Monthly Archives

This article will explore the top developer communities site to follow!

Software development is an ever-changing field that has many branches and skill sets.  Having a support network to help you with what tools are available and to discuss various elements of the field is vital, and having a mentor to help through this can give you a massive increase in the chances for success as a developer.  However, not everyone can find an individual mentor and many more may find themselves unable to find one in their current workplace.  

As developers increasingly look to become freelancers and those working for a company directly are more and more likely to be working from home, having this in person support is not always available. This is where online developer communities become vital, places where developers can connect to share their thoughts and experiences and help mentor and support each other.  

So here are 10 developer communities you absolutely should be following.

The Ten Best Developer Communities

Here is a guide to developer communities.

1.     GitHub

It’s an obvious one, and for a good reason.  GitHub may not be the best in terms of creating back and forth communication, but it is a fantastic place to share code and find open-source code that may help you on whatever project you are currently working on.

If you want to share your code to get feedback and discuss the fine details of your approach this is definitely the platform for you in collaboration with some of the other communities discussed here.  You can also follow projects that interest you and it’s worth taking some time to browse the repositories and find inspiration for your next project.

2.     Stack Overflow

Another staple for developers, stack overflow is an absolute must for a developer and is vital to those starting out in the field who may not have yet fully grasped the nuances of working in a company environment.  This forum site allows you to ask questions and share issues you are having with your code and get a well collated answer from a community pool of around 5 million developers globally.

Developers who answer questions tend to be thoughtful in their responses and Stack Overflow has been known to ban or suspend users who demonstrate unhelpful behaviour, so you can be sure you’ll get an answer without the usual sass you find on the internet.

Although, as technical writer Erin Schied of Eliteassignmenthelp and UK Services Reviews cautions “before asking a question, it is well worth searching the site to find out if someone has asked the same question before.  This prevents users getting frustrated at repeat questions on the same topics and may actually save valuable time as the answer may already be there, waiting.”

This site isn’t just great for current developers but budding developers as well, with even basic questions having well thought out answers and people often sharing helpful tips in their answers.

3.     Hashnode

Another global community, hashnode provides a mix of blog and community posts that provides a variety of answers to questions you may have.  Users are encouraged to discuss their opinions and share ideas to help the development industry grow.

It’s blogging platform allows you to publish your own thoughts as well as to see the viewpoints of others.  You can follow individual authors but, potentially more helpfully, you can also follow tags such as Java, Python or CSS to give you a wider range of potential articles on topics that are relevant to you.

4.     Hackernoon

A site for reading, writing and publishing technical articles, hackernoon is an independent site that has lots of stories on software engineering, security and coding languages that are shared from a community of around 15,000 tech writers from around the globe.

It’s used by large companies as well like Apple, Google, Tesla and Adobe to share their news and expertise.  “There is sure to be something here to interest you and it’s worth taking some time to browse its very abundant library of articles,” says business writer Tom Wooley, Best British Essays and Revieweal.

If you have some R&D time or are looking to learn more in your own time this site is a go-to to get ideas and learn more about how things are changing in the industry.

5.     Women Who Code

As more and more women look to get into STEM it can feel isolating and finding a community to empower you and help you in your career is vital.  Women who code is a fantastic community of 200,000 plus members who will help advance your skills, share opportunities and provide you with the resources you need to succeed.

The site provides job boards to help you look for work and encourages their users to give recognition to each other for their achievements.  With an entire section on opportunities, this site offers Scholarship opportunities as well as details for speaking opportunities and conventions to attend that helps you keep your finger on the pulse of the industry.

Not just for women, this site allows you to gain more understanding of the struggle some women face in being adequately represented in the field, even with Ada Lovelace being the first developer.  It is definitely worth a look if you are someone who supports the ever-growing community of women entering development.

6.     CodeProject

This behemoth of a community, around 14 million active users, is an amazing resource for developers aligned to a set of common goals: to never stop learning more about their field, to teach what they do know and to keep development fun.  From tutorials on specific coding languages to the ability to ask questions about things you are struggling with to sharing your code with the masses, CodeProject is absolutely somewhere you should be looking into no matter what stage of your career you are in.

You can search their backlog of articles via topic, making it easier to find exactly what you are looking for.  If you feel up to it, you can even share your own knowledge and help answer questions from newer developers starting out.

7.     Dev

If you’re just starting out, Dev is the perfect community for you.  Covering a wide array of areas in programming and development, Dev has the usual forum post areas as well as help sections, tutorials, news and career advice that truly make it a good all-rounder. 

Dev looks to keep software developers up to date on the latest industry developments and provides fantastic how-tos and tutorials for those starting in development or simply those looking to learn a new coding language.  There is definitely a home here for more experienced developers, but overall this is more a place for beginners looking to start out their developer careers.

8.     Slack and the Bootstrap Slack Group

Slack is a fantastic team communication tool that allows you to stay up to date on project developments and even to build team morale.  Similar to other communities and forums, each group can have various topics of focus meaning you can have multiple project forums and channels focussed on a variety of issues.  With inbuilt messaging and voice and video calls, Slack also makes it easy to quickly communicate with team members no matter where they are.

A lot of companies nowadays use Slack for their development team to allow them to communicate project details and discuss issues with each other.  That makes the Bootstrapgroup an easy addition to your life and provides you with a community of people sharing advice, opinions and ideas well worth perusing.

The group is invitation only, and while this may make it more difficult to get in it does provide you with the knowledge that the people in this group are going to be much higher calibre than elsewhere and that the group is considerate of who their users are.

Probably more for the experienced dev, this community has its ups and downs in terms of usage but overall will introduce you to like-minded individuals and help you build a network that may be incredibly useful to your career progression.

9.     Reddit

Reddit is a classic, but not necessarily the first place you might think of in order to discuss the development industry and technology.  More famous for its creepy pasta forums, meme channels etc. Reddit is an internet phenomenon that also boasts a large selection of developer focussed Subreddits like r/AskProgramming, r/Coding, r/WebDev and many more.

From light hearted conversation with other developers to more detailed and serious discussions around coding languages and tech news, Reddit is a fantastic source for developers at any skill level looking to find a community of their own.  You’re sure to find something here that fits your tastes.

Subreddits tend to have their own mods to make sure topics don’t get off track and manage the likelihood of dealing with troll posts but you are likely to find some very strong opinions on Reddit that may be a bit abrasive at first reading.  Overall the community does tend to be friendly and helpful, but be careful if you are a chronic procrastinator not to get sucked into other subreddits while working.  It’s not hard to start off exploring a coding subreddit to ending up binging r/talesfromtechsupport to suddenly finding yourself scrolling through cat pictures without really noticing.  Rabbit holes are a thing on Reddit and for the easily distracted it may be worth targeting your searches or using Reddit in your own time.

10.   Medium

Medium is a blogging website that provides you the ability to read, write and publish articles on any topic imaginable.  If you want to boost your knowledge of development or any other technology related subject this is an amazing place to get started.

Its tagging system allows you to quickly find topics that matter to you and allows you to follow those that provide the most use to you.  Articles allow you to comment and up vote, meaning the community is a vital component and can help you sort the wheat from the chaff.

Each article has a reading time estimated, which means you can find a way to easily slot them in to your day.   If you find an author you like you can subscribe to them and even connect with them directly.  The sharing options for articles also means that you can easily share the knowledge you find useful to any number of other communities and it’s simple, clean layout makes it easy to browse and read at your leisure.

For those looking to share their knowledge, the ability to publish articles is easy and painless.  It’s the perfect place to set up your own tech-blog if you are looking to do so.

Conclusion

No matter what point you are at in your career there is always something more you can learn and having a community to talk to about the industry is vital.  Whether it’s to get answers to issues you’re having, trying to find inspiration for the next big thing, or simply to find like-minded individuals to talk to, a developer community is vital to the success of you and the industry at large.  

This list is in no way finite and there are many other communities out there that might suit your needs more specifically.  These are just a few options for online developer communities, and I hope you’ll go and explore to find one that is right for you.

A word of caution however, no matter what community you decide to join remember to be respectful and patient.  We all start somewhere and even if an answer seems obvious to you or an opinion greatly differs from yours it is worth remembering that feeling of just starting out and encouraging others for trying to grow instead of tearing them down. 

FAQ

What are ten of the best Developer Communities?

–       GitHub
–       Stack Overflow
–       Hashnode
–       Hackernoon
–       Women Who Code
–       CodeProject
–       Dev
–       Bootstrap Slack Group
–       Reddit
–       Medium

What Is Parse?

Parse is the most commonly used open source framework for developing application backends. It was introduced in 2016 and is backed by a large community of developers. It is a proven platform that can accelerate web application developments at any scale.

Parse is a Node.js application that is deployed on hosts in a cloud platform like AWS. It provides APIs for user authentication and stores data in a document storage. By combining a mobile SDK with a backend service, Parse provides features including several user authentication methods, social login, creation and querying of arbitrary data models, push notifications, and the ability to upload files to a server for client-to-client access.

Parse Security Challenges

Open source security is a major concern for most organizations. While open source platforms like Parse can be highly beneficial, they often present vulnerabilities that must be identified and resolved. Here are some of the main security concerns with the Parse platform.

Default Settings 

Parse tries to accommodate less technical developers, making it easier to produce the entire backend for mobile applications without programming. Developers can handle all or most of the server setup, including creating and inserting classes, via the Parse dashboard. However, some important security features are not enabled by default, so users must configure the right settings to secure their application stack.

All stored data in Parse resides in class objects, with the users class storing all user data by default. These class objects should not be automatically searchable, especially if they contain sensitive data. Parse lets developers restrict access to object classes using object-level access control and class-level permissions. 

These security features offer more granular control over stored data in Parse instances and prevent unknown users from accessing any instance in a protected class. However, the user has to turn them on—otherwise, all class objects in Parse remain searchable, and anonymous, potentially malicious users could access sensitive data in objects like the users class.

File Upload Restrictions

Automated file upload is a requirement for many web applications. Another major vulnerability in the design of the Parse server is the file upload functionality. The file adapter submodule allows the Parse server to upload all files by default. Users can block uploads of specific file types using hooks in Parse Cloud. It is still impossible to prevent a potential attacker from uploading file types via the Parse dashboard, a popular GUI for developers to work with the Parse server.

Once a file is uploaded, it is accessible without authentication headers, so an attacker could easily share it. The only way to mitigate this risk is to obfuscate the name of uploaded files. This method can make finding the files uploaded to a bucket harder, but it doesn’t stop attackers from uploading malicious HTML files to the server or sharing malicious URLs with the victim. 

Applications typically serve the uploaded Parse files from the primary domain, creating serious vulnerabilities for all users. If an application serves uploaded files from the same domain as a web portal with cookies, it may place all users at risk.

Securing Parse

Here are best practices you can use to secure your Parse deployment, both at the class and object levels.

Client vs. Master Secrets

When an application connects to Parse for the first time, the application identifies itself with an ID and a client secret (this can also be a REST secret, .NET secret, or JavaScript secret, depending on the platform being used). 

By default, the client secret is not protected and it cannot protect the app. Anyone can find the client key by decompiling the application from the device or proxy network traffic. You can see this most easily in a JavaScript app—find the client key by simply viewing the source of application pages in your browser.

Because client keys are distributed to users, they should be considered accessible by the general public, including threat actors.

A master key, on the other hand, must be strongly protected. Master keys can be used to bypass all security mechanisms in your application, such as class-level permissions and ACLs. Obtaining the master key is equivalent to gaining root access to the application server. Protecting your master key is a central goal of a Parse security strategy—just like protecting the root password on a production machine.

The general idea is to limit the capabilities of the client (using the client secret) and perform any sensitive operations in Cloud Code, requiring the master secret. Learn more about Cloud Code in the Parse documentation.

Class-Level Permissions

Another area to secure is the schema and data level. You should limit when and how client applications can create or access data in Parse. When you first start developing Parse applications, insecure defaults are set to maximize initial productivity—as you transition to production, you must configure Parse to protect sensitive data.

Configure permissions to assign to specific users and roles in your application on a least privilege basis, rather than granting universal access. A role can group users or other roles together to provide the same access permissions. Roles are assigned to objects to limit their use. Permissions granted to a user role or other role are also extended to its children, creating an access hierarchy for your app.

Object-Level Access Control

Consider how users can access data. Object-level access control allows you to separate one user’s data from another user’s data. Different users may need to access different objects within a class—for example, a user’s personal data must only be accessible to that user.

Parse also supports the concept of anonymous users in applications that store and secure user-specific data without explicit login.

When a user logs into your application, a Parse session is started. During the entire session, users can only add or modify their personal data, but not other data.

The simplest way to control who has access to what data is via access control lists called ACLs. ACLs work by providing each object with a list of roles and users and a list of permissions for each role or user. Users must have read access or be assigned to a role that has read access to retrieve data in an object. Users also need write access (or be assigned to a role with write access) to modify or delete data. Set user permissions carefully to ensure each category of users has exactly the permissions they need and no more.

Securing File Upload

As mentioned, Parse suffers from an infinite file upload vulnerability, which you will need to mitigate. This can be done at the bucket level, as recommended in the Parse documentation. 

For example, to restrict file upload types in AWS, add the following statements to your bucket policy:

• The s3:PutObject operation should only be allowed on objects that require a file type extension.
• The s3:PutObject operation should be explicitly denied on objects that do not have the required file type extension.

Conclusion

In this article, I reviewed the main security concerns in the Parse platform and provided several best practices to help you overcome them:

• Client vs. master secrets—ensure that external entities with a client secret cannot perform sensitive operations and restrict master secret operations using Cloud Code.
• Class-level permissions—configure permissions to secure the schema and datastore.
• Object-level access control—define ACLs and roles to ensure that each user can access the data and operations they need, and no more.
• Securing file upload—prevent unlimited file upload by adding limitations to your cloud storage buckets.

I hope this will be useful as you improve the security posture of your Parse applications.