{"componentChunkName":"component---src-templates-blog-list-template-js","path":"/101","result":{"data":{"allMarkdownRemark":{"edges":[{"node":{"excerpt":"Whenever we talk about asynchronous programming in JavaScript, there is sometimes confusion in how it can be asynchronous if it is single…","fields":{"slug":"/engineering/concurrency-vs-parallelism/"},"html":"

Whenever we talk about asynchronous programming in JavaScript, there is sometimes confusion in how it can be asynchronous if it is single-threaded. To answer this correctly, I think it's a good thing first to understand the difference between concurrency and parallelism, two terms that are commonly brought up with multithreading.

\n

Concurrency

\n

Concurrency describes independent parts of a program to run in an arbitrary order without affecting the outcome. A concurrent application can execute multiple tasks over an overlapping period. This means that while we can start new tasks before the previous one is complete, we cannot perform work on each task simultaneously.

\n

\"concurrent-diagram\"

\n

You can think of a concurrent execution model as a single chef preparing a meal. Any chef worth their salt can work on multiple dishes (or various parts of a dish) at once. They might chop the vegetables for their stir-fry while the rice is steamed in the rice cooker or leave the vegetables to fry in the pan while cleaning up their workspace. In this scenario, the chef can perform multiple tasks at once; however, at any given time, he is only able to work on a particular unit of work at a given time.

\n

You might point out that the chef can perform other actions in this example scenario while something like the rice is steaming, which is technically work still being done. However, the concurrency in this scenario only applies to the chef's context, who is not actively working on the rice as it is being steamed.

\n

Similarly, the JavaScript Event Loop allows your scripts (the chef) to hand off tasks like HTTP requests and timeouts to the browser Web API (rice cooker), allowing the script to execute other code portions while waiting for a response. Once the Web API task is complete, it is pushed back into the Event Loop call stack. While the Web API acts as a separate thread where it can complete certain tasks outside the main thread's scope, your actual JavaScript code is still executed on a single thread concurrently.

\n

Parallelism

\n

Parallelism describes the ability for independent parts of a program to be physically executed at the same time. A parallel application can distribute its tasks to independent processors (such as different cores or threads of a CPU) to be executed simultaneously.

\n

\"parallel-diagram\"

\n

You can think of a parallel execution model as multiple chefs individually each preparing a meal. These individual chefs may be preparing their dishes in a concurrent manner (like the above) or a sequential one; either way, the result is that rather than producing a single meal, the kitchen has prepared multiple meals over a unit of time.

\n

Modern browsers allow you to program parallelly by using Web Workers. These spawn separate threads to execute JavaScript independently from the main thread.

\n

Concurrency or Parallelism which one is better?

\n

So we've established that multiple chefs can get a kitchen to produce multiple dishes in the same amount of time as a single dish from a kitchen with a single chef. Modern hardware almost always has multiple threads, so why isn't all code run in parallel? If it takes one chef 10 minutes to prepare one stir-fry and five chefs 10 minutes to prepare five stir-fries, can five chefs produce one stir-fry in 2 minutes? This is where parallel computation can get difficult.

\n

Tasks can speed up by distributing the workload onto multiple threads. However, this requires splitting up the workload in a way that can work independently and effectively. Think of how five chefs would prepare a single stir fry together:

\n\n

Similarly, on the computing side, parallel programming solutions are generally harder to implement and debug. Depending on the task, they can sometimes even perform worse than serially run counterparts due to the various costs of overhead (transferring data between threads, creating and destroying threads, synchronization of work, etc.).

\n

Conclusion

\n

To conclude this post, neither are inherently superior to the other. Both execution models are useful tools for producing efficient and reliable solutions and are used together in many cases. I hope this helps to clear up the differences between the two, or if not, at least provided a mildly entertaining analogy to illustrate each.

\n","frontmatter":{"date":"February 19, 2021","updated_date":null,"description":"Concurrence and parallelism in relation to multithreaded applications are two concepts sometimes used. The distinction between concurrency and parallelism is clarified in this tutorial.","title":"Concurrency vs Parallelism: What's the Difference?","tags":["Concurrency","Parallelism","Multithreading","JavaScript"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/c1592330a691b94decfefeb2601f55b9/58556/unsplash.webp","srcSet":"/static/c1592330a691b94decfefeb2601f55b9/61e93/unsplash.webp 200w,\n/static/c1592330a691b94decfefeb2601f55b9/1f5c5/unsplash.webp 400w,\n/static/c1592330a691b94decfefeb2601f55b9/58556/unsplash.webp 800w,\n/static/c1592330a691b94decfefeb2601f55b9/99238/unsplash.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Nick Chim","github":"nickc95","avatar":null}}}},{"node":{"excerpt":"Today, data breaches have become a significant threat to businesses across the globe. Therefore, considering the long list of resultant…","fields":{"slug":"/identity/best-practices-business-resilience/"},"html":"

Today, data breaches have become a significant threat to businesses across the globe. Therefore, considering the long list of resultant consequences to be faced as an aftermath, it is crucial for companies to come out the other side of a breach intact.

\n

The Annual Cybercrime Report 2019 by Cybersecurity Ventures says that these data breaches can cost global businesses around $6 trillion in 2021!

\n

According to experts, implementing business resilience best practices can help companies overcome issues that come with a data breach.

\n

So, what is business resiliency? Why is it important for companies? How to implement business resiliency practices during a data breach?

\n

Read on!

\n

What are the Business Impacts of a Data Breach

\n

During a data breach, companies’ confidential data are accessed by attackers without permission. It is not only about sensitive information going out to the wrong hands. These cyber attackers can also hack your database and conduct malicious activities, costing you both money and reputation.

\n

As per Cost of a Data Breach Report 2020 by IBM, the global average total cost of a data breach in 2020 was $3.86M. If this situation continues, by 2021, a business is expected to fall victim to a ransomware attack every 11 seconds.

\n

Now let’s consider some of the negative impacts of data breaches that make companies susceptible to financial and credibility loss.

