Cards you may also be interested in
DevOps Security Practices at Codica: How We Create Secure Web Products
The article was initially published in the Codica blog. Computers and networks have transformed many aspects of our everyday routines. The evolution resulted in new learning and communications techniques as well as security requirements for virtual systems. This article explores the crucial concepts necessary for robust security. Also, we share Codica’s experience in using them to ensure safety in custom web solutions. What is security, and why is it important? Security is the protection of your systems against outer threats. It relies on different layers and procedures. When your solution is protected, it helps avoid the relevant business risks and instability of your solution’s work. It is worth noting that security is not a limited set of tools. It is rather a set of both tools and guidelines that help protect your solution. As threats constantly change, so do the security guidelines. The most common model that represents typical threats is STRIDE, developed by Microsoft. The acronym denotes different security leaks, such as unauthorized modification or distribution of data. The most important security tools include the following: - Firewalls, - Intrusion Detection System (IDS), - Antivirus, - Encryption tools, - Packet sniffers, - Penetration Testing. The instruments constantly evolve. For example, firewalls changed, as presented in the image below. Security concepts are standardized under CIA and AAA models, which help us in our practice. CIA stands for confidentiality, integrity, and availability. It states the importance of protecting data against unauthorized access and changes. The AAA term means authentication, authorization, and accounting. It means verifying the user’s identity through a step-by-step verification process. You can see the whole process in the picture below. The security concepts and models help streamline an efficient approach to protecting solutions. We discuss Codica’s practices below as an example of the successful implementation of the security principles. Security pillars in product development: Codica’s experience At Codica, we use AWS cloud services for managing infrastructure security. We manage our infrastructure with code. The Infrastructure as Code (IaC) approach allows for scaling and cost saving. Also, it enables you to move the vast security processes to the primary cloud provider. That is why we use Terraform for our web projects. It allows creating and updating of the AWS infrastructure. Through Terraform, you can ensure an accurate result “as expected”. Furthermore, you can create more infrastructures if you need better fault tolerance and higher availability. For monitoring API activity, we use CloudTrail. This is a service for a continuous record of events in an AWS account. You can read more in AWS Documentation. With that said, we will discuss with examples how you can improve security with AWS tools and services. Infrastructure security As we work with the AWS infrastructure as a service, we care that this environment is protected from our side. For example, when creating any resource, you can run the code through a tfsec security scanner and see what improvements and security-related fixes you can make. These may include adding descriptions for better auditing, as well as reworking security groups' ingress rules. Also, usually, it is essential to allow only inside-VPC traffic, which helps make ingress rules more efficient. Besides, we recommend using this security group rule resource. Thus you will be able to modify security groups without recreation. Inventory and configuration management These operations are necessary to monitor the architecture’s state. For example, thanks to configuration recording, we can see that our server configuration or security groups changed and take some actions in response. To see the current state of architecture, we use tfsec, terrascan, and dritfctl for security scans and config recording (with Terraform states). Below is a typical layout of Terraform infrastructure. Cloudwatch metrics filters against the CloudTrail log group help us in work as well by notifying us about changes or unauthorized API activity. We also follow GitOps practices, which enables us to keep updates on the infrastructure configuration in the repository. Cost control and cost optimization are also vital when building solutions. To optimize the costs, we use Infracost. Data encryption Encryption means turning data into a secret code. It conceals the data that you send or store. In our practice, we do not encrypt all data as it is inefficient. But it is necessary to understand what data need to be encrypted. For example, we encrypt confidential data. We use KMS for that. This is the Amazon service that helps create and control keys for data encryption kept in AWS. Also, we encrypt a database and place it in private subnets within our subnet group. This is done in combination with a well-made ingress rule and choosing a long username and password (or using IAM authentification). These methods will help you keep your database secure and save you from a lot of problems in the future. Identity and access Access control is vital for protecting the environment against unauthorized and harmful actions. So, we use AWS Identity and Access Management (IAM). This instrument helps us create users and assign them certain policies. So, we can control which AWS resources and services they access. In our practice, we also always use multi-factor authentication (MFA) for console users. When we need to provide developers or applications with access to AWS, we apply strict policies. For application credentials, we use per-service policies and create separate users and roles. Monitoring and logging In simple words, logging means recording information about processes in an application or environment. To do this, we write to them to cloudwatch log streams. You need to set up tools for that. If monitoring is tuned right, we get notified about downtime in just a few seconds as they appear. Thanks to monitoring, we see if the application stopped working for some reason and understand why there is an issue in performance. Based on our DevOps security practice, we’ve chosen the Prometheus stack as the best set of tools for our needs. It includes Alertmanager for notifications, Grafana for visualization, and a list of different exporters. Also, we use Pagerduty to see if there are any alerts. This tool also sends us notifications to a few different endpoints, including Slack and email. Container security It means the protection and securing of the containerized environment OS and host OS as well as applications. In our practice, we use multi-stage Dockerfiles, custom users, and we do not add any sensitive data to Dockerfiles. Other recommendations that come from our experience include packing minimum data to images. Also, we create images that will not install or pull any updates or similar processes at the start. In our practice, we use docker’s BuildKit and Kaniko image-building engines. Conclusion Security is one of the vital aspects of a solution. At Codica, we ensure it with proven tools and by applying best practices. If we get a request from our client on scaling a solution, we are eager to revise the security aspects of the solution architecture. If you need a reliable software solution, contact us. Our team will help you build, secure, and optimize your product.
Why React Native App Development is Most Favourable?
