The quicker you spot mistakes, the easier it is to fix them. This is the whole idea of “shift left”. When you are getting a call from your boss or the support team that “it doesn’t work”, you know that this will take a while to even identify where the problem is. Most non-developers have a hard time communicating issues to developers. And we should make sure that they don’t have to bother to learn this skill.

In this article, you’ll learn strategies to catch errors in different development phases. At the very end, I’ll also point out what others…

Bitcoin is based on the UTXO (unspent transaction output) model to ensure that nobody is able to spend money they don’t have and prevent money from being spent twice — so-called double-spending. In this article, you will learn how that works. Let’s go!

The Context

Bitcoin transactions are stored in blocks. Verifying the transactions is a crucial part of the security of Bitcoin. Another element of security is to make it computationally hard to add new blocks by adding a mathematical puzzle. In this article, you will learn how the transactions are actually validated.

If you want a longer introduction to Bitcoin…

Passwords are the keys to the locks that secure our accounts: Your email, bank and investment account, social media, company portals, and many more use password-based authentication. They all ask you to create a secure password and sometimes give you rules like this:

• Minimum of 8 characters
• At least one digit, lower case letter, upper case letter, special character
• No consecutive 3 digits

However, I have seen some non-developers struggle to find a good password. After reading this article, you should be able to come up with secure strong passwords that you can memorize.

Cross-Site Request Forgery (short: CSRF or XSRF) is an attack that makes the victim's browser execute a request to a website where the victim has interesting privileges. It’s sometimes pronounced “sea surf” or called “session riding”. A CSRF attack could make your browser transfer money from your bank to the attacker, buy something for the attacker in an online store, connect in a social network, like a product/Tweet/post, and many other things.

Let’s learn what CSRF is done and how it’s prevented!

Why you should care

Similar to SQL Injections, you can defend perfectly against CSRFs if you know that it is an issue…

Most companies I have seen deploy Docker images in at least one project or service. Docker is great because it makes stuff reproducible by specifying the environment to a big degree. However, you still have to think about security. Let’s have a closer look!

Host Security

All Docker containers run on a host system. The host needs to be secure AND the container needs to be secure.

There are various vulnerability scanning, auditing, and hardening tools for Linux systems:

• Lynis: Executesudo apt-get install lynis && sudo lynis audit system and wait for a couple of minutes and you get a pretty nice…

Encryption is about keeping a secret and being able to restore it. Hashing is about fingerprinting — you don’t need to restore the original, but you need to make sure it is identical. Encoding is about data representation to enable information exchange. Encoding does not involve keeping secrets.

This was my Twitter-length explanation. Let’s dive into details!

Encoding

Encoding is about data representation. For example, for icons on the web, we prefer not to store image files but have them directly on the web page. This prevents the client from creating many HTTP requests for little data.

But then the binary…

Serialization is the act of transforming objects from an internal representation to a stream of characters or bytes. The representation of the serialized object should be platform- and language-independent. Data is serialized and deserialized in applications to store or transport it. In web applications, JSON or XML is often used for data exchange by many APIs and protocols. File formats like PNG/GIF/JPEG/MPEG use XML to store metadata. YAML became extremely popular for configuration files, e.g. in Cloudformation templates or GitlabCI configuration files.

Some file formats allow you to do more than just (de)serializing basic data types. For example, imagine that…

A Merkle Tree is a data structure that is used in Peer-to-Peer Networks. It is a binary tree in which the value of an inner node is the hash of its leaf nodes. The root node of that tree is called “Merkle root” or “root hash”.

So much about the definition. To me, it’s always helpful to know the problem technology solves to really understand it.

BitTorrent

How do you send big amounts of data over a network which randomly introduces errors? When you just send a stream of data, you cannot guarantee the integrity.

The first improvement is to add…