\n\n

That’s why today, businesses are more focused on building a better security culture. According to Gartner forecasts, global spending on cybersecurity is expected to reach $133.7 billion by 2022.

\n

But, how effectively companies can deal with data breaches, especially in a hyper-connected world?

\n

To handle a data breach incident and the resulting loss of revenue and trust, every company should have an incident response plan with effective threat modeling. That’s where the idea of business reliance comes into the picture.

\n

What is Business Resiliency

\n

Business resilience can be defined as a business’ ability to quickly adapt and respond to impending risks or disruptions. More like a combination of crisis management and business continuity strategies post-disaster.

\n

Why is Business Resiliency Important for an Organization

\n

Business resilience has become an essential part of the business. Why? Because it saves businesses with its potential for higher recovery.

\n

Consider the unforeseen disasters, shifting market demands, and changing regulatory terms in today’s business world. In addition to these, there will be IT disruptions, sudden competitive movements, security threats like data breaches, etc. too. In order to survive all these unpredictable disruptions, businesses should achieve resilience at all means.

\n

For example, take a look at how businesses worldwide were affected by the COVID-19 pandemic. Only those organizations with agile business resilience planning were able to adapt and survive the COVID-19 challenges successfully. By adapting quickly to shifting business priorities, they are ready for the ‘new normal’ in the business battlefield.

\n

On the other side, business resilience best practices will assure that all your business activities comply with the latest industry standards and regulations. This will, in turn, improve your reliability, brand value, and reputation, especially in front of your stakeholders and customers. The resilience plans will also act as a blueprint of all your operations, giving you a head start.

\n

This can even cultivate a resilient organizational culture. It makes the whole business, including employees, quickly adapt to unforeseen challenges whenever the business operations or processes go awry. Or under threat like a data breach.

\n

\"protecting-pii-against-data-breaches\"

\n

5 Best Practices of Implementing Business Resiliency during a Data Breach

\n

So, to overcome the after-effects of a data breach in your business, it is important to implement a business resiliency.

\n

How? We are going to see the best practices of implementing business resilience under a data breach occurrence:

\n

1. Design a strong business resilience plan

\n

Develop a reliable, self-healing, resilience easy to manage architecture. It should be designed in such a way that the business can access all its components during a data breach.

\n

A native high-availability clustering is needed. Because no matter how well you have come up with a crisis management and continuity plan, it will be of no use if it’s not available on demand.

\n

So, it should be able to deploy quickly, with high scalability and flexibility.

\n

2. Virtual Desktop Infrastructure (VDI)

\n

Business resilience usually includes detailed planning and solutions to be implemented whenever an unexpected situation occurs, like a data breach. For this, companies use data centers, backups, and server virtualization. An example of this is the VDI.

\n

VDI makes sure that all the data is stored and accessed in the data center, not on the user’s device. This will eliminate the chances of data being leaked in case the device is stolen.

\n

3. Ransomware protection

\n

According to Purplesec 85% of security service providers, ransomware is one of the most common threats for small businesses.

\n

So, for ransomware protection and recovery as a part of business resilience during a data breach, you can make use of the following practices:

\n\n

4. Personnel, training, and expertise

\n

In the event of a data breach, the employees must have the required expertise for successfully executing the business resilience plans on time.

\n

To achieve this, there is a need for cross-training sections to be conducted. Some companies often choose to outsource all their IT operations to third-party service providers or consultants.

\n

But it is also important to have a good plan for survival, in case experts and trained personnel too are affected by the data breach disaster.

\n

5. Creating a Disaster Recovery (DR) plan

\n

During data breaches, businesses should come up with a plan to put the affected critical business systems back online as quickly as possible. This is important to avoid further damages.

\n

One of the best practices is to launch a secondary site as a stand-in for the primary data center.

\n

This Disaster Recovery (DR) site should have the following attributes:

\n\n

When a DR site is launched, the networking connectivity must be restored with the aid of IP address redirects or gateways. This way, the users can reconnect without changing their default settings. And it will be easier in the future to redirect them back to the primary data center when it is recovered.

\n

Conclusion

\n

A standard business resilience plan in the need of the hour. A recent study shows that the number of data breaches in 2020 almost doubled compared to that in 2019. The average total cost of data breaches in 2020 was $3.86 million. And it is expected to increase in the coming future too.

\n

So, it is important to implement fail-proof business resilience practices in your business to survive unexpected data breaches.

\n

\"LoginRadius

\n","frontmatter":{"date":"February 18, 2021","updated_date":null,"description":"Business resilience can be defined as a business’ ability to quickly adapt and respond to impending risks or disruptions. More like a combination of crisis management and business continuity strategies post-disaster.","title":"5 Best Practices of Implementing Business Resilience during a Data Breach","tags":["data security","resiliency","cx"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.6666666666666667,"src":"/static/6de8a6789dd41cd47df325d36d36fe65/58556/business-resilience.webp","srcSet":"/static/6de8a6789dd41cd47df325d36d36fe65/61e93/business-resilience.webp 200w,\n/static/6de8a6789dd41cd47df325d36d36fe65/1f5c5/business-resilience.webp 400w,\n/static/6de8a6789dd41cd47df325d36d36fe65/58556/business-resilience.webp 800w,\n/static/6de8a6789dd41cd47df325d36d36fe65/cc834/business-resilience.webp 1024w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.webp"}}}},{"node":{"excerpt":"Git is an important part of daily programming and is commonly used in the software industry. Since you can use a lot of different commands…","fields":{"slug":"/engineering/git-commands/"},"html":"

Git is an important part of daily programming and is commonly used in the software industry. Since you can use a lot of different commands, mastering Git needs time. But some commands are more commonly used. So I'm going to share the most useful Git commands in this post that every developer should know.

\n

But first you need to know the fundamentals of Git to understand this article.

