CodeIsGo.com

Network security attacks have gained momentum over the past years, which highlights the need for network defenders. Learn more about network security attacks and their types. By CISOMAG.

With online shared resources for storing sensitive data and trade secrets gaining prominence, and data exchange moving to cloud infrastructure, the risks are enormous.

Common types of networking attacks:

• Computer virus
• Malware
• Computer worm
• Botnet
• Phishing
• DoS (Denial of Service) and DDoS attacks
• 5G based Attacks
• Ransomware
• SQL Injection Attacks

No network, no matter how secure, is safe from intrusions and cybercriminals. Some of the severe emerging threats to network security are DDoS attacks, man-in-the-middle attacks, phishing attacks, inadequate network protocols, and ransomware attacks. Good read!

Welcome to the latest installment of the OWASP Top 10! The OWASP Top 10 2021 is all-new, with a new graphic design and an available one-page infographic you can print or obtain from our home page. By @owasp.

There are three new categories, four categories with naming and scoping changes, and some consolidation in the Top 10 for 2021.

These are some of the top 10 security issues:

• A01:2021-Broken Access Control moves up from the fifth position; 94% of applications were tested for some form of broken access control. The 34 CWEs mapped to Broken Access Control had more occurrences in applications than any other category.

• A02:2021-Cryptographic Failures shifts up one position to #2, previously known as Sensitive Data Exposure, which was broad symptom rather than a root cause. The renewed focus here is on failures related to cryptography which often leads to sensitive data exposure or system compromise.

• A03:2021-Injection slides down to the third position. 94% of the applications were tested for some form of injection, and the 33 CWEs mapped into this category have the second most occurrences in applications. Cross-site Scripting is now part of this category in this edition.

• A04:2021-Insecure Design is a new category for 2021, with a focus on risks related to design flaws. If we genuinely want to “move left” as an industry, it calls for more use of threat modeling, secure design patterns and principles, and reference architectures.

.. and more. Follow the link to the original blog to learn more and observe graphical comparison against 2017. Nice one!

Observing a gRPC-based Kubernetes application using Jaeger, Zipkin, Prometheus, Grafana, and Kiali on Amazon EKS running Istio service mesh. By Gary A. Stafford.

According to the gRPC project, gRPC is a modern open source high-performance Remote Procedure Call (RPC) framework that can run in any environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking, and authentication. gRPC is also applicable in the last mile of distributed computing to connect devices, mobile applications, and browsers to backend services.

In this post, we will examine those same observability tools to monitor an alternate set of Go-based microservices that use Protocol Buffers (aka Protobuf) over gRPC (gRPC Remote Procedure Calls) and HTTP/2 for client-server communications as opposed to the more common RESTful JSON over HTTP. We will learn how Kubernetes, Istio, and the observability tools work seamlessly with gRPC, just as they do with JSON over HTTP on Amazon EKS.

Also in the article:

• Protocol buffers
• Reference application platform
• Converting to gRPC and protocol buffers
• gRPC Gateway
• Alternatives to gRPC Gateway
• Istio VirtualService and CORS
• Pillar 1: Logs
• Pillar 2: Metrics
• Pillar 3: Traces
• Kiali: Microservice observability
• Zipkin

… and more. You will find plenty of code examples and screen grabs explaining the concepts in the article. This is a treasure chest full of links to other of resources to enhance your devops and site reliability engineering. Excellent!

What is macro? A common explanation given is that a macro is a program that is able to take code as an input and output code. While it’s true, it might not immediately make sense since Scala programmers are often familiar with higher-order functions like (map {…}) and by-name parameter, which on the surface it might seem like it is passing a block of code around. By @eed3si9n.

The article is split into these sections:

• Quotes and Splices
• Quotes Reflection API
• Tree
• Printer
• Literal
• FromExpr typeclass
• Position
• TypeRepr
• AppliedType

… and more. You will also get the code examples for each concept explained.

Macros in Scala 3 brings out a different level of capability in programming, which is to manipulate the shape of source code using Scala syntax itself, and also to directly interact with the type system. Where possible, we should opt to use the Scala syntax to construct the quoted code instead of programmatically constructing the AST via (Quote) Reflection API. Good read!

There are discussions being held today around hot commodity, “data”. Data has also been evolving at an unprecedented pace and affecting our lives directly with its mammoth influence on industries as varied as healthcare, education, banking and finance. By Australian Manufacturing Forum @aumanufacturing.

In the latest industrial revolution, Industry 4.0, we are monitoring, analysing and utilising unprecedented levels of data attained on the shop floor, thanks to the developments in the advanced manufacturing practices and techniques.

The article also mentions:

• The development of data collection in smart manufacturing
• The developments of data analysis in smart manufacturing
• Three paradigms of data analysis
  • physical modeling
  • machine learning
  • deep learning

In data-driven manufacturing practices, the huge amounts of data gained from the plant floor, whether held on premise or in-cloud, will not stack up without proper interpretation through new analysis tools and methods.

