Running applications in production can be tricky. This post proposes an opinionated checklist for going to production with a web service (i.e. application exposing HTTP API) on Kubernetes. General Application’s name, description, purpose, and owning team is clearly documented (e.g. in a central application registry or wiki) Application’s criticality level was defined (e.g. “tier 1” […]
The following review checklists provide a wide range of typical questions that may be used in conducting Architecture Compliance reviews, relating to various aspects of the architecture. The organization of the questions includes the basic disciplines of system engineering, information management, security, and systems management. The checklists are based on material provided by a member […]
Abstract Application architecture review can be defined as reviewing the current security controls in the application architecture. This helps a user to identify potential security flaws at an early stage and mitigate them before starting the development stage. Poor design of architecture may expose the application to many security loopholes. It is preferable to perform […]
OWASP API Security Top 10 – 2019 The FIRST Edition from OWASP for API Security What is API Security? A foundational element of innovation in today’s app-driven world is the API. From banks, retail and transportation to IoT, autonomous vehicles and smart cities, APIs are a critical part of modern mobile, SaaS and web applications and […]
Two high severity vulnerabilities impacting all versions of the Kubernetes open-source system for handling containerised apps can allow an unauthorised attacker to trigger a denial-of-service (DoS) state. Kubernetes development team has already released patched versions to address these newly found security flaws and block potential attackers from exploiting them. Kubernetes was originally developed by Google […]
Overview: Netflix has discovered several resource exhaustion vectors affecting a variety of third-party HTTP/2 implementations. These attack vectors can be used to launch DoS attacks against servers that support HTTP/2 communication. Netflix worked with Google and CERT/CC to coordinate disclosure to the Internet community. Today, a number of vendors have announced patches to correct this suboptimal behaviour. […]
PRINCIPLES OF CHAOS ENGINEERING Chaos Engineering is the discipline of experimenting on a system in order to build confidence in the system’s capability to withstand turbulent conditions in production. Advances in large-scale, distributed software systems are changing the game for software engineering. As an industry, we are quick to adopt practices that increase flexibility […]
Before you start designing an application architecture for any cloud, you need to start from a consideration of the main common quality attributes of the cloud: Scalability is a capability to adjust a system capacity based on the current needs. For example, let’s say you’re developing an internet shop. You know that before Christmas, the […]
#1: Turn On SELinux Security-Enhanced Linux (SELinux) is a Linux kernel feature that provides a mechanism for supporting access control security policies which provides great protection. It can stop many attacks before your system rooted. See how to turn on SELinux for CentOS / RHEL based systems. Do Boolean Lockdown Run the getsebool -a command and lockdown […]
What’s A Merkle Tree? If you’re a newcomer to the blockchain world, you may have come across the phrase “Merkle Tree” and felt a little lost. While Merkle Trees are not a widely-understood concept, they’re also not terribly complicated. So, what’s a Merkle Tree? To put it very simply, a Merkle Tree is a method […]