Category Archives: General

[Recommended Reading] Marshall Goldsmith

Source: Marshall Goldsmith Wikipedia

“Marshall Goldsmith (born March 20, 1949) is an American leadership coach and the author of several management-related books.” Read more…

Image source.

Advertisements

Leave a comment

Filed under Books, General, Leadership, Management, People, Recommendations

[Recommended Reading] OWASP Application Security Verification Standard Project

Source: OWASP Application Security Verification Standard Project

“The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.

The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. The standard provides a basis for testing application technical security controls, as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. This standard can be used to establish a level of confidence in the security of Web applications. The requirements were developed with the following objectives in mind:

  • Use as a metric – Provide application developers and application owners with a yardstick with which to assess the degree of trust that can be placed in their Web applications
  • Use as guidance – Provide guidance to security control developers as to what to build into security controls in order to satisfy application security requirements, and
  • Use during procurement – Provide a basis for specifying application security verification requirements in contracts.

Read more…

Image source.

Leave a comment

Filed under InfoSec, Recommendations, WorldOfSecDevOps

[Recommended Reading] XML external entity attack

Source: XML external entity attack Wikipedia

“An XML External Entity (XXE) attack is a type of computer security vulnerability typically found in Web applications. XXE enables attackers to disclose normally protected files from a server or connected network. Read more…

Image source.

Leave a comment

Filed under General, InfoSec, Recommendations, WorldOfSecDevOps

[Recommended Reading] Microservices

Source: Microservices Wikipedia

“A ‘microservice’ is a software development technique—a variant of the service-oriented architecture (SOA) architectural style that structures an application as a collection of loosely coupled services. In a microservices architecture, services are fine-grained and the protocols are lightweight. The benefit of decomposing an application into different smaller services is that it improves modularity and makes the application easier to understand, develop, test, and more resilient to architecture erosion. It also parallelizes development by enabling small autonomous teams to develop, deploy and scale their respective services independently. It also allows the architecture of an individual service to emerge through continuous refactoring. Microservices-based architectures enable continuous delivery and deployment. Read more…

Image source.

Leave a comment

Filed under General, InfoSec, Recommendations, Site Reliability Engineering, WorldOfSecDevOps

[Recommended Reading] Feature toggle

Source: Feature Toggle Wikipedia

“A feature toggle (also feature switchfeature flagfeature flipperconditional feature, etc.) is a technique in software development that attempts to provide an alternative to maintaining multiple source-code branches (known as feature branches), such that a feature can be tested even before it is completed and ready for release. Feature toggle is used to hide, enable or disable the feature during run time. For example, during the development process, a developer can enable the feature for testing and disable it for other users. Read more… “

Image source.

Leave a comment

Filed under General, InfoSec, Recommendations, Site Reliability Engineering, WorldOfSecDevOps