Published on December 6, 2017 by John Poulin
As Jonn Callahan and I sat at AWS re:Invent this year, one thing kept coming up in our conversations: inspiration. Between the exciting new service releases, the innovative use cases, and the great networking events, it was hard to go to bed at night without compiling a list of all of the things we want to build, or how we can modify our current architecture to scale better at a lower cost point.
We wanted to share a list of the features and services we thought will have the most impact on our architectural designs, or help our clients best stay secure.
Published on November 30, 2017 by Jack Mannino
The final version of OWASP Top 10 2017 was recently released and it has changed significantly from the 2013 version. Within various release candidates of the 2017 list, there were significant changes as well. While the significant issues with the RC1 release were well-documented and analyzed, RC2 and the final Top 10 have been a course correction for the project and a net-positive overall. Of the major changes in the final version, one of the biggest debates has centered around the removal of Cross-Site Request Forgery (CSRF) and additions of Insecure Deserialization and XML External Entities (XXE). This post focuses on analyzing why we believe it made sense to demote CSRF and focus on lesser “fixed” areas in our code and frameworks.
Published on November 16, 2017 by Jack Mannino
Microservices allow you to build your applications as services that are deployed and maintained independently. While many software organizations have been using microservices and containers for years, a considerable amount are still in the early phases of adopting and migrating their legacy architectures heading into 2018. Microservices have a lot in common with Service-Oriented Architectures (SOA), but have their own unique properties too. Compared to traditional monolithic software development, microservices speed up our deployments, let us iterate faster, and take full advantage of modern computing platforms. There are great benefits to using microservices, but there are also many architectural complexities to consider as well as cultural and procedural issues to solve. Keeping your architecture secure with decentralized governance can be challenging and requires us to think carefully upfront about how to scaffold security within our core design and habits. Read more...
Published on November 7, 2017 by Jack Mannino
Published on October 24, 2017 by Jack Mannino
Continuing our blog series on technologies we love and use internally at nVisium, let’s take a stroll through the park with Kubernetes. We’ve implemented Kubernetes to deploy and scale our containerized microservices, which allows us to
magically easily spin up and manage new services and focus on new features rather than managing containers and infrastructure. However, the speed and simplicity of how you can deploy complex applications with a few strokes of the keyboard can also be our enemy if we don’t bake security into our design. This post is the first in an eight-part series that will explore the broad surface and internals of securely designing your systems as powered by Kubernetes.
Published on October 4, 2017 by Jack Mannino
Play 2.6 final was recently released and it includes a ton of awesome new features. Some of the most exciting features include: replacing Netty with Akka HTTP Server as the default backend as well as shipping with experimental HTTP/2 support (finally!). From a security perspective, Play 2.6 introduces new features and settings you want to take advantage of. Read more...