CodeIsGo.com

Palo Alto Networks eliminated the MQ layer for a project that correlates events in near real time, using an existing database instead of Kafka. By Cynthia Dunlop.

Global security provider Palo Alto Networks processes terabytes of network security events each day. It analyzes, correlates and responds to millions of events per second — many different types of events, using many different schemas, reported by many different sensors and data sources. One of its many challenges is understanding which of those events actually describe the same network “story” from different viewpoints.

The main points worth mentioning in the article:

• Evolving from Events to Stories
• Implementation 1: Relational database
• Implementation 2: NoSQL + message queue
• Implementation 3: NoSQL + Cloud-managed message queue
• Implementation 4: NoSQL (ScyllaDB), no message queue

According to authors the company reduced the operational complexity because tehy did not add another system — they actually removed a system [Kafka] from our deployment. Nice one!

“We paid for a bunch of tools but we don’t know what we should be looking at. There are tons of charts that don’t seem to mean anything!” Software monitoring, how does it work? By Jeremy Hicks.

If you talk to people about software monitoring you’ve inevitably heard something similar to this. With so many possible metrics it can feel like searching for a needle in a haystack. Even with curated dashboards there is inherent confusion about what is important. A great way to get started is to apply the 4 “Golden Signals” of Latency, Errors, Traffic, and Saturation (L.E.T.S.). These four concerns provide a fairly generic framework you can use to understand your software and infrastructure.

Applying L.E.T.S. you might be concerned about:

• Latency: How long does it take to get food to a customer?
• Errors: How often are we unable to make a meal or have to comp a free meal?
• Traffic: How many customers are we taking in (and when)?
• Saturation: How many meals can employees actually complete and serve at the same time?

Latency metrics will help you decide if you need to hire more cooks, servers, or upgrade equipment. Errors will help you measure improvements from better training, staffing, and equipment. Traffic helps you understand how much staff you need, when you need them most, and when you can schedule fewer. Measuring customer traffic may even help you decide when it is time to expand! Saturation can help uncover scheduling deficiencies, issues preparing certain popular dishes in parallel, and other unknown efficiency gaps.

Monitoring these concerns would allow you to make informed decisions on scaling aspects of your business and the impact of any changes Excellent read!

The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economy. By Connor Jones.

A leading Microsoft security executive said the efforts of law enforcement to try and shut down ransomware operations aren’t enough to provide a meaningful deterrent.

“The problem with the efforts by law enforcement globally to try to address ransomware is that the challenges of conducting traditional law enforcement investigations and prosecutions against ransomware actors are just too difficult given the the cross-border nature of that activity, the fact that a lot of the actors are beyond the reach of law enforcement that care about this issue. It’s just too difficult,” said Burt.

Asked about the nature of ransomware organisations’ evolving tactics, such as triple extortion, Microsoft said the primary development in tactics, techniques, and procedures (TTPs) is in how they evade detection. Interesting read!

TLS, or transport layer security, is a protocol used across the globe to encrypt and secure communication over the internet. In this article, we’ll discuss what TLS is, what benefits it provides, and why you need it. Then we’ll walk through implementing TLS in Java. By Himanish Munjal.

The article then goes and explains:

• What is TLS?
• The importance of TLS
• Core concepts
• Implementing TLS in Java

If you have created a Java application that communicates over the internet, it’s necessary to implement TLS at both client and server side. TLS ensures that the data is safely transferred by providing encryption and integrity, and also helps in authentication of both parties. Good read!

At some point you have probably come across a website that uses an autocomplete text box, drag and drop, or scroll based animations. If you have then chances are also pretty high that you have encountered debouncing and/or throttling without even realizing it. By @webdevsimplified.com.

First I want to talk about debounce since debounce is the ideal solution for things like autocomplete text boxes. Debouncing works by delaying our function call by a set period of time. If nothing happens during that time then the function will run just like normal, but if something happens that causes the function to be called again during the delay then the delay will be restarted.

Like debounce, throttle is also used to limit the number of times a function is called, but, unlike debounce, throttle will call the function passed to it every time the delay ends as long as the trigger for the function is still happening. For example, if our delay is set to 1 second then our throttled function will execute immediately when it is called and then at most once per second while the user is actively typing.

Anytime you are dealing with groups of events that you want to group together debounce and throttle are perfect. They save you money on server costs, save your users money on data costs, and overall make your app more performant. Nice one!

This guide describes, what of the different configurations described in those guides is already implemented as default in the nginx implementation of kubernetes ingress. By @kubernetes.github.io.

There are several ways to do hardening and securing of nginx. In this documentation two guides are used, the guides are overlapping in some points:

• nginx CIS Benchmark
• cipherlist.eu (one of many forks of the now dead project cipherli.st)

Be aware that this is only a guide. Some of the configurations may lead to have specific clients unable to reach your site or similar consequences. The guide clearly depicts what needs to be configured, what is obsolete due to the fact that the nginx is running as container (the CIS benchmark relates to a non-containerized installation) and what is difficult or not possible. Nice one!

