Author Archives: admin

SSL CERTIFICATE: WHAT USER NEEDS TO KNOW

Ssl certificate: what user needs to know

SSL Certificates are mini data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it actuates the padlock and the https protocol allows secure connections from a web server to a browser. SSL is used to secure credit card transactions, data transfer, and logins, and in recent times it is becoming the standard when securing browsing of social media sites.

Ssl certificate

An organization needs to install the SSL Certificate onto its web server to initiate a safe session with browsers. Once a secure connection is established, all web traffic between the web server and the web browser will be secure.

When a certificate is successfully installed on the user’s server, the application protocol also known as HTTP will change to HTTPs, where the ‘S’ stands for ‘secure’. Depending on the type of certificate purchased and what browser the user is surfing on the internet, a browser will show a padlock or green bar in the browser when the user visits a website that has an SSL Certificate installed.

HOW DOES AN SSL CERTIFICATE WORK?

SSL Certificates uses public key cryptography. This specific kind of cryptography harnesses the power of two keys which are long strings of randomly generated numbers. One is called a private key and one is called a public key. A public key is known to your server and available in the public domain. It can be used to encrypt any message. For instance, if Lisa is sending a message to Marley she will lock it with Marley’s public key but the only way, it can be decrypted is to unlock it with Marley’s private key. Marley is the only one who has his private key so Marley is the only one who can use this to unlock Lisa’s message. If a hacker interrupts the message before Marley unlocks it, all they will get is a cryptographic code that they cannot break, even with the influence of a computer.

Why The User Needs an SSL Certificate?

SSL Certificates protects user’s sensitive information such as credit card information, usernames, passwords etc. It also:

Keeps the user’s data safe and protected between the servers.
Increases User’s Google Rankings.
Increases customer trust.
WHERE DOES USER CAN BUY AN SSL CERTIFICATE?

SSL Certificates need to be issued from a trusted Certificate Authority. Browsers, operating systems, and mobile devices maintain a list of trusted CA root certificates.

The Root Certificate must be present on the end user’s machine in order for the Certificate to be trusted. If it is not trusted the browser will give untrusted error messages to the end user. In the case of e-commerce, such error messages result in immediate lack of confidence in the website and organizations risk losing confidence and business from the majority of consumers.

The browser and operating system vendors such as Microsoft, Mozilla, Opera, Blackberry, Java, etc., trust the legitimate Certificate Authority and that it can be relied on to issue trustworthy SSL Certificates.

CYBER SECURITY RISK IN AN INTERNET OF THINGS WORLD

Cyber Security Risk In An Internet Of Things World

Cyber Security Risk in an IoT

The IoT offers new ways for businesses to create value, however, the continuous connectivity and data sharing also creates different opportunities for information to be conceded. So, explore this article and know some of the more important developments in the battle to fight against cyber risks.

Cyber Security Risk in an IoT

What makes the Internet of Things (IoT) different from the traditional Internet? The IoT does not rely on human intervention to function. With the IoT, sensors collect, communicate, analyze, and act on information, offering new ways for technology and businesses to create value—whether that is creating completely new businesses and revenue streams or delivering a more effective experience for consumers.

But this also creates new opportunities for all the information to be compromised. Not just the data is being shared through the IoT, but more sensitive data is being shared. As a result, the risks are exponentially greater.

Many technologies, media, and telecom establishments are already handling these cyber risk challenges. Information technology security experts have been cautioning the public about cyber threats for years, using conferences to publicize new vulnerabilities in systems and software

THE MISSION OF SECURE IOT IS JUST A START

The Open Web Application Security Project’s (OWASP) Internet of Things Top Project aims to educate users on the main aspects of IoT security and help vendors make common appliances and gadgets network- and Internet-accessible.

These types of projects are just the foundation of the future security standards that must be developed to create a network of devices that aid users in a secure environment.

It seems that proficient hackers are everywhere, and their growing focus on the IoT is a natural progression since they are looking to where the world’s data is flowing. The interconnected world is coming, but so are its hackers.

In a few years, there could be a whole new class of things to worry about in the cyber security field. Hopefully, by then the users will have already taken care of the current problems they are facing in the smart IoT.

SERVERLESS ARCHITECTURE WITH CLOUD COMPUTING

Serverless Architecture with Cloud Computing

Serverless Architecture with Cloud Computing

Serverless is one of the new buzzwords that you have probably heard in recent times. It refers to a type of deployment where the server is abstracted away. It does not mean there are no servers, just that you do not have to provision the servers yourself.

