The latest articles on DEV Community by Dustin Byrne (@dustinbyrne). https://dev.to/dustinbyrne https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F500281%2F05e27af6-a2a3-4924-b5f6-7d6e2d4e85fb.png https://dev.to/dustinbyrne en Dustin Byrne Wed, 27 Jan 2021 22:41:30 +0000 https://dev.to/appmap/survey-state-of-application-architecture-quality-56dk https://dev.to/appmap/survey-state-of-application-architecture-quality-56dk <p>We, at AppLand, are excited to be conducting a market survey for product and software architecture quality.</p> <p>This 10-minute survey is designed to learn more about both software structural quality and developer efficiency initiatives in software development organizations. “Software structural quality” refers to how well the code meets requirements other than functionality, such as robustness, security, performance and maintainability.</p> <p>Why should you take it? As with surveys of this type, we will be making the results of this survey public and if we hit our goal of 300+ responses, we will be donating $1,000 to the Girls Who Code organization. By taking a few minutes of your time you will have access to the results and help a good cause.</p> <p>You can find the survey here:<br> <a href="https://www.surveymonkey.com/r/archsurveygeneral">https://www.surveymonkey.com/r/archsurveygeneral</a></p> codequality programming Dustin Byrne Tue, 27 Oct 2020 19:45:03 +0000 https://dev.to/dustinbyrne/uncovering-critical-data-access-using-appmaps-3fn3 https://dev.to/dustinbyrne/uncovering-critical-data-access-using-appmaps-3fn3 <p>As part of a recent hackathon project, I pulled together some data insights from <a href="https://appland.org">AppMap data</a>.</p> <p>For those unfamiliar, the AppMap framework is a suite of tools that allows developers to record runtime data from their applications. An AppMap client, essentially an agent, is responsible for capturing this data from a live application. It emits a file containing the recorded execution flow, data snapshots, high level process I/O (think HTTP, SQL queries, etc.) and some application metadata. I figured it would be an interesting experiment to identify different types of data accessed and label their usage.</p> <p>Here's what I came up with in two days: <a href="https://appmap-data-inspector.netlify.app/?url=https%3A%2F%2Fapp.land%2Fapi%2Fscenarios%2Ffbc57147-b947-4423-bd60-ef0d3369726d">The AppMap data inspector</a>. The demo link contains some example data so there's no need to come up with your own.</p> <p>This proof of concept makes some attempt at identifying the following:</p> <ul> <li>Sensitive values such as passwords, auth tokens</li> <li>Encrypted values such as password hashes</li> <li>Unencrypted values which <em>should be</em> encrypted</li> <li>Data persisted within a database</li> <li>Data provided by a user, such as an HTTP request parameter</li> <li>Personally identifiable information: SSNs, emails, IP addresses (this may not count as PII, but I left it in for the proof of concept)</li> <li>Data logged to <code>stdout</code> </li> </ul> <p>A single object can have multiple labels. PII in your application logs? Uh oh! Sensitive data persisting in your database unencrypted? Whoops! References to unencrypted passwords all over the place? Might be a code smell... </p> <p>I see a ton of potential improvements for this project, but I'm inclined to let it live on as a proof of concept for now. </p> <p>If you have some ideas of your own, I'd love to hear them in the comments below!</p> <p>Thanks for reading!</p> rails java security showdev