Showing posts from January, 2022

Locking It Down? Easy Tools to Help You Develop Secure Software

If you're like me, sometimes when you're working on bringing a great idea to life security can be a bit of an afterthought. You have already thought about the big stuff like TLS and implementing the right authentication and authorisation system, but there can still be blind spots - for example, how your application is handling user data flow, or how it's exposing that data to the rest of your application's code. Luckily there are tools that can help you with secure development, and I'll show you some of the big ones out there. 1. SonarQube SonarQube is a hosted automatic static analysis tool that detects bugs, vulnerabilities and code smells in your code. It works great with your existing workflow - for example, when you make a pull request, it can automatically check for code smells in your work and produces a quality report which can appear in the conversation over on GitHub (or whichever version control system you use). You're probably thinking "Wha

We Need To Talk About Technical Debt

And why product owners should also be developer advocates Although I have had a short career in tech so far, the list of technical debt that Ive come across is not. Even though Ive only had a few odd solo jobs and internships before my current role, which is my first permanent one, theres been plenty of technical debt along the way. Generally software businesses follow fairly standard Agile practices - in my current role, we have a mixture of Scrum and Kanban teams - and each of these teams have the usual rituals like standup, planning, refinement and retro. In Agile, product owners are seen as the interface between executives/project sponsors, and the developers. They communicate to the developers the business requirements of a product theyre building to make sure its made as the customer needs, and then the developers can communicate progress and technicalities that might come up along the way, and then they can communicate this to the project sponsors. When developers mention tec