you need to group and manage them as a single one. In other situations, you can have multiple dictionaries representing different scopes or contexts and need to handle them as a single dictionary that allows you to access the underlying data following a given order or priority. In those cases, you can take advantage of Python’s ChainMap from the collections module. By Leodanis Pozo Ramos.

In this tutorial, you’ll learn how to:

• Create ChainMap instances in your Python programs
• Explore the differences between ChainMap and dict
• Use ChainMap to work with several dictionaries as one
• Manage key lookup priorities with ChainMap

Python’s ChainMap from the collections module provides an efficient tool for managing several dictionaries as a single one. This class is handy when you have multiple dictionaries representing different scopes or contexts and need to set access priorities to the underlying data. Good read!

Akka Streams is a library to process and transfer a sequence of elements. It is built on top of Akka Actors to make the ingestion and processing of streams easy. As it is build on top of Akka Actors, it provide a higher-level abstraction over Akka’s existing actor model. By Asbin Bhadra.

Akka streams consist of 3 major components in it – Source, Flow, Sink – and any non-cyclical stream consist of at least 2 components Source, Sink and any number of Flow element.

The article deals with:

• Features of Akka Streams
• Terminology in Akka-Streams (Source, Sink, Flow, RunnableGraph)
• Akka Streams in action

You should now better understand the basics of Akka Streams and there is also example code to help you. Informative read!