Posted on

Checklists: System is Hacked (Part 2) Preventive Steps for Infra (OS Hardening)

Introduction

In the last article, we described a list of checks which can determine if a system is compromised or hacked.  In this article, we will talk about preventive steps (especially infra-related) that can be taken care of to avoid hacking or to make the system more secure. There are many directions in which we can secure our application as follows:

  • OS Hardening (Infra Level Security).
  • Secure Coding Guidelines.
  • Encryption Of Sensitive Data.
  • Ensure No Vulnerability Exists in System.

In this blog, we will be concerned about OS hardening (Infra Level Security) in Linux systems (CentOS/Redhat). We will cover other parts in future blogs.

Posted on

Checklists: System is Hacked (Part 1) Confirming a Compromise

Introduction

As in my previous blog where I explained how I came to know if my system is hacked or compromised (link here). Here in this blog, I will explain what basic things we can check on our system when we have doubt if our system is compromised.

This blog has 3 parts. In this part, we look at a list of checks which can determine if a system is compromised or hacked.

Posted on

Security and GitOps

As we all know and firmly believe, applications and infrastructures need to be secured, but the shipping processes of this whole ecosystem also need to be.

In a previous article, we introduced GitOps as a methodology to improve the velocity of the development and the management of an entire infrastructure. But there are many other benefits from GitOps, and one of them is the potential improvement of security.

Posted on

Considering Microservices? Here’s Why You Shouldn’t Dismiss Monoliths Just Yet

In a Cloud Microservices Market report, it was found that the cloud microservices market was valued at USD 831.45 billion in 2020, and it is expected to reach USD 2,701.36 billion by 2026. This is a clear indication of how microservices are currently driving the market, encouraging organizations to break their applications into smaller components and leave their "traditional" monolithic architecture behind.

However, before we dismiss monoliths entirely, cloud architect and author Rahul Rai argues how microservices aren’t a cure-all to the challenges and pain points associated with monoliths.

Posted on

3 Simple Ideas to Make Your Life Easier With Kafka

Apache Kafka was open-sourced by LinkedIn in early 2011. Despite all the initial limitations, it was a huge success and it became the de-facto standard for streaming data. The performance, possibility to replay events and multiple consumers independently were some of the features which disrupted the streaming arena.

But Kafka has been also known for its difficult learning curve and difficulties with the operation. In my experience, both things are improved a lot in the last few years but the original gotchas remain:

Posted on

How to Write Test Script in Selenium?

Selenium is one of the essential automation testing tools for web applications or websites. So, it is quite efficient for you to learn the right process to code and write the Selenium test scripts with the help of the right Selenium testing tutorial. The people who want to automate the website or web application testing process always think of Selenium, and conducting this test is also an easy process.

Today I am going to share the important steps that you need to follow to understand how to write a Selenium test script for automation testing of the website or web application. Follow this blog till the end to master the art of doing it.

Posted on

Developer Tooling for Kubernetes in 2021: IntelliJ, VSCode, Gitpod, and Lens (Part 3)

Over the last few days, I have been hard at work writing an up-to-date comparison of Kubernetes tooling (check out the first and second posts if you haven’t already, which cover tools that help you reproduce issues locally). Going through the sprawling Kubernetes ecosystem and curating the knowledge that would be the most interesting to fellow developers and engineering managers has been no small task. That’s why section 3 will cover the heart of cloud-native development: the IDE.

Some of the questions I have been struggling with have been:

Posted on

Vue.js and Symfony — User Authentication

In this article I will skip the Symfony authentication process as this can be found in the official documentation (it’s more about presenting the solutions in case of using Vue.js):

JWT Token-based Authentication — Does It Have to Be This Way?

Vue.js allows us to either create a SPA (Single-Page Application) or to be used in the form of hybrid where we can inject the components into already existing code or use Vue.js as an extension of current frontend code (In which case I learned the hard way that it can become very messy — You can find more here) — as for both cases the authentication can be implemented/solved in different ways.