Rising Open Source Software Vulnerabilities Require a Modern WAF

Today, security has become a crucial part of the development, deployment, and delivery of web applications. We deliver our applications with an ever‑increasing velocity that allows us to stay competitive. In a constant process of transformation, we adopt new technologies and methodologies in order to stay agile – often including the latest and greatest open source tooling, components, and application stacks. This velocity enables us to provide what our customers want and need from our applications, but what are the risks of such fast‑paced innovation?

The Rise of Open Source Vulnerabilities

RiskSense, a vulnerability management firm based in Silicon Valley, recently published a study titled The Dark Reality of Open Source. The goal was to identify the threats to application security that come from open source products. Alarmingly, the number of Common Vulnerabilities and Exposures (CVEs) for open source software increased by 130% between 2018 and 2019, from 421 to 968. Moreover, it took 54 days on average for vulnerabilities to be added to the National Vulnerability Database after they were publicly disclosed, leaving organizations that use the software “exposed to serious application security risks for almost two months”.

In recent years, open source software vulnerabilities have been the cause of many major data breaches, such as the Apache Struts exploit (CVE-2017-5638). This exploit allowed attackers to pass specific HTTP request data containing Object‑Graph Navigation Language (OGNL), which allows reading and setting properties within Java as well as method execution. This allowed attackers to perform a remote code execution (RCE) attack and in 2017 led to the breach of over 143 million accounts at Equifax. Given the number of vulnerabilities in the open source landscape, how do you protect your users, your network, and most importantly your data, against these malicious attacks?

#blog #opinion #waf #progressive web app

What is GEEK

Buddha Community

An Open-Source Book About the Open Source World

Open source today is a word that often include a lot of things, such as open knowledge (Wikimedia projects), open hardware (Arduino, Raspberry Pi), open formats (ODT/ODS/ODP) and so on.

It is a world of opportunities that can be difficult for newcomers but also for intermediates. This article will help you discover how to approach specific roles, activities or projects/communities in the best way.

Everything Started with “Coaching for OpenSource Communities 2.0”

I decided to write a book in my personal style about my experience in the last 7 to 8 years in open source. I was surprised when I reached 100 pages about various different topics.

My idea was to write something that I would like to read, so nothing that is boring or complicated, but full of real facts.

The second goal was to include my experience but also my philosophy on contributing and how I contribute daily.

Thirdly, I wanted to give a lot of hints and resources and an overall view of this open source world.

Basically, I wanted to write something different from self-help or coaching books that includes just a list of suggestions and best practices. Instead, I take real examples from real life about the OSS world.

As a contributor and developer, I prefer to have real cases to study, because best practices are useful, but we need to learn from others and this world is full of good and bad cases to discover.

In 2019, I started writing a book after Fosdem 2019 and after 2 years inside the Mozilla Reps Council. In that Fosdem edition, I had a talk “Coaching for Open Source Communities 2.0” and after the feedback at the conference and my thoughts in various roles, activities, and projects, it was time to write something.

At the end it wasn’t a manual but a book that included my experience, learnings, best practices and so on in Localization, Development, Project Maintainer, Sysadmin, Community Management, Mentor, Speaker and so on. It contains the following sections:

• Biography - This choice isn’t for self promotion but just to understand my point of view and my story that can be inspiring for others
• Philosophy - Not the usual description of Open Source or the 4 freedoms, but just what Open Source means and how you can help
• How to live inside the Open Source - A discovery about communications and tools, understanding the various kind of people and the best way to talk with your community
• How to choose a project - Starting with some questions to yourself and how to involve more people in your project
• The activity - Open Source is based on tasks that can be divided in 2 levels: Support, Testing, Marketing, Development etc
• How to use your time - We are busy, we have a life, a job and a family but Open Source can be time-consuming
• Why document is important - How writing documentation can be healthy for your community and the project’s future and brand

There are also three appendices that are manuals which I wrote throughout the years and gathered and improved for this book. They are about: community management, public speaking, and mentoring.

The book ends with my point of view about the future and what we have to do to change opinions about those topics.

I wrote this book and published in October 2019, but it was only possible with the help of reviews and localizers that improved and contributed. Yes, because this book is open source and free for everyone.

I picked the GPL license because this license changed the world and my life in the best way. Using this license is just a tribute. This decision usually is not clear because after all this is a book and there are better licenses like Creative Commons.

