A Detailed Introduction to the Avro Data Format

In this article by Manoj Mokashi on Sqream’s blog, you can take a look at Apache Avro Data Format, which is a data serialization system that converts an object in memory to a stream of bytes.

Lua CORS Guide: What It Is and How to Enable It

Cross-site request forgery is a serious web attack that every developer needs to reckon with. Hackers have used it against web applications to steal valuable user information. The best defense is limiting web apps to a single domain, but that’s not always wise or possible. You need a way to make cross-domain requests safe. That’s where cross-origin resource sharing (CORS) comes in. It’s a tool that allows applications to use multiple web and API servers. Lua is a popular scripting language with many uses, including web applications. So, it’s susceptible to CSRF attacks, too. You need to set up Lua CORS? This post from Eric Goebelbecker on Stackhawk’s blog will look at what CORS is, the problems it avoids, and how to implement CORS with a Lua application.

.NET XML External Entities Guide: Examples
and Prevention

In this post on Stackhawk’s blog, Juan Reyes will address XML External Entities vulnerabilities in .NET and the potential impact that it can have on your platform. By the end, you can expect to have a basic understanding of XML External Entities, how to find them, and what mitigation strategies are at your disposal to deal with this vulnerability.

Golang Broken Object Level Authorization Guide: Examples and Prevention

According to the OWASP Top 10 for 2021, the most common vulnerability in web APIs is broken access control. This security issue encompasses several problems, but the largest is broken object level authorization. This problem occurs when an application doesn’t properly verify user permissions before providing access to a privileged resource. It’s a serious security leak that many applications fail to address. In this post on Stackhawk’s blog from Eric Goebelbecker, you can look at examples of broken object level authorization (BOLA) issues in golang applications and how you can fix and prevent them.

Django Broken Authentication Guide: Examples and Prevention

As of 2021, broken authentication is ranked #7 in the Open Web Application Security Project (OWASP) Top 10 list. Authentication system flaws can allow attackers to get access to user accounts and potentially compromise a whole system by utilizing an admin account. In this post on Stackhawk’s blog, Ifenna Okoye describes broken authentication. We’ll also provide some examples and go through some of the strategies for making Django apps more secure.

Golang Broken Access Control Guide: Examples and Prevention

Data protection is an important subject, especially in the information technology industry. This is because data protection and regulation are sometimes difficult. For instance, it is almost seamless for people to get hold of any type of information on the internet. However, certain types of information shouldn’t be accessible to everyone, such as medical records. In the IT industry, software developers protect personal data by enabling access control. In this article on Stackhawk’s blog, Ukpai Ugochi explores what access control is, then discuss the specifics of broken access control in Golang, examples of what it looks like, and how to prevent it.

React XML External Entities Guide: Examples and Prevention

XML, or Extensible Markup Language, is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. The purpose of this article on Stackhawk’s blog from Juan Reyes is to serve as a guide for and to provide examples of XML External Entities vulnerabilities for the React tech stack and the potential impact it can have on your security.

TMS Applications: An Introductory Guide and Some Popular Ones

We also updated this post on TMS applications recently. Any company in the logistics industry that ships or receives goods on a regular basis need a TMS, regardless of their size. The majority of shippers and 3PL brokers use a TMS. But nowadays, it makes sense for manufacturers, distributors, warehouses, ecommerce, and even retail businesses to look into a TMS. Why? A TMS is a software platform that helps businesses plan, execute, and optimize the logistics of moving their goods. In this article, we’ll introduce the TMS basics, highlight some key features, and suggest some popular TMS options.

How to Take a Screenshot in Selenium: A Walkthrough With Code

And we updated this post on taking screenshots in Selenium. In manual testing, tests should be performed manually in every environment by testers who use different data sets, whereas in the case of automation testing, it’s done by a program. Automation testing is faster and needs less investment in human resources, and frequent execution of tests is possible. Selenium is one such tool that automates the testing of web applications for functional and regression test cases. In Selenium, you can locate the elements, perform actions, record test cases, etc. Taking screenshots at each step of the test process provides a visual record of the use case that can help in troubleshooting when the test fails.