As more organizations embark on the journey of digital transformation, application programming interfaces (APIs) will only continue to grow more important. View in browser »
The New Stack Update

ISSUE 119: APIs and Security

Talk Talk Talk

“If your organization has many repositories of unowned and inconsistently maintained common code, something is wrong. Most likely these ‘commons’ or ‘utility’ repositories don’t meet the quality standards you’ve set for the rest of your engineering organization.”

Five Fixes for a Broken Shared-Asset Strategy” by New Relic’s Daniel Somerfield.
Add It Up
The Node.js User’s Tech Stack. The Node.js Foundation published its third annual user survey based on 1,626 members of the Node community. In the future, we will look at the package managers and languages these developers are using. For now, readers will be interested to see the types of infrastructure that are most often used with Node.js.
It is not surprising that React is by far the most used frontend framework. In second place is jQuery, which is often not considered in the same category as Angular and Vue. It is noteworthy that 40 percent of respondents had used either Angular or Angular2. Since it is The New Stack, we feel obliged to report on the containers and cloud-native chart. Here are a few data points:
  • Among the Node.js community, 45 percent use Docker, but "only" 12 percent use Kubernetes. Digging deeper, only five percent of those Kubernetes users don't use Docker. That compares to 23 percent of the Docker users that also use Kubernetes.
  • Thirty-five percent of Docker using respondents also use a serverless Functions as a Service offering (FaaS) offering. In comparison, 61 percent of the FaaS using group also utilize Docker.
  • Overall, twice as many use containers versus a serverless compute solution (48 percent vs 28 percent). Note that The New Stack analyzed the raw data and counted anyone using a FaaS solution (AWS Lambda, Azure Functions, Google Cloud Functions or Apache OpenWhisk) as a serverless user.
What's Happening

How does Amazon maintain such a spectacularly science fiction-sized hardware and software hosting system? The answer is not only DevOps, it’s also Chef. At ChefConf this past week, we sat down with Jonathan Weiss, senior software development manager, and Mark Rambow, software development manager, both from Amazon’s AWS team. We traced the lines of control and practice inside their company to find just what it is that allows them to not only operate at scale, but to allow everyone else in the world to operate at scale as well.

How AWS Uses Chef In A Post-Container World

APIs and Security

As more organizations embark on the journey of digital transformation, application programming interfaces (APIs) will only continue to grow more important. This is why “Five Things You Need to Know About API Security,” contributed this week by Renata Budko, chief marketing officer at AI security company Wallarm, is such a vital read.

“APIs represent the core set of functionality for modular applications today, and their significance, impact, and sheer volume will only continue to grow in the future,” Budko writes. An API, or Application Programming Interface, is how software talks to other software. APIs are the basis for cloud-native automated infrastructures and workflows. And as such, they are of growing interest to hackers, who see them as the entryways to user data and the application logic.

In the essay, Budko offers some advice on keeping the bad guys away from your APIs. For instance, the security officer may need to rethink authentication. Commonly used methods for authenticating users, such as passwords and biometrics, don’t work for machine-to-machine environments. Instead, the security pro should look to other technologies, such as cryptographic authentication and, more even, blockchain.

Another challenge is the changing patterns of API traffic. Once, most API traffic traveled north-south, meaning it went in and out of the data center. These days, thanks to the rise of microservices, more of the API traffic is moving from service to service, inside the data center (oft called “east-west” traffic). Even though it is internal traffic, however, it still requires security.

“The right API security solution should be able to understand east-west microservices’ protocols’ syntaxes and, thus, to detect injections such as the Open Web Application Security Project (OWASP) Top-10 A1 class injection risks,” Budko writes. “Because microservices change often and are frequently implemented by different teams out-of-sync without corresponding changes to the configuration files, the protection system should be able to understand the syntax on the fly.”

For more tips on API security, be sure to check out the full article — and our other security coverage on The New Stack.

Prisma Aims to Unite the Polyglot of Databases with GraphQL

A new open source project for database backend composition, Prisma, allows businesses to manage a polyglot database environment and access datasets across different systems through a unified GraphQL endpoint.

Flatcar Linux: The CoreOS Operating System Lives on Beyond Red Hat

During the last KubeCon + CloudNativeCon in Copenhagen, attendees were re-introduced to Kinvolk, a Berlin-based group of open source contributors, including Chris Kühl, who were early contributors to the rkt container runtime devised at CoreOS. Now, Kühl and his colleagues have committed to producing and maintaining a fork of CoreOS Container Linux. Called Flatcar Linux, its immediate goal is to maintain its container-agnostic architecture, and maybe later try resuming its own development path.

Get Legit with Git (and GitHub): The Art of the Commit Message

Michelle Gienow continues our series on learning how to use Git, the preferred version control software of open source people worldwide. This time out, she instructs on how to write the perfect commit message.

On The Road
ContainerDays EU 2018 // JUNE 18-20, 2018 // HAMBURG, GERMANY @ HAFENMUSEUM HAMBURG


ContainerDays EU 2018
From June 18-20, the European container community will gather in Hamburg for three days full of container craziness. Just like last year, ContainerDays will be loaded with exciting talks, hands-on workshops, great speakers and lots of opportunities to meet like-minded container enthusiasts. 20% off with code CDS2018_THENEWSTACKRegister Now!
FREE EBOOK: Learn about patterns and deployment use cases for Kubernetes.
The key to successful deployment of Kubernetes lies in picking the right environment based on the available infrastructure, existing investments, the application needs and available talent. Depending on whether Kubernetes is deployed on premises, on a single cloud provider, hybrid cloud or multi-cloud, users will face different technical challenges and will need a different set of tools for deployment. These factors also affect how operations teams approach security with Kubernetes, and it’s critical to understand security in the context of these environments.
Download The Ebook
We are grateful for the support of our ebook foundation sponsor:


And our sponsors for this ebook:

Copyright © 2018 The New Stack, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list