As I mentioned earlier we find the code for our two Lambda functions create-user and get-user under their respective folders. import jsonimport boto3import os client = boto3.client(‘dynamodb’) table_name = os.getenv(“TABLE_NAME”) def handler(event, _): body = json.loads(event[‘body’]) data = client.put_item( TableName=table_name, Item={ ‘id’: { ‘S’: body[‘id’] }, ‘name’: { ‘S’: body[‘name’] } })response…
Read More
Every request goes through the HTTP server to the GraphQL server, which builds context and runs the resolver. However, the business logic should remain separate from the resolvers, as it often changes. In such a situation, the separation allows you to implement the changes with just a few lines of code. There are three points where authentication is implemented in GraphQL: Before the HTTP server: The first point where authentication can be reached is directly…
Read More
What is gRPC? Google Remote Procedure Call (gRPC) is a remote procedure call framework that eases the communication process between client and server applications. It’s high-performing, robust, and lightweight. These three qualities are due to its data exchange format and the interface definition language used by protocol buffers (protobufs). Protobufs are small and fast due to their data serialization format, which enables smaller packets. This makes them highly suitable for fast data flow and economical…
Read More
Why follow best practices? Understanding and following best practices as well as building in the cloud on Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform™, Kubernetes, containers, and applications will enable you to get the most out of your toolkit. This includes more security as you are building, more proficiency with the tools and services you are using, better structure, faster environment, a reliable system that will withstand outages, and a more cost-effective solution….
Read More
This code worked well in our tests and was approved in the code review process. It returns True when there are two files with the right prefixes, and it returns False when there isn’t. Simple enough. That wasn’t what happened in real life, however. It would still work in the scenario where the right files are there, but it would, only sometimes, return True when just one of the files were there. And this was…
Read More
Vulnerabilities in software and infrastructure are a fact of life for developers and SREs, but that doesn’t mean you must accept them. Given the exponential growth of vulnerabilities, DevOps teams must be aware of and learn how to mitigate these risks to ensure healthy systems and applications. This article will focus on five common vulnerabilities in no particular order of severity. We’ll examine some in-depth information on each vulnerability’s root cause and how it can…
Read More
Serverless technologies enable developers to concentrate on what the application does without the hassle of managing where it runs and how it scales. The cloud provider manages infrastructure, simply upload the applications, and the provider handles the rest. This article highlights the benefits of going serverless by walking through creating a serverless REST API using AWS Lambda and Node.js. Setting Up the Local Environment This tutorial requires the following dependencies: Now that the environment is…
Read More
Microservice Security: How to Proactively Protect Apps Serverless Security Microservices are growing in popularity—how can development teams embed seamless security into the entire pipeline? Fernando Cardoso, solutions architect at Trend Micro, breaks it down for you. By: Melanie Tafelski, Fernando Cardoso January 19, 2022 Read time: ( words) Microservices Overview As many organizations moved to serverless functions to maximize agility and performance in the cloud, microservices became the new go-to design architecture for modern web…
Read More
However, these tools have downsides that may cause more challenges for DevOps teams: SAST has difficulties scanning and reporting on cloud-native applications because static tools only see the application source code it can follow. As more cloud-native apps are now developed with libraries and third-party components, this generates failures in the tool processing these links. DAST interactively testing the applications from the outside requires the application to be fully built upon every code change. As…
Read More
Application Security 101 Serverless Security Everything DevOps teams need to know about web application security risks and best practices. By: Trend Micro November 17, 2021 Read time: ( words) Web applications are becoming increasingly complex and the speed of delivery more demanding. This strain of speed and scale is making application vulnerable to attackers. According to Verizon, the majority of breaches were caused by web application attacks. This means application security is more crucial than…
Read More
Introduction Cloud computing services have grown exponentially in