\n

Useful Git Commands List

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
CommandDescription
git initInitialize a local Git repository
git clone repo_urlClone public repository
git clone ssh://git@github.com/[username]/[repository-name].gitClone private repository
git statusCheck status
git add [file-name]Add a file to the staging area
git add -AAdd all new and changed files to the staging area
git commit -m \"[commit message]\"Commit changes
git rm -r [file-name.txt]Remove a file (or folder)
git branchList of branches (the asterisk denotes the current branch)
git branch -aList all branches (local and remote)
git branch [branch name]Create a new branch
git branch -d [branch name]Delete a branch
git branch -D [branch name]Delete a branch forcefully
git push origin --delete [branch name]Delete a remote branch
git checkout -b [branch name]Create a new branch and switch to it
git checkout -b [branch name] origin/[branch name]Clone a remote branch and switch to it
git branch -m [old branch name] [new branch name]Rename a local branch
git checkout [branch name]Switch to a branch
git checkout -Switch to the branch last checked out
git checkout -- [file-name.txt]Discard changes to a file
git merge [branch name]Merge a branch into the active branch
git merge [source branch] [target branch]Merge a branch into a target branch
git stashStash changes in a dirty working directory
git stash clearRemove all stashed entries
git push origin [branch name]Push a branch to your remote repository
git push -u origin [branch name]Push changes to remote repository (and remember the branch)
git pushPush changes to remote repository (remembered branch)
git push origin --delete [branch name]Delete a remote branch
git pullUpdate local repository to the newest commit
git pull origin [branch name]Pull changes from remote repository
git remote add origin ssh://git@github.com/[username]/[repository-name].gitAdd a remote repository
git remote set-url origin ssh://git@github.com/[username]/[repository-name].gitSet a repository's origin branch to SSH
git logView changes
git log --summaryView changes (detailed)
git log --onelineView changes (briefly)
git diff [source branch] [target branch]Preview changes before merging
git revert commitidRevert commit changes
git config --global user.name \"your_username\"Set globally Username
git config --global user.email \"your_email_address@example.com\"Set globally Email id
git config --global --listGet global config
\n

So these are the most helpful git commands I find in my everyday programming. There are several more things to learn about Git, I will explain them in a separate post.

\n","frontmatter":{"date":"February 17, 2021","updated_date":null,"description":"In this article, I will talk about the Git Commands that you will be using often when you are working with Git.","title":"35+ Git Commands List Every Programmer Should Know","tags":["GIT"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/809159647d5b83fd76f6bc5ef35bab91/58556/git.webp","srcSet":"/static/809159647d5b83fd76f6bc5ef35bab91/61e93/git.webp 200w,\n/static/809159647d5b83fd76f6bc5ef35bab91/1f5c5/git.webp 400w,\n/static/809159647d5b83fd76f6bc5ef35bab91/58556/git.webp 800w,\n/static/809159647d5b83fd76f6bc5ef35bab91/99238/git.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Abhimanyu Singh Rathore","github":"abhir9","avatar":null}}}},{"node":{"excerpt":"Introduction No matter what online platforms or applications you use, you are never fully protected against cyberattacks. Statistics provide…","fields":{"slug":"/identity/what-is-broken-authentication/"},"html":"

Introduction

\n

No matter what online platforms or applications you use, you are never fully protected against cyberattacks.

\n

Statistics provide testimony to this fact as the number of data breaches rose by 37% in 2020 compared to 2019, and the trend is only increasing.

\n

The first step to protect your organization against such attacks is to have a comprehensive understanding of the issue.

\n

Let us begin by figuring out what is broken authentication.

\n

Very simply put, when the hacker gains access into the system admin's account by using the online platform's vulnerabilities, particularly in two areas: credential management and session management, it's referred to as broken authentication.

\n

Authentication protects a consumer's identity by allowing only a verified user to enter into the system. But there are numerous ways through which the hacker impersonates the consumer and enters inside the system.

\n

The weaknesses inherent in the system, as mentioned above, can be divided into two different groups, namely poor credential management and poor session management.

\n

What is Broken Authentication and Session Management?

\n

Broken Authentication and Session Management is a security vulnerability that occurs when the authentication and session management mechanisms of a web application are flawed or improperly implemented.

\n

Authentication refers to the process of verifying the identity of users, typically through usernames and passwords, while session management involves maintaining and controlling the user's session after authentication.

\n

When these mechanisms are compromised or misconfigured, attackers can exploit the vulnerabilities to gain unauthorized access to user accounts, impersonate other users, or hijack sessions. This can lead to severe security breaches and expose sensitive user information.

\n

What are the Risks of Broken Authentication?

\n

The risks associated with broken authentication are profound and can have detrimental effects on individuals and organizations:

\n

Unauthorized Access to Sensitive Information

\n

When attackers exploit broken authentication vulnerabilities, they can gain access to sensitive data such as personal information, financial details, or intellectual property. This unauthorized access can lead to data breaches and privacy violations.

\n

Manipulation or Deletion of User Data

\n

Once inside the system, attackers can manipulate or delete user data, causing disruptions to services, loss of important information, and potential legal ramifications.

\n

Impersonation of Legitimate Users

\n

By hijacking user sessions or impersonating legitimate users, attackers can carry out fraudulent activities on behalf of the compromised accounts. This could include fraudulent transactions, spreading misinformation, or performing actions that tarnish the reputation of the affected individuals or organizations.

\n

Escalation of Privileges

\n

If the compromised account belongs to an administrator or privileged user, attackers can escalate their privileges within the application. This can lead to complete system compromise and greater control over critical functions.

\n\n

The aftermath of a broken authentication attack can result in financial losses for businesses, especially if customer trust is compromised. Moreover, organizations may face legal consequences for failing to protect user data adequately.

\n

How to Prevent Broken Authentication?

