Security

I’ve been writing recently about best practices for patching and deprecating Docker images , but today I want to show how to automate a huge part of this process. You might already hear about Dependabot1, it’s a Github’s way to notify developers about security vulnerabilities in their projects. Renovate2 is similar tool3, but doesn’t require Github. For my professional work I use Bitbucket, so Renovate feels more universal as can be used anywhere....

Intro One of the biggest benefits of Docker images is their immutability. Once they’re built, they don’t change. Built once, would work forever… That’s how nightmares of security guys starts 🤣 We have then two contradictory concepts: flowchart LR id1(Keep it stable) <---> id2(Keep is up to date and secure) For day to day work, usually first concept wins. You want your builds stable and try to avoid tempting distractions of upgrading log4j to latest version… Who knows what might break....

What I want to do? I use my pool to securely store backups, archive my old documents and keep huge family’s photo library. I have new disks. They were tortured with badblocks , so they’re ready to create ZFS pool. I’ve read few documents about different approaches 1 2 3. I wanted to be sure if anything changed during past years. One of articles recommends mirroring over RAIDZ. Resilvering is faster, at the same time putting IO less stress on whole pool....

Bezpieczeństwo aplikacji webowychAuthors: Michał Bentkowski, Gynvael Coldwind, Artur Czyż, Rafał Janicki, Jarosław Kamiński, Adrian Michalczyk, Mateusz Niezabitowski, Marcin Piosek, Michał Sajdak, Grzegorz Trawiński, Bohdan Widła ksiazka.sekurak.pl

DevOpsŚwiatowej klasy zwinność, niezawodność i bezpieczeństwo w Twojej organizacji Authors: Gene Kim, Patrick Debois, John Willis, Jez Humble, John Allspaw helion.pl

Broń matematycznej zagładyJak algorytmy zwiększają nierówności i zagrażają demokracji Author: Cathy O'Neil helion.pl

Cisza w sieciAuthor: Michał Zalewski helion.pl

Black Hat PythonJęzyk Python dla hakerów i pentesterów Author: Justin Seitz amazon.plempik.comhelion.pl

Sztuka podstępuŁamałem ludzi, nie hasła Authors: Kevin Mitnick, William L. Simon helion.pl

I watched nice presentation about how Cloudflare protects itself against DoS. Most of us are not able to do that exactly like them but some of tips were general enough to be used on typical web front server. I took notes from this presentation and presented here. Thanks to Marek agreement I also reposted all examples (in easier to copy paste way). Howto prepare against ACK/FIN/RST/X-mas flood Use conntrack rule:...