JP Cedeno

It’s been a while since I last wrote about data APIs. Recently, I have been experimenting with a powerful tool that is revolutionizing the way we think about data. Although not a new discovery by any stretch, graphs, and graph databases have captured recent attention due to newly discovered applications in areas such as recommender systems, link prediction, traffic analysis, and image processing. My moment of personal epiphany with graphs came a few years ago while participating in a very enlightening research project to explore innovative ways to enhance tools that manipulate knowledge graphs using RDF. ...

Version 0.3.1 of GoIntercept is here! Elegant and modular middleware for AWS Lambdas with Golang This release contains the following updates: Interceptors AddHeader and AddSecurityHeaders now add HTTP headers only when a proper API Gateway Response has been previously created Interceptor CreateAPIGatewayProxyResponse now gracefully handles uncaught HTTP errors (a new type HTTPError was added!) and creates a proper API Gateway Proxy Response for them. To trigger this new behavior, it is recommended to generate errors using the new type HTTPError A new interceptor to provide JSON schema validation. ...

A middleware layer allows developers to focus on business logic when designing and implementing Lambda functions. This way, additional functionality like authentication/authorization, input validation, and serialization, can be added in a modular and reusable way. Web frameworks such as Echo, Spiral, Gin, among others, provide middleware functionality to wrap HTTP requests and thus provide additional features without polluting the core logic in the HTTP handler. Similar frameworks exist for the development of AWS Lambda functions. ...

DoS attacks and their distributed versions are among the most disastrous consequences of poor API configuration. The dynamic and elastic nature of cloud services makes this type of attack highly insidious and resource-consuming. Similarly, simple mistakes in execution flow configuration can open numerous attack avenues that can be exploited without major effort. This post continues where the previous one left off. Let’s take a look. Denial-of-Service (DoS) Attacks Serverless architecture’s core features such as automated scalability and high availability present challenges that need to be overcome. ...

In my previous post, we went over the basics of hardening the security of serverless functions. We highlighted the importance of good practices such as input validation, proper authentication, and fine-grained authorization. In this post, we will take a look at an additional set of best practices related to proper monitoring and logging, third-party dependency management, and sensitive information encryption. Common Vulnerabilities And Their Mitigation (continued) The next three items in the 12 Most Critical Risks for Serverless Applications published by the Cloud Security Alliance have to do with vulnerabilities related to lack of proper monitoring, improper dependency management, and poor secret management. ...

Serverless Functions (SFs) changed the API game. Developers can build and deploy an API without any knowledge of infrastructure controls. No checks by a DevOps team, a security team, or other Enterprise IT groups that traditionally could control the launch of new business applications. Absolute, total freedom! Plus, gone are the days in which APIs were limited to HTTP events. Any cloud resource is now a potential API trigger that adds highly beneficial flexibility to design cloud-native applications. ...