\n

Preventing broken authentication requires a multifaceted approach that addresses vulnerabilities at various stages of the authentication and session management processes. Here are some effective strategies:

\n

1. Implement Multi-Factor Authentication (MFA)

\n\n

2. Enforce Strong Password Policies

\n\n

3. Limit Failed Login Attempts

\n\n

4. Secure Session Management

\n\n

5. Secure Credential Management

\n\n

6. Regular Security Audits and Updates

\n\n

What are Some Examples of Broken Authentication Vulnerability?

\n

There are several examples of broken authentication vulnerability that highlight the potential risks. One common example is weak or easily guessable passwords, such as \"123456\" or \"password,\" which can be exploited by attackers.

\n

Another example is the lack of proper session expiration, where user sessions remain active even after a user logs out, allowing an attacker to reuse the session and gain unauthorized access.

\n

Additionally, if an application does not implement measures to prevent brute-force attacks, attackers can repeatedly guess usernames and passwords until they find a valid combination. Inadequate protection against account lockouts, session hijacking, or session fixation are also examples of broken authentication vulnerabilities.

\n

What Scenarios Can Cause Broken Authentication?

\n

As mentioned earlier, the primary reasons for broken authentication. Let’s understand them one by one.

\n

1. Poor credential management

\n

Consumer credentials can be hijacked to gain access to the system. There are various ways that the hacker can steal critical information, such as the following:

\n\n

2. Poor session management

\n

Let’s assume you like playing online games. You log in to the application and make several interactions with the network.

\n

The application issues a session ID whenever you log in and records all your interactions. It is through this ID that the application communicates with you and responds to all your requests.

\n

The OWASP broken authentication recommendations state that this session ID is equivalent to your original login credentials. If hackers steal your session ID, they can sign in by impersonating your identity. This is known as session hijacking.

\n

The following points list the scenarios that can cause broken authentication.

\n\n

What is the Impact of Broken Authentication and Session Management?

\n

If a hacker successfully logs in by stealing your credentials using any of the above mentioned broken authentication techniques, they can misuse your privileges and impact your company's sustainability.

\n

Cybercriminals can have various intentions of hijacking your web application, such as:

\n\n

In short, hackers can use broken authentication attacks and session hijacking to gain access to the system by forging session data, such as cookies, and stealing login credentials.

\n

Thus, it would be best if you never compromised with your web applications' security.

\n

A Few Examples of Broken Authentication

\n

Here are a few examples of broken authentication.

\n

Example 1: Credential Stuffing

\n

Suppose you run a departmental store and sell groceries. To grow your business rapidly, you implement a CRM system that stores critical customer data, such as name, phone number, username, and password.

\n

Hackers make their way inside the CRM system and steal all the data. They then use the same credentials — usernames and passwords — to hack into the central bank's database.

\n

In this case, hackers are trying to successfully log in to the central bank's database by hoping that a handful of consumers must be using the same credentials at both places. Such kinds of broken authentication attacks are called credential stuffing.

\n

Example 2: Application session timeouts aren't set properly.

\n

Suppose you go to a cyber cafe and login your Gmail account. After sending the email, you close the browser tab and return home.

\n

Sometime later, the hacker opens your Gmail account and gains access to your crucial information. It happens because your credentials — username and password — haven't been invalidated adequately during logout.

\n

Thus, if the application session timeouts aren't set properly, hackers can execute a broken authentication attack.

\n

\"buyer-guide-to-multi-factor-authentication-ebook\"

\n

Example 3: Passwords are not properly hashed and salted.

\n

Look at the names and their hashes in the following table:

\n\n \n \n \n \n \n \n \n \n \n \n \n \n
Alice\n 4420d1918bbcf7686defdf9560bb5087d20076de5f77b7cb4c3b40bf46ec428b\n
Bob\n 4420d1918bbcf7686defdf9560bb5087d20076de5f77b7cb4c3b40bf46ec428b\n
Mike\n 77b177de23f81d37b5b4495046b227befa4546db63cfe6fe541fc4c3cd216eb9\n
\n

The hash function stores passwords in the form of a hash instead of plain text, which humans can easily read. But if two different users enter the same password, then their hashes will be exactly the same.

\n

Hackers can perform a dictionary attack and if they crack one password, they can use the same password for gaining access to other accounts that use the same hash.

\n

To prevent this from happening, you must salt the passwords. A salt is a random value that is either appended or prepended to the password and makes it unique. So even if two different users use the same password, their hashes will not be the same.

\n

How to Prevent Broken Authentication?

\n

The following are the ways of preventing broken authentication attacks:

\n
    \n
  1. Implement multi-factor authentication (MFA) to verify the consumer's identity. Examples include One-Time Password (OTP) messaged or emailed to the user. This step will prevent brute force attacks, credential stuffing, and stolen credential reuse attacks.
    2. \n
  2. Use weak-password checks by forcing users to include a mix of small letters, capital letters, alphanumeric symbols, and special characters while creating passwords. It would be best to follow NIST 800-63 B's guidelines in section 5.1.1 for memorized secrets.
    3. \n
  3. Place a limit on failed login attempts to 3 or a maximum of 5. Alert the system admin if you detect an attack — brute force, credential stuffing, or any other attack.
    4. \n
  4. Ensure that credential recovery, registration, and API pathways are not vulnerable to account enumeration attacks by using the same message for each outcome.
    5. \n
  5. Generating new random session IDs with high entropy after login protects against hackers. Remember, those session IDs should not be present in the URL and invalidated after logout.
    6. \n
\n

Impact of Broken Authentication

\n

The impact of broken authentication can be severe and far-reaching. When attackers successfully exploit these vulnerabilities, they can gain unauthorized access to user accounts, leading to various consequences.

\n

This may include unauthorized access to sensitive information, such as personal data, financial details, or intellectual property. Attackers can also manipulate or delete user data, impersonate legitimate users, perform fraudulent transactions, or even escalate their privileges within the application.

\n

Furthermore, if the compromised account belongs to an administrator or privileged user, the impact can be even more significant, potentially compromising the entire system or network. Broken authentication vulnerabilities can tarnish an organization's reputation, result in financial losses, and expose users to identity theft and other cybercrimes.

