LIST

OWASP Using Components with Known Vulnerabilities

Components with Known Vulnerabilities Most developers don't even know what all is in their dependency tree. Sadly, most successful attacks are not the exciting "zero day, rush to patch before they get it" kind of thing. Most attacks are mundane. pattern: use your build tool to extract a report of ALL the artifacts that went into your build (including build tool’s plugins) pattern: check CVE manually weekly or automatically (src:...

September 10, 2022

OWASP XML External Entities (XXE)

XML external entity (XXE) injection <!DOCTYPE foo [ <!ELEMENT foo ANY> <!ENTITY xxe SYSTEM "<file:///etc/passwd>"> ]> <foo>&xxe;</foo> Most xml parsers are vulnerable to XXE injection by default. You need to configure them to be safe (src: Book_ release it! - Michael Nygard)

September 10, 2022

cdk run local lambda with sam-cli

install brew install awscli brew install aws-cdk brew tap aws/tap brew install aws-sam-cli Using colima? Error: Running AWS SAM projects locally requires Docker. Have you got it installed and running? Enable AWS SAM local to run without Docker Desktop but Colima + Docker Daemon on MacOs # aws sam requires DOCKER_HOST to be set export DOCKER_HOST="unix://$HOME/.colima/docker.sock" Test lambda cdk synth --no-staging sam local invoke helloLambdaNodeJs --no-event -t ./cdk.out/*.template.json Start lambda...

September 9, 2022

aws credentials - don't store plaintext

prerequisites aws cli 1password v8 with cli enabled optional direnv for folder specific config (export env var) export AWS_ACCESS_KEY_ID=op://your-vault-name/AWS_CLI/username export AWS_SECRET_ACCESS_KEY=op://your-vault-name/AWS_CLI/credential alias aws="op run -- /usr/local/bin/aws" alias cdk="op run -- /usr/local/bin/cdk" alias sam="op run -- /usr/local/bin/sam" alias ts-node="op run -- node -r ts-node/register" Done you can now run aws commands aws s3 ls

September 7, 2022

Course: AWS & Typescript Masterclass - CDK, Serverless, React

(AWS & Typescript Masterclass - CDK, Serverless, React) Section 1: Introduction Section 2: AWS CDK & CloudFormation CDK commands Backend Section 3: Serverless project with CDK and Typescript Section 4: Serverless: AWS Lambda - bundling, testing and debugging Section 5: Testing and debugging Lambdas cdk run local lambda with sam-cli Debug typescript file with breakpoints (credentials via 1password) Section 6: AWS DynamoDb with CDK and Lambda Type Guards Section 7: [[aws-typescript-masterclass-7....

September 7, 2022

Architecture pattern: global dns + regional load balancers

Global server load balancing (GSLB) with DNS regional Load Balancers (src: Book_ release it! - Michael Nygard)

August 16, 2022

Book: release it! - Michael Nygard

(Book_ Release It! - Michael Nygard) Part 1 - Create Stability Ch2 case study Ch3 Stabilize your system Ch04 Stability Anti-patterns Ch05 Stability Patterns Part 2 - Design for production Ch06 case study Ch07 Foundations Ch08 Processes on Machines Ch09 Interconnect Ch10 Control plane Ch11 Security Part 3 - Deliver your system Ch12 Ch13 Ch14 Part 4 - Solve Systemic Problems Ch15 Ch16 Ch17 Model: cap theorem Model_ OSI model...

August 16, 2022

Heuristic: log level INFO for interesting state transitions

(src: Book_ release it! - Michael Nygard)

August 16, 2022

Heuristic: log levels ERROR & SEVERE should require action of the by the operators

ERROR & SEVERE should require action of the by the operators eg. ERROR circuit breaker tripped to open (probably needs fixing ont he other side of the connection) eg. ERROR failure to connect to database (src: Book_ release it! - Michael Nygard)

August 16, 2022

Heuristic: nominal values for continuous metrics

Heuristic: Alerts for continuous metrics (src: Book_ release it! - Michael Nygard)

August 16, 2022