Until 2022, NGINX supported the well-known ModSecurity open-source WAF solution and OWASP Core RuleSet Signatures. However, following Trustwaves End-of-Life notice about ModSecurity, and possibly related also to the acquisition of NGINX by F5, NGINX announced in May 2022 that it will end of life ModSecurity, leaving NGINX open-source with no open-source security solution. By Christopher Lutat.

In this article, authors will briefly compare the NGINX App Protect signature-based WAF solution and a new open-source initiative called “open-appsec,” which builds on machine learning. open-appsec provides preemptive web app and API threat protection against OWASP-Top-10 and zero-day attacks, and it can be deployed as an add-on to both NGINX and NGINX Ingress open-source and premium (Plus) versions.

NGINX App Protect WAF is based on the traditional F5 signature-based WAF solution, with good coverage for OWASP-Top-10 and other common attacks. The App Protect WAF comes with two policies - Default and Strict. The Default policy provides OWASP-Top-10 protection.

open-appsec is a new open-source initiative that builds on machine learning to provide enterprise web application and API security with the visibility, protection and manageability that is required by modern workloads that updates frequently and are based on are often based on many 3rd party components not in full control of the developers. For DevOps/DevSecOps and AppSec teams, open-appsec:

• protects web applications and APIs preemptively against OWASP-Top-10 and zero-day attacks using machine learning with no threat signature upkeep required
• blocks attacks such as Log4Shell, Spring4Shell and Text4Shell with default, settings and no updates required, due to its preemptive nature
• delivers precise threat prevention through continuous learning, finding attacks while eliminating the manual tuning and exception creation inherent to traditional WAFs

Signature-based solutions are well-proven, but they are reactive by nature, meaning that often signatures aren’t available until after vulnerabilities have been known for some time and exploits are put into circulation. In many high profile High and Critical risk zero-day attacks that happened in the last year. Good read!

On 1 June 2022, a Google Cloud Armor customer was hit with a Distributed denial-of-service (DDoS) attack over the Hypertext Transfer Protocol Secure (HTTPS) protocol that reached 46 million requests per second (RPS), making it one of the largest ever recorded Layer 7 DDoS attacks reported this year. By Debashis Pal.

In Wireshark, tls.handshake.type == 1 will show all instances of Client Hello. If there are too many of these packets coming from the same source IPs, this could be an attack …

This article is good analysis of Layer 7 attacks:

• HTTP flood DDoS attack
• How to analyse for HTTP flood attacks
• HTTP pipelining attack
• How to analyse HTTP pipelining
• SSL renegotiation and HTTPS flood DDoS attack
• How HTTPS works
• SSL/TLS renegotiation
• How to analyse for thc-ssl-flood attacks
• HTTPS flood DDoS attack
• How to analyse for HTTPS flooding

HTTP floods consist of a continuous legitimate session of HTTP GET or HTTP POST that GET and POST requests to a targeted web server. These requests are specifically designed to consume a significant amount of the servers resources. To achieve maximum impact, malicious actors usually employ botnets — many devices infected with malware. Malicious actors may also use other HTTP methods such as PUT and DELETE to make the attack more complex. Very informative!

During the pandemic, the use of Maersk App skyrocketed. To meet the growing number of feature requests and scale our solution, a different approach was required. Keeping up with requirements to solve the business needs of our customers was challenging and time-consuming as all development had to be done twice for two native (Android and iOS) apps. Over time, tech debt for maintaining two codebases was getting high as the underlying platforms changed as well as new features and services for our customers in a rapidly growing userbase. By Gaurav Bhatnagar, Satish Kumar.

The challenge was to upskill our engineers;no one had prior experience with Dart or Flutter. We had to take three (Android, iOS, and Web) distinctive teams from diverse backgrounds and bring them together. This was a rigorous process, and we got great support from the engineers. Flutter’s documentation is excellent for beginners and the familiar widget tree structures helped engineers to start contributing quickly.

The article then describe teams journey to Flutter:

• Why Flutter?
• Learning the ropes
• The main course
• Robust booking journey
• Revised UI with reusable components
• Customer feedback
• Phenomenal benefits

The Maersk App team has continued to add features at a rapid rate. Having Flutter as our main technology has significantly reduced technical barriers, allowing new engineers to be able to contribute to our app within days after being onboarded. By using a single framework to ship two apps we can get creative and create something amazing. Excellent read!

We are in a state where companies are releasing software and solutions within minutes, and they are doing so by following the Continuous integration (CI) and continuous delivery (CD) set of operating principles. By Himanshu Sharma.

A CI/CD pipeline makes the automatic delivery of your software more frequent, reliable, and secure. It focuses on higher code quality, and that’s why it is vital for a mobile developer or team. Flutter is an open source framework by Google for building beautiful, natively compiled, multi-platform applications from a single codebase.

The article will help yuo to make sense of:

• What is GitHub Actions?
• Use a basic Flutter action to build an Android release
• How can you make your workflow faster?
• Prepare for the Play Store release
• Sign the app
• Deploy the app
• Flutter web release to GitHub pages

In this tutorial, you learned about how to set up a GitHub Actions workflow to deploy your Flutter app across the Web and Android. For the next step, you can copy and modify the workflow to directly release the app to the app store or learn about other alternatives of GitHub Actions like CircleCI, GitLab CI, Jenkins, and more. Nice one!