\n

How LoginRadius Protects Against Broken Authentication?

\n

LoginRadius has been at the forefront of offering a multilevel security web app environment. Here is how LoginRadius applications protect against broken authentication:

\n\n

Conclusion

\n

Apart from the steps mentioned in this article, it's essential to train and educate your employees about broken authentication attacks. It would be best if you also employed top-notch cybersecurity measures to protect your company's database from session hijacking, credential stuffing, and other broken authentication attacks.

\n

FAQs

\n

1. What are the solutions for broken authentication?

\n

Solutions include implementing Multi-Factor Authentication (MFA), enforcing strong password policies, limiting failed login attempts, securing session management, and regular security audits.

\n

2. What is broken access authentication?

\n

Broken access authentication refers to vulnerabilities in the authentication process that allow unauthorized access to user accounts, often due to flawed or improperly implemented authentication mechanisms.

\n

3. What can prevent authentication failures?

\n

Preventative measures include MFA implementation, enforcing strong password policies, limiting failed login attempts, securing session management, and using secure hashing algorithms.

\n

4. What is a broken authentication guessable password?

\n

It refers to weak or easily guessed passwords like \"123456\" or \"password,\" which are vulnerable to exploitation by attackers, leading to compromised accounts.

\n

5. What are the risks of broken authentication?

\n

Risks include unauthorized access to sensitive data, manipulation or deletion of user data, impersonation of legitimate users, escalation of privileges, financial losses, and legal consequences.

\n

6. What are the effects of broken authentication attacks?

\n

Effects include data breaches, privacy violations, fraudulent activities on compromised accounts, tarnished reputation for individuals or organizations, financial losses, and potential legal ramifications.

\n

\"LoginRadius

\n","frontmatter":{"date":"February 17, 2021","updated_date":null,"description":"If a hacker successfully logs with stolen credentials, they can misuse your privileges and impact your company's sustainability. Authentication protects a consumer's identity by allowing only a verified user to enter into the system. But there are numerous ways through which a hacker can impersonate consumers and enter inside the system.","title":"What is Broken Authentication Vulnerability and How to Prevent It?","tags":["broken authentication","mfa","data security"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/8fb0491d4b2d2c88a9837287c83195f7/7f8e9/broken-auth.webp","srcSet":"/static/8fb0491d4b2d2c88a9837287c83195f7/61e93/broken-auth.webp 200w,\n/static/8fb0491d4b2d2c88a9837287c83195f7/1f5c5/broken-auth.webp 400w,\n/static/8fb0491d4b2d2c88a9837287c83195f7/7f8e9/broken-auth.webp 768w","sizes":"(max-width: 768px) 100vw, 768px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.webp"}}}},{"node":{"excerpt":"One of the leading NoSQL databases, MongoDB is well known for its fast performance, versatile schema, scalability and great capabilities for…","fields":{"slug":"/engineering/full-text-search-in-mongodb/"},"html":"

One of the leading NoSQL databases, MongoDB is well known for its fast performance, versatile schema, scalability and great capabilities for indexing. Let us look at some context before we get into some details. Full-text search is an essential feature when we talk about finding content on the internet. A google search is the best example for this when we see the content using the phrases or keywords. In this article, we will learn about full-text search capabilities in MongoDB based on text index.

\n

Create a Sample Database

\n

Before we begin, we will create a sample database that will be used during the tutorial.

\n

We will create a database with the name myDB and create a collection with the name books. For this, the statement would be as follows.

\n
> use myDB\n> db.createCollection("books")\n>
\n

Let's insert some documents by using the following statement.

\n
> db.books.insert([\n\t{\n      "title": "Eloquent JavaScript, Second Edition",\n      "subtitle": "A Modern Introduction to Programming",\n      "author": "Marijn Haverbeke",\n      "publisher": "No Starch Press",\n      "description": "JavaScript lies at the heart of almost every modern web application, from social apps to the newest browser-based games. Though simple for beginners to pick up and play with, JavaScript is a flexible, complex language that you can use to build full-scale applications."\n    },\n    {\n      "title": "Learning JavaScript Design Patterns",\n      "subtitle": "A JavaScript and jQuery Developer's Guide",\n      "author": "Addy Osmani",\n      "publisher": "O'Reilly Media",\n      "description": "With Learning JavaScript Design Patterns, you'll learn how to write beautiful, structured, and maintainable JavaScript by applying classical and modern design patterns to the language. If you want to keep your code efficient, more manageable, and up-to-date with the latest best practices, this book is for you."\n    },\n    {\n      "title": "Speaking JavaScript",\n      "subtitle": "An In-Depth Guide for Programmers",\n      "author": "Axel Rauschmayer",\n      "publisher": "O'Reilly Media",\n      "description": "Like it or not, JavaScript is everywhere these days, from browser to server to mobile and now you, too, need to learn the language or dive deeper than you have. This concise book guides you into and through JavaScript, written by a veteran programmer who once found himself in the same position."\n    },\n    {\n      "title": "Programming JavaScript Applications",\n      "subtitle": "Robust Web Architecture with Node, HTML5, and Modern JS Libraries",\n      "author": "Eric Elliott",\n      "publisher": "O'Reilly Media",\n      "description": "Take advantage of JavaScript's power to build robust web-scale or enterprise applications that are easy to extend and maintain. By applying the design patterns outlined in this practical book, experienced JavaScript developers will learn how to write flexible and resilient code that's easier-yes, easier-to work with as your codebase grows."\n    },\n    {\n      "title": "Understanding ECMAScript 6",\n      "subtitle": "The Definitive Guide for JavaScript Developers",\n      "author": "Nicholas C. Zakas",\n      "publisher": "No Starch Press",\n      "description": "ECMAScript 6 represents the biggest update to the core of JavaScript in the history of the language. In Understanding ECMAScript 6, expert developer Nicholas C. Zakas provides a complete guide to the object types, syntax, and other exciting changes that ECMAScript 6 brings to JavaScript."\n    }\n])
\n

Creating a Text Index

\n

We need to create a text index on the fields to perform the text search. We can create this on single or multiple fields. The following statement will create a text index on a single field.