#open-source #contributing-to-open-source #programming #software-development #development #coding #books #open-source-software

Top 8 Java Open Source Projects You Should Get Your Hands-on [2021]

Learning about Java is no easy feat. It’s a prevalent and in-demand programming language with applications in numerous sectors. We all know that if you want to learn a new skill, the best way to do so is through using it. That’s why we recommend working on projects.

So if you’re a Java student, then you’ve come to the right place as this article will help you learn about the most popular Java open source projects. This way, you’d have a firm grasp of industry trends and the programming language’s applications.

However, before we discuss its various projects, it’s crucial to examine the place where you can get those projects – GitHub. Let’s begin.

#full stack development #java open source projects #java projects #open source projects #top 8 java open source projects #java open source projects

Did Google Open Sourcing Kubernetes Backfired?

Over the last few years, Kubernetes have become the de-facto standard for container orchestration and has also won the race against Docker for being the most loved platforms among developers. Released in 2014, Kubernetes has come a long way with currently being used across the entire cloudscape platforms. In fact, recent reports state that out of 109 tools to manage containers, 89% of them are leveraging Kubernetes versions.

Although inspired by Borg, Kubernetes, is an open-source project by Google, and has been donated to a vendor-neutral firm — The Cloud Native Computing Foundation. This could be attributed to Google’s vision of creating a platform that can be used by every firm of the world, including the large tech companies and can host multiple cloud platforms and data centres. The entire reason for handing over the control to CNCF is to develop the platform in the best interest of its users without vendor lock-in.

#opinions #google open source #google open source tools #google opening kubernetes #kubernetes #kubernetes platform #kubernetes tools #open source kubernetes backfired

Rising Open Source Software Vulnerabilities Require a Modern WAF

Today, security has become a crucial part of the development, deployment, and delivery of web applications. We deliver our applications with an ever‑increasing velocity that allows us to stay competitive. In a constant process of transformation, we adopt new technologies and methodologies in order to stay agile – often including the latest and greatest open source tooling, components, and application stacks. This velocity enables us to provide what our customers want and need from our applications, but what are the risks of such fast‑paced innovation?

The Rise of Open Source Vulnerabilities

RiskSense, a vulnerability management firm based in Silicon Valley, recently published a study titled The Dark Reality of Open Source. The goal was to identify the threats to application security that come from open source products. Alarmingly, the number of Common Vulnerabilities and Exposures (CVEs) for open source software increased by 130% between 2018 and 2019, from 421 to 968. Moreover, it took 54 days on average for vulnerabilities to be added to the National Vulnerability Database after they were publicly disclosed, leaving organizations that use the software “exposed to serious application security risks for almost two months”.

In recent years, open source software vulnerabilities have been the cause of many major data breaches, such as the Apache Struts exploit (CVE-2017-5638). This exploit allowed attackers to pass specific HTTP request data containing Object‑Graph Navigation Language (OGNL), which allows reading and setting properties within Java as well as method execution. This allowed attackers to perform a remote code execution (RCE) attack and in 2017 led to the breach of over 143 million accounts at Equifax. Given the number of vulnerabilities in the open source landscape, how do you protect your users, your network, and most importantly your data, against these malicious attacks?

#blog #opinion #waf #progressive web app

About Open Source Projects and How to Approach Them

Hey guys! Welcome to my first ever blog post. I have always had a habit to write about different things that I keep learning, but mostly i keep them to myself on my evernote notebooks and what not. Now, I want to try something new and write a neat and proper Blog about anything that i learn from the time i invest in my work. I think that will make me feel a lot more motivated and persistent.

Alright with that out of the way, let’s go over the topic:

In the recent years accessibility has reached new heights. Around 10 years ago not every individual had access to GitHub. Most people worked individually on their personal projects while banging their heads on the table and doing work mostly on their own, unlike now when almost everyone has access to GitHub, but yeah people still bang their heads on the table. Well, you NEED to have a GitHub profile in this day and age of software. So might as well leverage it the best way possible.

Interviewers look at your GitHub profiles as a reference for your experiences with different projects and also your contributions to open source projects can become a good factor.

What are Open Source Projects exactly?

When a project is open source, that means anybody is free to use, study, modify and distribute to our project for any purpose.

When it says anybody, it literally means ANYBODY.

• The open source license guarantees that. And it is a must to have it when we launch an open source project.

#open-source #software-development #github #developer #open-source-software