In some cases, serverless can free your business from the costs of maintaining infrastructure, upgrades, and provisioning servers. In this post, we’ll be exploring the basics of what serverless is, how it differs from microservices, and some possible benefits.

WHAT IS SERVERLESS?

With serverless, the user can simply write the code (usually in the form of functions/methods). The user can do so with many popular languages, including C#, JavaScript, Java, and so on. This code is deployed to a cloud provider like Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), and many more.

The code is triggered by events. Events can be as simple as HTTP requests, or they could be many other types of events, depending on what the cloud platform supports.

Within the cloud, the servers that executes the code are automatically provisioned (and decommissioned) by the cloud provider on needed basis.

SERVERLESS VS MICROSERVICES

There are some similarities between serverless and microservices, but they are not the same thing. Both are methods to break an application into smaller, independent pieces. They differ in what is deployed and what is managed.

PROPERTIES OF THE SERVERLESS ARCHITECTURE

  • There are 4 functions which can be deployed separately.
  • Each function is able to communicate with the database.
  • The user doesn’t have to provision a VM, the user can just deploy a function directly.
  • The function only consumes resources when needed.

ADVANTAGES OF SERVERLESS

There are some advantages when using a serverless architecture.

One topmost advantage is that scalability is handled by the cloud provider. If demand or usage increases, the cloud provider can compensate by adding more servers when necessary.

Another advantage is that costs are tied to usage. If the user has a service that is constantly in use, the user might not see any benefits. But if the user has a service that is intermittently used, then serverless may provide cost savings.

THE RISE OF MULTI-CLOUD

The Rise of Multi-Cloud

Multi-Cloud

Over the last few years, we have seen exponentially growing interest in what is commonly called a multi-cloud strategy or multi-cloud infrastructure, across the enterprise community. Enterprises from all industries are considering and putting in place multi-cloud strategies, virtualizing their infrastructures and choosing a mix of cloud providers, rather than depending on a single vendor.

WHAT IS MULTI-CLOUD?

Multi-cloud is the next leap of cloud-enabled IT architecture beyond the hybrid cloud. It refers to an IT design where multiple cloud providers and on-premises private cloud resources are used simultaneously to realize certain business objectives and metrics that are hard to achieve with private-only or hybrid cloud designs.

These business objectives include the freedom of choice to pick and choose best of breed cloud services across public cloud providers, as well as allowing data mobility to eliminate concern over vendor lock-in. Organizations are also looking to achieve enhanced data availability and durability with data sets spread across multiple cloud architectures, and cost optimization with the ability to use the most appropriate cloud pricing scheme for each application across providers. These factors put the cloud customer in charge with optimal leverage and control, thereby fuelling the growing momentum of multi-cloud.

PRINCIPLES OF MULTI-CLOUD

The advantages of multi-cloud outlined above hinge on a number of principles that must be adhered to. First is the need to normalize data access, control, and security across all clouds with a single interface, with the choice being the Amazon S3 API – assuming a full-fledged implementation with Identity & Access Management or IAM. Secondly, the need to ensure that data always stays in its open, cloud-native format, so that it can be accessed wherever it exists in and can be moved around freely as required. The third is a crystal clear data brokering capability that allows data to be placed and moved around automatically based on pre-defined business rules.

If not implemented correctly and with reasonable safeguards, multi-cloud could intensify the drawbacks and challenges for cloud customers, such as increased complexity and overhead of data management, minimized flexibility in ways the data can be accessed, used, and tracking of where data is placed.

Many organizations can already be defined as multi-cloud users by default since the deployment of multiple cloud offerings within a single company has grown organically out of practices over the past few years. Those organizations are finding the need of a solution to deal with these multiple clouds. At this moment, an increasing section of customers are clearly better educated and more practical in their use of cloud services, prompting them to explore and implement multi-cloud strategies.

MOVING FORWARD

As multi-cloud is becoming the standard for cloud designs and is enjoying mainstream adoption, over the next couple of years there will be demand for a solution that fundamentally changes cloud storage and data management to provide customers with the full power and flexibility of on-premises storage and public clouds so that they can get not only the most value from their data but also the optimal experience in doing so. The rise of multi-cloud will help the agent to manage information across different clouds.

WHAT YOU NEED TO KNOW ABOUT DATA BREACHES

What You Need to Know About Data Breaches

Almost every organization today is at risk of a data breach. If the organization is handling any kind of sensitive customer information, have intellectual property, or use computers, then the organization is potentially a target for cyber criminals. So, let’s dive deep-in and see what you need to know about data breaches, to protect your organization and customers.

