An introduction to caching principles

Audience

This article is aimed at developers with a reasonable understanding of how the internet functions, contemporary application architectures and AWS.

It will cover what caching is in a more general sense, the motivation behind using it, and then deep dive into specific implementations.

Argument

A cache stores previously used or computed data in a high-speed data store to make it more rapidly available than in the main storage layer. Generally we would use hardware such as RAM.

For example, we may have a preferred takeaway saved as a favourite on a delivery app. Rather than search…

What can Spring do to help me secure my application?

Audience

This article is aimed at developers with a solid understanding of the basics of Spring and web security. It marries up the two concepts, concluding with a worked example of using Spring Security with Spring Boot.

Argument

Spring Security is centred round two core concepts:

1. Authentication: Verifying you are who you say you are.
2. Authorisation: Once we know who you are, what are you allowed to do?

Authentication

Authentication is handled by the AuthenticationManager interface:

public interface AuthenticationManager {  Authentication authenticate(Authentication authentication)
    throws AuthenticationException;
}

This can be implemented differently depending on…

Give me a quick overview of identifying client browsers please!

In this article we will be referring exclusively to HTTP cookies, and so all references to ‘cookie’ will be within this context.

Audience

This article is aimed at developers with a minimal understanding of HTTP. It looks to clarify some basic questions surrounding cookies, sessions and JWT, finishing with a worked example using Express.js.

Argument

Within this article we will explore the definition of a cookie, what they contain and how they are related to sessions and JWT tokens. We will then work through these concepts using an example.

What is a cookie?

Cookies are simply…

What is CQRS, and why and how do we use it?

Audience

This article is aimed towards anyone with a basic understanding of application architectures. It requires some knowledge of how applications and data stores fit together, as well as a superficial knowledge of AWS.

It looks to address the following points:

• What is Command Query Responsibility Segregation (CQRS)?
• When and why do we use it?
• What is Event Sourcing, and why is it commonly used with CQRS?
• How might these ideas be implemented in an AWS environment?

All of these points will be covered in the context of adding a…

As an engineer, how can I practice my secure coding?

Audience

This article is aimed at developers who would like to improve their security skills. It assumes a basic knowledge of at least one programming language and a reasonable understanding of web applications.

Security is an important area of expertise for a developer. However, it is often difficult to know where to begin your learning. In this article we aim to cover a number of tools which can be used to start your journey.

Argument

We will cover two main resources for learning about security:

• Secure Code Warrior
• OWASP Juice Shop

We…

So, what have I missed?

Audience

This article is aimed at developers with a basic understanding of Java but who are looking to brush up on the changes from version 8 onwards. It isn’t intended as an in-depth guide, but more as a summary to remind you of the more exciting new features.

Argument

We will start with the changes to the Java release cycle, then move on to the key additions to each new version.

Changes to the Java release cycle

Previously Java would leave years between versions, finessing all of the features it hoped to introduce before doing a big bang release. Since Java 8, this…

I understand certificates, or at least I think I do…

Audience and Aim

This article is for developers who are currently using certificates and want to concrete their practical knowledge. We won’t dive deeply into details, but will give a pragmatic overview of the different areas required for their understanding.

Please note, this article does assume you have a basic understanding of public and private key infrastructure!

We aim to answer the below questions:

• What is a certificate for?
• How do I get a certificate?
• What is a certificate authority?
• What is in a certificate?
• How do I use a certificate?
• How does…

I’m a developer, I deploy to a VPC, but what’s going on in there…

Audience and Aim

This article is aimed at developers using AWS looking to understand how VPCs work. In many companies the complex infrastructure provisioning is separated from the development process. You may be deploying into a VPC, but not really know where your code is going.

Here we will explain at a very high level how a VPC functions. We will assume a small amount of networking knowledge, but the idea is to make the explanation as clear and practical as possible.

Argument