\n
>db.books.createIndex({"description":"text"})
\n

We will create a text index on the description and subtitle fields for this tutorial. We can create only one text index per collection in MongoDB. So We will create a compound text index using the following statement.

\n
>db.books.createIndex({"subtitle":"text","description":"text"})
\n

$search

\n

Now we will try to search documents that have the keywords 'ECMAScript' in the description and subtitle fields. For this, we can use the below statement.

\n
db.books.find({$text: {$search: "ECMAScript"}})
\n

Example

\n
>db.books.find({$text: {$search: "ECMAScript"}},{ subtitle: 1, description: 1 })\n\t{\n    "_id" : ObjectId("602b09cb3cb6144ada1c62fe"),\n    "subtitle" : "The Definitive Guide for JavaScript Developers",\n    "description" : "ECMAScript 6 represents the biggest update to the core of JavaScript in the history of the language. In Understanding ECMAScript 6, expert developer Nicholas C. Zakas provides a complete guide to the object types, syntax, and other exciting changes that ECMAScript 6 brings to JavaScript."\n\t}\n>
\n

Phrases

\n

You can search for phrases using the text index. By default, text search performs an OR search for all words in the phrase. If you want to search 'modern design patterns', it will search for documents with the keywords either modern, design, or patterns.

\n

Example

\n
>db.books.find({$text: {$search: "modern design patterns"}},{ subtitle: 1, description: 1 })\n\t{\n    "_id" : ObjectId("602b098f3cb6144ada1c2ea1"),\n    "subtitle" : "A JavaScript and jQuery Developer's Guide",\n    "description" : "With Learning JavaScript Design Patterns, you'll learn how to write beautiful, structured, and maintainable JavaScript by applying classical and modern design patterns to the language. If you want to keep your code efficient, more manageable, and up-to-date with the latest best practices, this book is for you."\n\t},\n\t{\n    "_id" : ObjectId("602b09b93cb6144ada1c4bca"),\n    "subtitle" : "Robust Web Architecture with Node, HTML5, and Modern JS Libraries",\n    "description" : "Take advantage of JavaScript's power to build robust web-scale or enterprise applications that are easy to extend and maintain. By applying the design patterns outlined in this practical book, experienced JavaScript developers will learn how to write flexible and resilient code that's easier-yes, easier-to work with as your code base grows.",\n\t},\n\t{\n    "_id" : ObjectId("602b095c3cb6144ada1c1028"),\n    "subtitle" : "A Modern Introduction to Programming",\n    "description" : "JavaScript lies at the heart of almost every modern web application, from social apps to the newest browser-based games. Though simple for beginners to pick up and play with, JavaScript is a flexible, complex language that you can use to build full-scale applications."\n\t}\n>
\n

If you want to search for exact phrases like documents with 'modern design patterns' together, you can do so by specifying double quotes in the search text.

\n

Example

\n
>db.books.find({$text: {$search: "\\"modern design patterns\\""}},{ subtitle: 1, description: 1 })\n\t{\n    "_id" : ObjectId("602b098f3cb6144ada1c2ea1"),\n    "subtitle" : "A JavaScript and jQuery Developer's Guide",\n    "description" : "With Learning JavaScript Design Patterns, you'll learn how to write beautiful, structured, and maintainable JavaScript by applying classical and modern design patterns to the language. If you want to keep your code efficient, more manageable, and up-to-date with the latest best practices, this book is for you."\n}
\n

Negations

\n

If you want to exclude the documents containing a particular word, you can use a negation search. For example if you're going to search all documents with the 'JavaScript' but not 'HTML5' or 'ECMAScript', you can search as the below example.

\n

Example

\n
>db.books.find({$text: {$search: "JavaScript -HTML5 -ECMAScript"}},{ subtitle: 1, description: 1 })\n\t{\n    "_id" : ObjectId("602b098f3cb6144ada1c2ea1"),\n    "subtitle" : "A JavaScript and jQuery Developer's Guide",\n    "description" : "With Learning JavaScript Design Patterns, you'll learn how to write beautiful, structured, and maintainable JavaScript by applying classical and modern design patterns to the language. If you want to keep your code efficient, more manageable, and up-to-date with the latest best practices, this book is for you."\n\t},\n\t{\n    "_id" : ObjectId("602b09a83cb6144ada1c4973"),\n    "subtitle" : "An In-Depth Guide for Programmers",\n    "description" : "Like it or not, JavaScript is everywhere these days, from browser to server to mobile and now you, too, need to learn the language or dive deeper than you have. This concise book guides you into and through JavaScript, written by a veteran programmer who once found himself in the same position."\n\t},\n\t{\n    "_id" : ObjectId("602b095c3cb6144ada1c1028"),\n    "subtitle" : "A Modern Introduction to Programming",\n    "description" : "JavaScript lies at the heart of almost every modern web application, from social apps to the newest browser-based games. Though simple for beginners to pick up and play with, JavaScript is a flexible, complex language that you can use to build full-scale applications."\n\t}
\n

Text Search Score

\n

The text search provides a score to each document representing the relevancy of the document with the search query. This score can be used to sort all the records returned in the search result. A higher score will indicate a most relevant match.