Many small business owners mistakenly believe they are too small to attract the attention of cyber crooks, but according to industry experts, an increasing number of data breaches are occurring at companies with fewer than 100 employees. The size of the company will not protect you from determined hackers and criminals.

Data Breaches

DATA BREACH AND HOW AND WHY DO THEY HAPPEN

A data breach is an incident where private data is accessed or stolen by an unauthorized individual. Data can be stolen by a third party, such as a hacker, or by an internal player.

Targeted attacks from cybercriminals are generally carried out in four ways: exploiting system vulnerabilities such as, out of date software, people using weak passwords such as their pet’s name and mobile numbers, SQL injections and targeted malware attacks. When systems do not have the latest software updates it can create a hole that an attacker can use to sneak malware onto the computer that can steal data. Weak and insecure user passwords can make it easy for an attacker to crack, mainly if the passwords contain whole words or phrases. SQL injections allow for drive-by downloads that will inject spyware or malware onto the computer without the user doing anything to contact the malware.

A DATA BREACH CAN HAPPEN ANYWHERE ANYTIME TO ANYONE, HOW TO PREVENT THIS?

  • Monitor the bank and financial accounts on a regular basis for suspicious activity. If the organizations you do business offers activity alerts through text or email, sign up for them.
  • Close out of all online banking accounts on your phone whenever you aren’t using them, and give your phone a password if it doesn’t have one. Entering a password every time you use your phone is tedious, but it also provides a solid line of defense if your device is stolen.
  • Take action as soon as possible if you see any suspicious activity. Contact the bank and notify them of the suspicious transaction and inform them that your information was stolen in a data breach.
  • Use a removable flash drive to store financial and other delicate information.
  • Avoid oversharing on social media. Never post anything relating to sensitive info, make your profiles private, etc.
  • Get identity protection services: While convenient, the digital world we live in can be unpredictable. Therefore, it is important to take the necessary steps to safeguard your digital identity. Utilizing an identity protection service not only helps you keep your identity safe, but also assists you if you find your personal information has been compromised.

CONCLUSION

Data breaches are here to stay. Educate yourself and stay diligent about monitoring your online life expectancy. Fortunately, there are laws in place to protect you, but it is up to the user to report any suspicious activity and fight back against cybercrime.

WHICH IS BETTER, IONIC OR REACT NATIVE?

Which is better, Ionic or React Native?

Ionic is a Web-based framework that exposes the no-UI Native APIs (e.g., location service) to Javascript. React Native is a native based framework that provides binding of Javascript and native code (including UI).

The main difference between Ionic and RN is the how UI is rendered. In Ionic, it is by a WebView like a common web page, while in RN, it is drawn with native frames. Thus, RN based Apps are more responsive as they are faster.

In a project manager’s view, RN is more flexible as self-defined module and UI components are easier to create, but it requires more native knowledge from developers. Ionic is faster as existing web UI components can be largely reused. So Ionic is a less expensive option compared to React Native, but it is more limited in both performance and flexibility.

WHAT ARE THE PROS AND CONS OF USING JAVASCRIPT ES5 VERSUS ES6?

What are the pros and cons of using JavaScript ES5 versus ES6?

Pros

ES5:

You have a lot of browser support.

ES6:

You have tail call optimization.
You have import statements.
Lamba’s are pretty amazing.
Immutable and block scoping objects with “const” and “let”.
Classes and OO Inheritance.
Functors, and all that functional goodness.
String templates that handle interpolation for you.

Cons

ES5:

It doesn’t have everything that ES6 has.

ES6:

It doesn’t have all the support that ES5 has, but you can always transpile your ES6 code.

WHAT IS CALLBACK HELL?

What is callback hell?

Callback hell is where there are multiple nested callbacks.

This leads to very hard-to-read code. We have two ways to avoid this kind of callback hell :

Name your functions and declare them and pass just the name of the function as the call back, instead of defining an anonymous function in the parameter of the main function

Modularity: Separate your code into modules, so you can export a section of code that does a particular job. Then you can import that module into your larger application

WHEN SHOULD I USE GRAPHQL FOR MY WEB APPLICATION?

When should I use GraphQL for my web application?

Graphql has many benefits over REST. You should use Graphql in a data-driven application.

The main benefits of GraphQL are :

Only the content website will be returned.

All the content of a web page can be returned in a single request.

It’s flexible and performant.

It could enable smart caching.

It’s safe as it’s schema based.