APIs are increasingly becoming a primary attack vector in modern applications. According to Gartner, by 2025, more than 50% of data theft incidents will involve insecure APIs. In fact, a report highlighted a 400% surge in API attacks over the past year alone. For Python developers – whether you’re building REST APIs with Flask or FastAPI, or integrating with third-party endpoints – security testing is no longer optional.While functional testing ensures your API behaves as expected, it does not cover vulnerabilities like broken object-level authorization, insecure tokens, or excessive data exposure. This guide provides Python developers with practical, hands-on techniques…
Author: drweb
Linux configuration files are often plain text, which makes them easily editable using command-line tools. Among the most powerful of these are sed and awk. While beginners may rely on manual editing with vi or nano, experienced system administrators frequently turn to these tools for automated parsing and rewriting of configuration files. These tools allow you to match patterns, extract fields, and even make real-time changes to configuration files all from the command line or scripts. In this article, we will explore how to use sed and awk to read, parse, and rewrite config files effectively. We’ll walk through practical…
Cognition AI late Monday emerged as the likely owner of Windsurf, the hotly contested artificial intelligence (AI) coding startup that drew months-long interest from OpenAI before striking a licensing deal with Alphabet Inc.’s Google.Cognition said it has reached a definitive agreement to acquire Windsurf for an undisclosed sum, capping a whirlwind, stormy few days in which Windsurf was the prize in a corporate tug of war that saw its CEO, Varun Mohan, and others defect to Google as part of a $2.4 billion accord, and left OpenAI empty handed after it offered $3 billion to acquire Windsurf. Cognition said it…
As the ubiquitous rise of agentic AI services continues to surge, spread and scale, the need to provide teams with ancillary extensions and connections to Model Context Protocol (MCP) appears to now be equally obligatory. An equal consideration for both developer and operations counterparts inside modern DevOps team environments, the need to build, test, lock-down and subsequently manage, monitor and optimize application connections to agentic AI services is of paramount importance.Developed by Anthropic, MCP provides AI services with a way to access and interpret the appropriate context for any given system interaction. It does this by connecting AI models and…
At Docker, we always believe in the power of community and collaboration. It reminds me of what Robert Axelrod said in The Evolution of Cooperation: “The key to doing well lies not in overcoming others, but in eliciting their cooperation.” And what better place for Docker Model Runner to foster this cooperation than at Hugging Face, the well-known gathering place for the AI, ML, and data science community. We’re excited to share that developers can use Docker Model Runner as the local inference engine for running models and filtering for Model Runner supported models on Hugging Face! Of course, Docker…
By default, SSH already uses secure data communication between remote machines, but if you want to add an extra security layer to your SSH connections, you can add a Google Authenticator (two-factor authentication) module that allows you to enter a random one-time password (TOTP) verification code while connecting to SSH servers. You’ll have to enter the verification code from your smartphone or PC when you connect. The Google Authenticator is an open-source module that includes implementations of one-time passcodes (TOTP) verification tokens developed by Google. It supports several mobile platforms, as well as PAM (Pluggable Authentication Module). These one-time passcodes…
Text-based user interfaces (TUIs) have gained significant popularity in recent years. Even Rust has its own library called Ratatui after all. Python has several different TUI packages to choose from. One of those packages is called Asciimatics. While Asciimatics is not as full-featured and slick as Textual is, you can do quite a bit with Asciimatics. In fact, there is a special kind of charm to the old-school flavor of the TUIs that you can create using Asciimatics. In this tutorial, you will learn the basics of Asciimatics: Installation Creating a Hello World application Creating a form The purpose of…
Sudoers is the default sudo security policy plugin in Linux; however, experienced system administrators can specify a custom security policy as well as input and output logging plugins. It is driven by the /etc/sudoers file or, alternatively by LDAP. You can define sudoers options like the insults option or several others in the file /etc/sudoers. It is set under the Defaults entries section. Read through our last article, which explains 10 Useful Sudoers Configurations for Setting ‘sudo’ in Linux. In this article, we will explain a sudoers configuration parameter to enable an individual or system administrator to set sudo command…
Full-stack observability platform company Coralogix has detailed the launch of its new Model Context Protocol Server technology. The product is designed to allow third-party AI agents to connect directly to Coralogix’s observability data services to provide a deeper view into the new fabric of agentic AI connections.Breaking down the observability viewfinder on offer here, Coralogix’s perspective purview covers logs, metrics and traces and extends to formalized security information and event management (SIEM) controls.Newly Barrelled RUMAdditionally, the company has a wide-angle view on real user monitoring (pleasingly shortened to RUM), which we can define as performance monitoring focused on actual user…
Perforce Software today added an artificial intelligence (AI) agent that autonomously adapts tests it has created as changes are made to mobile computing applications.Don Jackson, technical evangelist for Perforce, said via a natural language interface it’s now possible for DevOps teams to leverage an AI model that Perforce developed to generate tests using a Perfecto AI test automation platform that already eliminates the need to create test scripts.Based on a proprietary AI model developed by Perforce Software, that approach enables the AI agent to autonomously make adjustments in real time as changes to the user interface (UI) or user flows…