Using Snyk, NSP and Retire.JS to Identify and Fix Vulnerable Dependencies in your Node.js Applications

Introduction

Dependency management isn’t anything new, however, it has become more of an issue in recent times due to the popularity of frameworks and languages, which have large numbers of 3rd party plugins and modules. With Node.js, keeping dependencies secure is an ongoing and time-consuming task because the majority of Node.js projects rely on publicly available modules or libraries to add functionality. Instead of developers writing code, they end up adding a large number of libraries to their applications. The major benefit of this is the speed at which development can take place. However, with great benefits can also come great pitfalls, this is especially true when it comes to security. As a result of these risks, the Open Web Application Security Project (OWASP) currently ranks “Using Components with Known Vulnerabilities” in the top ten most critical web application vulnerabilities in their latest report.

Continue reading “Using Snyk, NSP and Retire.JS to Identify and Fix Vulnerable Dependencies in your Node.js Applications”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Improving User Experience using The Cloud

In part one of this series of blog posts, we discussed the importance of the user experience within the mobile industry, and how your API has a significant role in this. We followed up with part two, which demonstrates how to make API responses smaller and therefore use less network and fewer battery resources for mobile consumers.

Continue reading “Improving User Experience using The Cloud”

Mobile Apps Load Testing

Mobile App development does not stop when you build your app and have a binary ready to be installed on the device. Regardless of how good your code is or how much unit and regression testing you performed, there are elements that need to be tested under different circumstances, for example, data traffic, the number of users, location, and high latency in the mobile network.

Continue reading “Mobile Apps Load Testing”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Release of v3.15 of the Red Hat Mobile Application Platform

Red Hat Mobile Application Platform (RHMAP) lets teams extend their development capabilities to mobile by developing collaboratively, centralizing control of security and using back-end integration with a range of cloud deployments.

We have just completed the deployment of the RHMAP v3.15 to all our actively updated grids.

Please pay particular attention to notes on deprecations and upcoming removals.

Full release notes including a list of known issues, customer-facing bug-fixes and changes are available on the Customer Portal here.

Continue reading “Release of v3.15 of the Red Hat Mobile Application Platform”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Manage your Mongo Databases in RHMAP with Mongo Express

Red Hat Mobile Application Platform (RHMAP) supports an agile approach to developing, integrating, and deploying enterprise mobile applications. Most likely, your mobile apps will include one or more cloud apps which will require persistence support such as a Mongo Database. But managing databases is not always easy, as command line support for this databases is complex and not always available.

To ease this pain, Mongo Express can be used as an database GUI. For the mongo databases in your cloud apps, it is a powerful and intuitive tool which can be used in conjunction or as substitute for the default database browser. The main benefits from using “Mongo Express” instead of “Data Browser” are:

  • Can run complex queries
  • In-depth stats for every view
  • Supports BSON types as TimeStamp() or DBRef()

IMPORTANT: there are some implications when using Mongo Express as a database manager:

  • Mongo Express can only manage the databases in one Cloud App and environment at a time
  • There is no authentication by default when using Mongo Express as explained in this article so take into account all the security issues that this may arise [1]
  • Users running the platform on the RHMAP should upgrade their databases if it was not upgraded before

[1] Check the Annex ‘how to add authentication’ to overcome this issue

Continue reading “Manage your Mongo Databases in RHMAP with Mongo Express”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

What is mobile security? What is the mobile security ecosystem?

I was recently introduced to a published draft by the National Institute of Standards and Technology (NIST) from the U.S. Department of Commerce which talks about assessing the threats to mobile devices & infrastructure. The document discusses the Mobile Threat Catalogue which describes, identifies and structures the threats posed to mobile information systems.   This blog summarizes the 50-page document with added context and commentary based on my experience in the mobile industry helping organizations building mobile apps.

Continue reading What is mobile security? What is the mobile security ecosystem?

A step-by-step tutorial for continuous integration with Jenkins for a Red Hat Mobile Native iOS application

This post was originally published on redhat.com.

Part 1: Adding Unit Tests to Native iOS Red Hat Mobile Application Platform Application

A robust and agile mobile application development environment requires continuous integration and delivery. It also requires an integrated and automated unit testing process that helps bring applications to market successfully. This two-part series details my work done at the Red Hat Open Innovation Labs and as a Mobile Technical Account Manager to capture these mobile innovations in a useful, repeatable way. In part one of this two-part series, I break down the steps to create and unit test a native iOS application using Red Hat Mobile Application Platform. In part two, I’ll show how Jenkins can be used to automate continuous integration and unit testing of that Mobile app. If you would like to try out our Red Hat Mobile Application Platform product please visit our Red Hat Mobile Application Platform site.

Continue reading “A step-by-step tutorial for continuous integration with Jenkins for a Red Hat Mobile Native iOS application”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Improving user experience for mobile APIs using the cloud

For your end users, one of the most important aspects of your API is the perceived response time — if your mobile application takes an excessive amount of time to load data, users will get frustrated.  

In this series of blog posts, we’ll cover three ways to approach building a RESTful API that leads to better user experience by minimizing perceived response time. These strategies include: processing requests quickly, reducing payload sizes, and eliminating requests entirely, or only downloading data that has changed. And, we’ll show you how to do each by providing sample node.js code that can be deployed ‘as is’ on Red Hat Mobile Application Platform to build a better mobile API.  

But, before getting into each strategy, why are these important? The user interface (UI) and user experience (UX) are extremely important to the success of mobile applications.

Continue reading “Improving user experience for mobile APIs using the cloud”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Release of v3.14 of the Red Hat Mobile Application Platform

We have just begun the deployment of the Red Hat Mobile Application Platform v3.14 to all our actively updated grids. This will be complete by Oct 21st.

Please pay particular attention to the notes below on Node.js 0.10.x, Cordova Light and CocoaPods 1.x.

Continue reading “Release of v3.14 of the Red Hat Mobile Application Platform”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!