Open-Source Tool MII Scans AWS for Unmonitored Machine Identities and Risk Scores Them

·1 views

A developer has released an open-source tool called Machine Identity Intelligence (MII) to address the lack of visibility into machine identities in AWS environments. The tool connects to AWS accounts in read-only mode to discover IAM roles, trust relationships, OIDC federations, and CI/CD tokens, then assigns risk scores to each. The project was motivated by a CyberArk 2025 report finding that machine identities outnumber human identities at a ratio of 82 to 1. MII supports local development via Docker Compose and AWS deployment through Terraform, covering EC2 and CloudFront. The tool is MIT licensed and publicly available on GitHub.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

How One Developer Modeled a Creator SaaS on a Single DynamoDB Table

A developer building Truss, a B2C SaaS that uses AI to extract viral clips from videos and live streams, chose a single-table DynamoDB design over a relational database for their AWS hackathon submission. Three key reasons drove the decision: most app queries are scoped to a single user partition, DynamoDB's connectionless HTTP API suits serverless Vercel functions better than connection-pooled PostgreSQL, and its on-demand pricing scales to zero with no capacity planning. Every entity — users, videos, clips, streams, analytics, and OAuth tokens — shares a partition key prefixed by creator ID, with sort key prefixes enabling type-filtered queries without joins or secondary indexes. The developer acknowledges trade-offs, including hot partition risk for high-volume creators and the inability to run ad-hoc queries not modeled upfront. Future iterations may introduce shard suffixes on partition keys to distribute load for creators with large clip libraries.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Top Security Flaws Found in Nigerian Web Apps and How Developers Can Fix Them

A technical review highlights the most common security vulnerabilities discovered in Nigerian business software, noting that most applications have never undergone penetration testing. The flaws identified include SQL injection, unverified payment webhooks, broken object-level authorization, missing rate limiting, and cross-site scripting. For each vulnerability, the review provides practical code-level fixes such as parameterized queries, cryptographic signature verification, and HTML escaping. The analysis emphasizes that these are not obscure edge cases but recurring issues found in live production systems. Developers are urged to adopt secure coding patterns from the start, as post-breach remediation is far costlier than building security in upfront.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer Builds AI-Powered Finance Tool, Discovers Income Gap Not Overspending

A software developer manually downloaded five years of bank statements from Chime and CashApp after hitting API access barriers, then built a local tool called PlaidMCP to let Claude analyze the data conversationally. The analysis revealed no significant wasteful spending, but instead identified a recurring weekly cash shortfall of around $500 caused by bill payment clustering. Claude concluded the root issue was an income ceiling rather than excessive expenditure. The developer acknowledged this matched a conclusion they had long suspected but hoped the data would disprove. The project is ongoing, with future phases aimed at capturing the reasoning behind individual purchases to build a queryable financial journal.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Angular Reactive Forms: Structure, Validation, and Async Checks Explained

Angular's Reactive Forms approach defines form structure and validation logic entirely within the component class using FormGroup and FormControl, rather than relying on template-driven directives like ngModel. Developers must import ReactiveFormsModule and bind the form to the template using formGroup and formControlName attributes. Built-in validators such as required, email, minLength, and pattern can be passed directly into FormControl configuration, while custom validators are written as plain functions returning null for valid input or a ValidationErrors object for invalid input. Async validators, which return an Observable, allow checks like verifying whether an email is already registered, with Angular marking the control status as 'PENDING' during the operation. This pattern keeps validation logic centralized, testable, and independent of the template.

0 comments Read more at DEV Community