The long-term planning approach, “Think big, start small,” can help manufacturers reap the benefits of technologies mentioned above, reviving local manufacturing industries to the 1960s levels of nearly 30 per cent of GDP, compared to today’s 5.6 per cent. Good read!

Application Programming Interfaces (APIs) are the building blocks of modern digital ecosystems. They’ve collapsed data silos, allowing businesses to streamline their operations. By David Campbell.

APIs have become a strategic move that every business must adopt. That’s what’s happening. The growth of API traffic is witnessed across different industries.

The article content is focused on:

• What are the benefits of having an effective API strategy?
• Putting together a solid API strategy
  • Align the digital strategies
  • Align the organization’s culture and mission
  • Select the appropriate API platform and tools
  • Distribute clear up-to-date documentation
  • Create the appropriate API architecture and infrastructure
  • Set up a test API project
  • Begin creating a digital ecosystem
• Bottom line

APIs are increasingly popular for good reasons. They boost collaboration, reduce the time to market for new products, promote innovation, enhance marketing strategies, and so on. Good read!

In contrast to all the other important test methodologies, “Test Like You Fly”, or TLYF for short, emphasizes testing to find fundamental flaws in a system that will prevent it from performing the mission. Most testing methodologies strive to confirm that requirements - the input to our designs - are being met by the system as written. By Tim Chambers.

TLYF is all about confirming that the system - as a whole - will operate in the environment it is designed to operate, the environment we typically refer to as “live” or “production”. It is vitally important to find what doesn’t perform as expected and to understand the reasons for this anomalous behavior, especially where such defects can degrade, cripple, or abruptly end a mission.

In our testing strategies we frequently attempt to isolate the component under test - large or small - from the rest of the system. We know what we want to test, and fine-grained or coarse, we test segments of the system. The larger the component, or the broader the test, the more we tend to try and prove it WILL work - work “as designed”.

TLYF comes at the system from the other direction. Testing Like You Fly is designed to as completely as possible drive the system as it will exist in production. It demonstrates that the mission of the system or application can achieve success, not that it merely meets requirements. All components are wired together and available in as real-world an environment as is possible. Read this article in full to get some very interesting insights!

Some organizations have hundreds of small containers across many different servers in different development, test, and production environments. This can be tricky to manage, which is why companies have turned to Kubernetes for container orchestration. By Craig Risi.

This has made Kubernetes not only a vital part of many development pipelines but also a central system and potential performance bottleneck that needs to be managed and balanced to ensure optimized performance.

The article deals with:

• How to set up a load balancer on Kubernetes
• Enable the readiness probe on a deployment
• Enable the readiness probe on a deployment
• Enable CPU/Memory requests and limits
• Flag when RBAC rules change
• Control the container images deployed into your cluster
• Apply network policy to your deployments
• Flag any service account changes
• Adjusting POD toleration

Applying Security Groups policies to your VMs or your Kubernetes worker nodes is considered essential to security. We should do the same with Kubernetes workloads. And load balancing is essential to keeping your Kubernetes clusters operational and secure at a large scale.Good read!

One of the most useful features of any version control system is the ability to “undo” your mistakes. In Git, “undo” can mean many slightly different things. By Joshua Wehner.

When you make a new commit, Git stores a snapshot of your repository at that specific moment in time; later, you can use Git to go back to an earlier version of your project.

The article will give you more info on how to:

• Undo a “public” change
• Fix the last commit message
• Undo “local” changes
• Reset “local” changes
• Redo after undo “local”
• Once more, with branching
• Branch in time saves nine
• Mass undo/redo
• Fix an earlier commit
• Stop tracking a tracked file

Each section has scenario with command(s) description and explanation what is happening behind the scenes. Older article but evergreen. Nice one!

Computing at the Edge is one of the most exciting capabilities in recent years. CDN allows you to keep your files closer to your users. Edge computing allows you to run your applications closer to your users. This helps developers to build globally distributed, performant applications. By Enes Akar.

Cloudflare Workers is the leading product in this space right now. It gives you a serverless processing environment without cold starts. You leverage Cloudflare’s global network to minimize latency of your applications. You can write your functions in JavaScript, Rust, C and C++.

The article also deals with:

• Comparing with Cloudflare Workers KV
• Analytics at the Edge
• Cloudflare workers code
• Analytics tool code
• Upstash edge roadmap

Similar to Serverless functions (AWS Lambda etc.), Cloudflare Workers are stateless. Unfortunately, most databases are not designed for serverless environments, they require persistent connections. We developed the REST API over Redis to enable serverless edge functions to access Upstash in the simplest and fastest way possible. Good read with link to the code used in the article.