Are you looking for react native app development solution for your business? Here we provide an A-to-Z solution about React Native Mobile App Solution for every field of business. Mobile app development is a quite difficult process while you developing for Android and iOS platforms. Nowadays, technological advancement and innovation make your application development process easier. In this flow of innovation React Native is one of the most popular and all-demand software frameworks. React Native is a very favorable and on-demand open source framework software. React Native offers many advantages such as you can easily learn, between Android and iOS apps you can do minor changes to work on both platforms, don't need too much time to reload, native components for both Android and iOS, widest library, no require Mac while working on iOS, cross-platform compatibility, reusable code with a pre-built component, familiar programming language, develop a stable app, support third-party plug-in, rich UI, quick live update. Many mobile app development companies choose to develop their apps with React Native due to the single code strategy which helps them run their apps on both Android and iOS platforms. Through this process, you can create apps in less time with minimum cost. So, React Native App Development process offers many unique benefits like it is quick to build, stable and quality which gives the best experience of native applications within one platform. At Info Stans we provide the most trusted resource for React Native developers who have large industry experience and can capable of taking any type of react native project in many industries such as dating app development, real estate app development, healthcare, transport, food delivery, education and more.
Install and run DevTools from Android Studio & VS Code
DevTools is the ultimate tooling suite with amazing layout inspection tools, memory tools, and especially performance tools. Dart and Flutter developer mostly prefer the DevTools for saving more time in the process. These tools are quite an efficient option for easily making superior effective Flutter developments. These are bundled into the single web suite, which provides more features to the excellence. Need for using DevTools: DevTools or Chrome Developer Tools provides the developers with better access to any internal working of web-based browsers as well as apps. Chrome DevTools lets you easily gain the better styles used, size of images, and scripts that are used in it. It is quite a convenient option to debug errors on the page. Leading Flutter development company brings you the convenient option to Install and run DevTools for a wide number of applications. Flutter DevTools is a suitable option for easily performing a wide number of operations such as: Diagnose UI junk performance UI inspection Network profiling for an app Debug memory issues DevTools used for CPU profiling Diagnose issues with flutter apps App state inspection View general log diagnostics information of an app Source-level debugging of an app Analyze your code How to install DevTools from Android Studio? Android Studio is the fastest developer tool suitable for easily building market-leading apps. These are suitable options for accelerating performance. These are enabled with more numbers of features such as the flexible build system, intelligent code editor as well as real-time profilers. It would easily eliminate any kind of tiresome tasks and optimizes the code workflows. It is quite an easier option for installing the DevTools from Android Studio with the below steps, such as: Install the Flutter plugin in Android Studio Android Studio settings Open plug-ins page Search flutter in the marketplace Install plugin Run Flutter app Ensure the device is connected to the project Click Run or Debug toolbar buttons Launch DevTools from Menu in Flutter project App runs successfully Start DevTools by implementing the following instructions open Open Run Open DevTools toolbar action DevTools toolbar action will be visible DevTools action from more Actions menu View in flutter project Installing the Flutter plugin: For installing and running the DevTools from Android Studio, it is necessary to install the Flutter plugin. These processes are done with the normal Plugins page upon accessing the Android Studio settings. Upon accessing the page, it is quite a convenient option to search the marketplace for the Flutter plugin. How to Start the app to debug? For opening the DevTools, it is necessary to run the Flutter app. It is done by opening the Flutter project and ensuring the device is connected to it. So you could easily click the Debug or Run button. Steps to Launch DevTools From The Toolbar Or Menu: When the app is running then you need to start the DevTools using any method such as Choose the “Open DevTools toolbar” action in Run view Choose “Open DevTools toolbar” action in Debug view Choose “Open DevTools” action from More Actions Menu in the Flutter Inspector view It is also quite a convenient option to open DevTools using the IntelliJ action. These can be done using the Find action dialog or pressing the Command+Shift+A on the Mac. These help to search for Open DevTools action and suitable options to launch them accordingly, even without any hassle. When you select Open DevTools action, then DevTools will be automatically installed in the process. The browser would instantly open the pointing in the DevTools app. When it is opened with IntelliJ action, then DevTools will not be connected to the Flutter app. It is quite an efficient option for providing the unique protocol port to run the app. These could be done with inline connect for running dialog box. How to install DevTools using the VS Code? DevTools can also be installed using the VS Code as it is one of the significant options for extensively saving your time. Below are the steps to install DevTools using VS Code: Install Flutter extension for debugging flutter applications to use the DevTools Launch application Debug your application Click “Run” Start Debugging (F5) Start Debugging Dart Opens DevTools command when debugging starts in VS Code command palette. You will be prompted to activate DevTools Click the ‘Open’ button Activate DevTools package DevTools launches in browser Connect to debug session Install DevTools from command line: When you have the Flutter in the devices then it is quite convenient for running the flutter pub global activate devtools. Normally, the command is helpful to install or update the DevTools in the device. You can simply launch the DevTools directly using the application server and run the local web server. Flutter pub global run devtools Now you could easily start the Flutter application or even the Dart command-line application. These include enabling the following such as the cd path/to/flutter/app. It is quite a convenient option for having the device connected on flutter run. Flutter inspector: Normally, the Flutter widget inspector is one of the amazing tools for gaining visualizing as well as monitoring Flutter widget trees in the applications. Flutter framework with the widgets is a core building block that would control all attributes. It assures with maintaining the layout like the padding, row, column as well as centering. Flutter-based Inspector helps to visualize along with exploring the widget trees. It is a suitable option to easily gain more numbers of attributes such as understanding the existing layouts of the app. These are also a suitable option for diagnosing the layout issues in applications. Following are the features in the inspector’s toolbar in flutter’s DevTools: Select widget mode Refresh tree Paint Baselines Debug Paint Slow Animations Repaint Rainbow allows rotating colors on layers Debug Mode Banner Conclusion: Above are the steps you could follow for installing and running the DevTools from Android Studio. It is useful for the web developer to build directly into the Google Chrome browser saving more time in the process. Source: