You receive a letter from your grandmother to transfer money but the letter does not have her signature. Will you transfer the money? I wish you don’t.

Cover Photo by SkillScouter on Unsplash

A signature is the most common way to ensure the authenticity of the information. It’s been around since Rome Empire. And it’s ironic that in this digital age, there are many companies and applications that interact without proper digital signature.

Project Scope

Build a simple go application that creates a signature based on sample text. Then verify the signature if it is a valid signature.

Community Library

Finished Project Preview

Run the application in the command shell by calling the go build file.

go run main.go

The database is one of the most critical components in any Tech company ecosystem. From a business continuity point of view, the company can’t do business without a running database system. It’s expected to have a dedicated team to manage the database.

Currently, a cybersecurity attack related to the database is growing exponentially. A single data leak incident can cost a million dollars. Even worst, attack kind of data destruction or ransom can stop the business activity instantly. Cybersecurity is not the Database or Cybersecurity team’s responsibility but a collaboration of all stakeholders related to the database, including the Infrastructure and Developer Team.


Digital-native businesses (tech-startup) build most of their tech ecosystem in-house. In the last few years, there are several incidents around access leakage to that ecosystem.

Digital Native Business

In some security incidents, access leakage leading to more severe events like business data exfiltration. Looking at how digital-native businesses grow, they build new features in a matter of weeks, if not days. The market demand requires a software engineer and DevOps team to focus on speed in their delivery effort. In between those efforts, access to the network, server, or database is sometimes not adequately protected. Reference from Mitre here.


It’s easier than you think

Image source: Author

Scope

The project scope is to build an API to manage content posts. You’ll create an API with three functionalities: create a post, read a single post, and list posts. The database is MySQL installed in localhost.

The database library is using https://github.com/jmoiron/sqlx.
The HTTP routing library is using https://github.com/gin-gonic/gin.

Since the Go community already has a wonderful library, there is almost no reason to write everything from scratch.

Application Design


The digital platform must protect consumer data including the image data. Cybersecurity attacks often targeting image files.

Protect credit card photo. Photo by Ryan Born on Unsplash

Background

There are many sensitive data in the form of an image file. Photo, National ID, Certificates, and any confidential image. Imagine if our credit card photo leaked to the internet and shown in Google Search.

Protecting consumer and company data is mandatory by regulation (and common sense).

Objective

Protect the image stored in the system from unauthorized access.

Pseudocode

Storing

  1. Prepare the image file
  2. Prepare the encryption key (secret)
  3. Encrypt the image using AES into the cipher data
  4. Save the cipher data into storage


How to make data safe from Man In The Middle attack and comply with the regulation.

Protecting the valuable. Photo by Markus Spiske on Unsplash

Background

Security has been a primary concern in business and government for hundreds of years ago. Government regulation is explicitly mentioned how to handle Customer data. And it is essential to protect your business continuity from vulnerability exploit.

Objective

Send data securely to other parties via an HTTP request. Other parties mean a partner entity which doing a communication to us. Secure parameters are:

  • Data cannot be read by an unauthorized party
  • The data source can be verified from the right party

Components

The service is able to send and receive data. Users will use the service to send data to any party…


The right investment will bring peace of mind and comfort in the future. And for heaven-and-hell, friendship is among the luxurious wealth.

Chilling at mountain trails. Photo by Matheus Ferrero on Unsplash

Joe said,

Why talk about topic which 10 year old boy know it naturaly?

I answered,

Hold your horse You modern Nomad . In this age, what do we know about friendship, natural order and social law actually?

Let’s break it down this way:

  • You always had lunch together with your co-workers. Check
  • Quarter people in the working space know your name and greet you every time. Check
  • You never missed watching Marvel movies debut with your gang. Check
  • You have hundreds of followers and dozen of ❤️ in your Instagram post. Check
  • You can talk about how fantastic One…

Write a small portable Go Application to put a logo on top of an image

Watermarked documents. Original Photo by Annie Spratt on Unsplash

Background

Protecting content in the image format by placing brand identity is a common practice in the industry called watermark. No one wants to use a watermarked image. The effort to remove the watermark is quite high, thus making unauthorized party lost their intention to steal the content. This attempt is proven to improve security measures.

Watermark also serves as auditing tools. When sending a confidential image to an external party, it’s mandatory to put a watermark there containing recipient name and use case. Imagine when…


Taking a 12 kilometers roundtrip every day riding a bike is my new recipe to be happy.

City view in the morning by Paolo Chiabrando on Unsplash

This story is about cycling and how I see it. So first, I need to tell you who I am.

  • Exercise? Thousand years ago, since Sauron fall.
  • Busy? Like Satan running Hell.
  • Diet? Fast food and sugar are my favs — who can blame.
  • Sleep? Approximately Avenger movie duration.
  • Anything good about You? I love my work.

That’s about me. If you are more or less live that way, you probably can relate to my story.

Why Bike?

I have my 9–6 kind a job in day and entrepreneur activity at night. My schedule is a legit excuse to skip the gym…


Write a small portable Go application to generate a pair of RSA keys

Asymmetric (Public Key) Cryptography use case as encryption. From Twilio

Background

Secure communication is essential for a business to provide strong trust. Furthermore, it is mandatory by most governments to encrypt personal identity information (PII) when sending information to another business party.

Asymmetric cryptography is a universal approach for encryption in information exchange applications.

In my experience, I found some new businesses have a hard time to generate their pair of asymmetric keys. Then they ask my team to generate the key pair for them.

By principle, that’s a broken security practice. Because the private key should only be seen and kept by the owner, if my team creates the private…

Purnaresa Yuliartanto

IT architect at best cloud provider in the planet. Experience in cybersecurity and tech-fire-fighting.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store