\n

Example

\n
>db.books.find({$text: {$search: "JavaScript "}},{score: {$meta: "textScore"}, subtitle: 1, description: 1 }).sort({score:{$meta:"textScore"}})\n\t{\n    "_id" : ObjectId("602b098f3cb6144ada1c2ea1"),\n    "subtitle" : "A JavaScript and jQuery Developer's Guide",\n    "description" : "With Learning JavaScript Design Patterns, you'll learn how to write beautiful, structured, and maintainable JavaScript by applying classical and modern design patterns to the language. If you want to keep your code efficient, more manageable, and up-to-date with the latest best practices, this book is for you.",\n    "score" : 1.43269230769231\n\t},\n\t{\n    "_id" : ObjectId("602b09cb3cb6144ada1c62fe"),\n    "subtitle" : "The Definitive Guide for JavaScript Developers",\n    "description" : "ECMAScript 6 represents the biggest update to the core of JavaScript in the history of the language. In Understanding ECMAScript 6, expert developer Nicholas C. Zakas provides a complete guide to the object types, syntax, and other exciting changes that ECMAScript 6 brings to JavaScript.",\n    "score" : 1.42672413793103\n\t},\n\t{\n    "_id" : ObjectId("602b09a83cb6144ada1c4973"),\n    "subtitle" : "An In-Depth Guide for Programmers",\n    "description" : "Like it or not, JavaScript is everywhere these days, from browser to server to mobile and now you, too, need to learn the language or dive deeper than you have. This concise book guides you into and through JavaScript, written by a veteran programmer who once found himself in the same position.",\n    "score" : 0.818181818181818\n\t},\n\t{\n    "_id" : ObjectId("602b095c3cb6144ada1c1028"),\n    "subtitle" : "A Modern Introduction to Programming",\n    "description" : "JavaScript lies at the heart of almost every modern web application, from social apps to the newest browser-based games. Though simple for beginners to pick up and play with, JavaScript is a flexible, complex language that you can use to build full-scale applications.",\n    "score" : 0.801724137931034\n\t},\n\t{\n    "_id" : ObjectId("602b09b93cb6144ada1c4bca"),\n    "subtitle" : "Robust Web Architecture with Node, HTML5, and Modern JS Libraries",\n    "description" : "Take advantage of JavaScript's power to build robust web-scale or enterprise applications that are easy to extend and maintain. By applying the design patterns outlined in this practical book, experienced JavaScript developers will learn how to write flexible and resilient code that's easier-yes, easier-to work with as your codebase grows.",\n    "score" : 0.792857142857143\n\t}
\n

Stop Words

\n

The $text operator filters out the language-specific stop words, such as a, an, the and in English. The below search will not return any document in the result.

\n

Example

\n
>db.books.find({$text: {$search: "is"}},{subtitle: 1, description: 1 })\n\tFetched 0 record(s)
\n

Stemmed Words

\n

The $text operator matches on the complete stemmed word. So if some document field contains the word learning or learn, a search on the term learning or learn would result in the same.

\n

Example

\n
>db.books.find({$text: {$search: " learn"}},{subtitle: 1, description: 1 }) or >db.books.find({$text: {$search: " learning"}},{subtitle: 1, description: 1 })\n\t{\n    "_id" : ObjectId("602b098f3cb6144ada1c2ea1"),\n    "subtitle" : "A JavaScript and jQuery Developer's Guide",\n    "description" : "With Learning JavaScript Design Patterns, you'll learn how to write beautiful, structured, and maintainable JavaScript by applying classical and modern design patterns to the language. If you want to keep your code efficient, more manageable, and up-to-date with the latest best practices, this book is for you."\n\t},\n\t{\n    "_id" : ObjectId("602b09a83cb6144ada1c4973"),\n    "subtitle" : "An In-Depth Guide for Programmers",\n    "description" : "Like it or not, JavaScript is everywhere these days, from browser to server to mobile and now you, too, need to learn the language or dive deeper than you have. This concise book guides you into and through JavaScript, written by a veteran programmer who once found himself in the same position."\n\t},\n\t{\n    "_id" : ObjectId("602b09b93cb6144ada1c4bca"),\n    "subtitle" : "Robust Web Architecture with Node, HTML5, and Modern JS Libraries",\n    "description" : "Take advantage of JavaScript's power to build robust web-scale or enterprise applications that are easy to extend and maintain. By applying the design patterns outlined in this practical book, experienced JavaScript developers will learn how to write flexible and resilient code that's easier-yes, easier-to work with as your codebase grows."\n\t}
\n

Conclusion

\n

I hope you learned something new today. Here is an interesting article on Self-Hosted MongoDB. I also invite you to try stuff on your own and share your experience in the comment section. Furthermore, if you face any problems with any of the above definitions, please feel free to ask me in the comments section below.

\n","frontmatter":{"date":"February 16, 2021","updated_date":null,"description":"MongoDB full text search tutorial. In this blog, we will learn how to perform a full-text search in MongoDB using text index.","title":"How to do Full-Text Search in MongoDB","tags":["MongoDB"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/f4c86ce656fbbcd1cebd60b0c6606d53/58556/coverImage.webp","srcSet":"/static/f4c86ce656fbbcd1cebd60b0c6606d53/61e93/coverImage.webp 200w,\n/static/f4c86ce656fbbcd1cebd60b0c6606d53/1f5c5/coverImage.webp 400w,\n/static/f4c86ce656fbbcd1cebd60b0c6606d53/58556/coverImage.webp 800w,\n/static/f4c86ce656fbbcd1cebd60b0c6606d53/99238/coverImage.webp 1200w,\n/static/f4c86ce656fbbcd1cebd60b0c6606d53/7c22d/coverImage.webp 1600w,\n/static/f4c86ce656fbbcd1cebd60b0c6606d53/25f09/coverImage.webp 1920w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Anil Gupta","github":"anilswm","avatar":null}}}},{"node":{"excerpt":"No matter what your application is for, it is a must to have ease of use, frictionless authentication, and guaranteed security (against…","fields":{"slug":"/identity/biometric-authentication-mobile-apps/"},"html":"

No matter what your application is for, it is a must to have ease of use, frictionless authentication, and guaranteed security (against fraud protection and password-related attacks). These variables help you to build both a spectacular first impression and long-lasting confidence.

\n

When using mobile apps, consumers prefer to open it and quickly start using it. It can be a frustrating experience for them if you keep asking for the account password every time they open the app. But then, it is also a business necessity to ensure safe access to the app.

\n

So, how do you offer a great experience and security at the same time?

