Devops

Underprotected APIs pattern: bulkheading to limit the size of hacks pattern: communicate with most secure possbile public-facing API: TLS pattern: configure to reject protocol downgrades pattern: keep root Certificate Authority (CA) files up to date business-to-business: bi-directional certificates pattern: verify with generative testing library that your parser (JSON / XML / …) is hardened against malicious input pattern: fuzz-testing APIs & check failure responses rejects safely (src: Model_ OWASP top 10 [[book-release-it-michael-nygard....

Components with Known Vulnerabilities Most developers don't even know what all is in their dependency tree. Sadly, most successful attacks are not the exciting "zero day, rush to patch before they get it" kind of thing. Most attacks are mundane. pattern: use your build tool to extract a report of ALL the artifacts that went into your build (including build tool’s plugins) pattern: check CVE manually weekly or automatically (src:...

XML external entity (XXE) injection <!DOCTYPE foo [ <!ELEMENT foo ANY> <!ENTITY xxe SYSTEM "<file:///etc/passwd>"> ]> <foo>&xxe;</foo> Most xml parsers are vulnerable to XXE injection by default. You need to configure them to be safe (src: Book_ release it! - Michael Nygard)

install brew install awscli brew install aws-cdk brew tap aws/tap brew install aws-sam-cli Using colima? Error: Running AWS SAM projects locally requires Docker. Have you got it installed and running? Enable AWS SAM local to run without Docker Desktop but Colima + Docker Daemon on MacOs # aws sam requires DOCKER_HOST to be set export DOCKER_HOST="unix://$HOME/.colima/docker.sock" Test lambda cdk synth --no-staging sam local invoke helloLambdaNodeJs --no-event -t ./cdk.out/*.template.json Start lambda...

prerequisites aws cli 1password v8 with cli enabled optional direnv for folder specific config (export env var) export AWS_ACCESS_KEY_ID=op://your-vault-name/AWS_CLI/username export AWS_SECRET_ACCESS_KEY=op://your-vault-name/AWS_CLI/credential alias aws="op run -- /usr/local/bin/aws" alias cdk="op run -- /usr/local/bin/cdk" alias sam="op run -- /usr/local/bin/sam" alias ts-node="op run -- node -r ts-node/register" Done you can now run aws commands aws s3 ls

(AWS & Typescript Masterclass - CDK, Serverless, React) Section 1: Introduction Section 2: AWS CDK & CloudFormation CDK commands Backend Section 3: Serverless project with CDK and Typescript Section 4: Serverless: AWS Lambda - bundling, testing and debugging Section 5: Testing and debugging Lambdas cdk run local lambda with sam-cli Debug typescript file with breakpoints (credentials via 1password) Section 6: AWS DynamoDb with CDK and Lambda Type Guards Section 7: [[aws-typescript-masterclass-7....

Global server load balancing (GSLB) with DNS regional Load Balancers (src: Book_ release it! - Michael Nygard)

(Book_ Release It! - Michael Nygard) Part 1 - Create Stability Ch2 case study Ch3 Stabilize your system Ch04 Stability Anti-patterns Ch05 Stability Patterns Part 2 - Design for production Ch06 case study Ch07 Foundations Ch08 Processes on Machines Ch09 Interconnect Ch10 Control plane Ch11 Security Part 3 - Deliver your system Ch12 Ch13 Ch14 Part 4 - Solve Systemic Problems Ch15 Ch16 Ch17 Model: cap theorem Model_ OSI model...

(src: Book_ release it! - Michael Nygard)

ERROR & SEVERE should require action of the by the operators eg. ERROR circuit breaker tripped to open (probably needs fixing ont he other side of the connection) eg. ERROR failure to connect to database (src: Book_ release it! - Michael Nygard)