\n

The LoginRadius Mobile Biometric Authentication can help. The feature is dedicated to mobile apps and allows consumers to use their mobile devices' FaceID and TouchID for authentication.

\n

Intend Behind the Launch

\n

With Mobile Biometric Authentication, consumers can use their existing FaceID or TouchID for authentication without any additional effort.

\n

Also, consumers' biometric data remains stored on their phone rather than the server, making it even more secure.

\n

Let's underline some of the major benefits of Mobile Biometric Authentication.

\n\n

\"biometric-authentication-mobile-apps-datasheet\"

\n

Key Features Offered by LoginRadius

\n

LoginRadius offers local authentication with Touch ID and Face ID for Android and iOS devices—provided the consumers' mobile devices also support these features.

\n\n

You can configure both authentication options for your app and later, ask the consumer to choose according to their preference or the option available with their device.

\n

Conclusion

\n

The Mobile Biometric Authentication by LoginRadius is a local authentication concept and consumers' biometric data don't even leave their mobile devices. Hence, as a business, you don't need to worry about storing, processing, and securing your consumer's biometric data.

\n

\"LoginRadius

\n","frontmatter":{"date":"February 16, 2021","updated_date":null,"description":"The LoginRadius Mobile Biometric Authentication feature is dedicated to mobile applications and enables users to use the FaceID and TouchID of their mobile devices for authentication purposes.","title":"Announcement - LoginRadius Introduces Convenient and Secure Biometric Authentication for Mobile Apps","tags":["biometric authentication","cx","ciam solution"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.408450704225352,"src":"/static/04ded459c8909fa08c0befc317400736/c0524/biometric-authentication-mobile-apps.webp","srcSet":"/static/04ded459c8909fa08c0befc317400736/61e93/biometric-authentication-mobile-apps.webp 200w,\n/static/04ded459c8909fa08c0befc317400736/1f5c5/biometric-authentication-mobile-apps.webp 400w,\n/static/04ded459c8909fa08c0befc317400736/c0524/biometric-authentication-mobile-apps.webp 769w","sizes":"(max-width: 769px) 100vw, 769px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.webp"}}}}]},"markdownRemark":{"excerpt":"Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards…","fields":{"slug":"/identity/developer-first-identity-provider-loginradius/"},"html":"

Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards and refining approaches to building secure, seamless experiences.

\n

We’re here to support developers on that journey. We know how important simplicity, efficiency, and well-structured documentation are when working with identity and access management solutions. That’s why we’ve redesigned the LoginRadius website—to be faster, more intuitive, and developer-first in every way.

\n

The goal? Having them spend less time searching and more time building.

\n

What’s New and Improved on the LoginRadius Website?

\n

LoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve spent the last few months redesigning our interface— making navigation more intuitive and reassuring that essential resources are easily accessible.

\n

Here’s a closer look at what’s new and why it’s important:

\n

A Developer-Friendly Dark Theme

\n

\"This

\n

Developers spend long hours working in dark-themed IDEs and terminals, so we’ve designed the LoginRadius experience to be developer-friendly and align with that preference.

\n

The new dark mode reduces eye strain, enhances readability, and provides a seamless transition between a coding environment and our platform. Our new design features a clean, modern aesthetic with a consistent color scheme and Barlow typography, ensuring better readability. High-quality graphics and icons are thoughtfully placed to enhance the content without adding visual clutter.

\n

So, whether you’re navigating our API docs or configuring authentication into your system, our improved interface will make those extended development hours more comfortable and efficient.

\n

Clear Categorization for LoginRadius Capabilities

\n

\"This

\n

We’ve restructured our website to provide a straightforward breakdown of our customer identity and access management platform capabilities, helping you quickly find what you need:

\n\n

This structured layout ensures you can quickly understand each capability and how it integrates into your identity ecosystem.

\n

Developer-First Navigation

\n

\"This

\n

We’ve been analyzing developer workflows to identify how you access key resources. That’s why we redesigned our navigation with one goal in mind: to reduce clicks and make essential resources readily available.

\n

The new LoginRadius structure puts APIs, SDKs, and integration guides right at the menu bar under the Developers dropdown so you can get started faster. Our Products, Solutions, and Customer Services are also clearly categorized, helping development teams quickly find the right tools and make informed decisions.

\n

Quick Understanding of Integration Benefits

\n

\"This

\n

Developers now have a clear view of the tech stack available with LoginRadius, designed to support diverse business needs.

\n

Our platform offers pre-built SDKs for Node.js, Python, Java, and more, making CIAM integration seamless across popular programming languages and frameworks.

\n

Over to You Now!

\n

Check out our revamped LoginRadius website and see how the improved experience makes it easier to build, scale, and secure your applications.

\n

Do not forget to explore the improved navigation and API documentation, and get started with our free trial today. We’re excited to see what you’ll build with LoginRadius!

\n","frontmatter":{"date":"February 21, 2025","updated_date":null,"description":"LoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve redesigned our website interface, making navigation more intuitive and reassuring that essential resources are easily accessible.","title":"Revamped & Ready: Introducing the New Developer-First LoginRadius Website","tags":["Developer tools","API","Identity Management","User Authentication"],"pinned":true,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7857142857142858,"src":"/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp","srcSet":"/static/80b4e4fbe176a10a327d273504607f32/61e93/hero-section.webp 200w,\n/static/80b4e4fbe176a10a327d273504607f32/1f5c5/hero-section.webp 400w,\n/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp 800w,\n/static/80b4e4fbe176a10a327d273504607f32/99238/hero-section.webp 1200w,\n/static/80b4e4fbe176a10a327d273504607f32/7c22d/hero-section.webp 1600w,\n/static/80b4e4fbe176a10a327d273504607f32/1258b/hero-section.webp 2732w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.webp"}}}},"pageContext":{"limit":6,"skip":600,"currentPage":101,"type":"///","numPages":164,"pinned":"ee8a4479-3471-53b1-bf62-d0d8dc3faaeb"}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}