Dmitry1
10+ Views

DevOps Security Practices at Codica: How We Create Secure Web Products

The article was initially published in the Codica blog.

Computers and networks have transformed many aspects of our everyday routines. The evolution resulted in new learning and communications techniques as well as security requirements for virtual systems.

This article explores the crucial concepts necessary for robust security. Also, we share Codica’s experience in using them to ensure safety in custom web solutions.

What is security, and why is it important?

Security is the protection of your systems against outer threats. It relies on different layers and procedures. When your solution is protected, it helps avoid the relevant business risks and instability of your solution’s work.

It is worth noting that security is not a limited set of tools. It is rather a set of both tools and guidelines that help protect your solution. As threats constantly change, so do the security guidelines.

The most common model that represents typical threats is STRIDE, developed by Microsoft. The acronym denotes different security leaks, such as unauthorized modification or distribution of data.

The most important security tools include the following:


- Firewalls,
- Intrusion Detection System (IDS),
- Antivirus,
- Encryption tools,
- Packet sniffers,
- Penetration Testing.

The instruments constantly evolve. For example, firewalls changed, as presented in the image below.
Security concepts are standardized under CIA and AAA models, which help us in our practice.

CIA stands for confidentiality, integrity, and availability. It states the importance of protecting data against unauthorized access and changes.

The AAA term means authentication, authorization, and accounting. It means verifying the user’s identity through a step-by-step verification process. You can see the whole process in the picture below.
The security concepts and models help streamline an efficient approach to protecting solutions. We discuss Codica’s practices below as an example of the successful implementation of the security principles.

Security pillars in product development: Codica’s experience

At Codica, we use AWS cloud services for managing infrastructure security. We manage our infrastructure with code. The Infrastructure as Code (IaC) approach allows for scaling and cost saving. Also, it enables you to move the vast security processes to the primary cloud provider.

That is why we use Terraform for our web projects. It allows creating and updating of the AWS infrastructure. Through Terraform, you can ensure an accurate result “as expected”. Furthermore, you can create more infrastructures if you need better fault tolerance and higher availability.

For monitoring API activity, we use CloudTrail. This is a service for a continuous record of events in an AWS account. You can read more in AWS Documentation.
With that said, we will discuss with examples how you can improve security with AWS tools and services.

Infrastructure security

As we work with the AWS infrastructure as a service, we care that this environment is protected from our side.

For example, when creating any resource, you can run the code through a tfsec security scanner and see what improvements and security-related fixes you can make.

These may include adding descriptions for better auditing, as well as reworking security groups' ingress rules. Also, usually, it is essential to allow only inside-VPC traffic, which helps make ingress rules more efficient.

Besides, we recommend using this security group rule resource. Thus you will be able to modify security groups without recreation.

Inventory and configuration management

These operations are necessary to monitor the architecture’s state. For example, thanks to configuration recording, we can see that our server configuration or security groups changed and take some actions in response.

To see the current state of architecture, we use tfsec, terrascan, and dritfctl for security scans and config recording (with Terraform states). Below is a typical layout of Terraform infrastructure.
Cloudwatch metrics filters against the CloudTrail log group help us in work as well by notifying us about changes or unauthorized API activity. We also follow GitOps practices, which enables us to keep updates on the infrastructure configuration in the repository.

Cost control and cost optimization are also vital when building solutions. To optimize the costs, we use Infracost.

Data encryption

Encryption means turning data into a secret code. It conceals the data that you send or store.

In our practice, we do not encrypt all data as it is inefficient. But it is necessary to understand what data need to be encrypted. For example, we encrypt confidential data. We use KMS for that. This is the Amazon service that helps create and control keys for data encryption kept in AWS.

Also, we encrypt a database and place it in private subnets within our subnet group. This is done in combination with a well-made ingress rule and choosing a long username and password (or using IAM authentification). These methods will help you keep your database secure and save you from a lot of problems in the future.


Identity and access

Access control is vital for protecting the environment against unauthorized and harmful actions. So, we use AWS Identity and Access Management (IAM).

This instrument helps us create users and assign them certain policies. So, we can control which AWS resources and services they access. In our practice, we also always use multi-factor authentication (MFA) for console users.

When we need to provide developers or applications with access to AWS, we apply strict policies. For application credentials, we use per-service policies and create separate users and roles.

Monitoring and logging

In simple words, logging means recording information about processes in an application or environment. To do this, we write to them to cloudwatch log streams. You need to set up tools for that.

If monitoring is tuned right, we get notified about downtime in just a few seconds as they appear. Thanks to monitoring, we see if the application stopped working for some reason and understand why there is an issue in performance.

Based on our DevOps security practice, we’ve chosen the Prometheus stack as the best set of tools for our needs. It includes Alertmanager for notifications, Grafana for visualization, and a list of different exporters.

Also, we use Pagerduty to see if there are any alerts. This tool also sends us notifications to a few different endpoints, including Slack and email.

Container security

It means the protection and securing of the containerized environment OS and host OS as well as applications.

In our practice, we use multi-stage Dockerfiles, custom users, and we do not add any sensitive data to Dockerfiles. Other recommendations that come from our experience include packing minimum data to images.

Also, we create images that will not install or pull any updates or similar processes at the start. In our practice, we use docker’s BuildKit and Kaniko image-building engines.

Conclusion

Security is one of the vital aspects of a solution. At Codica, we ensure it with proven tools and by applying best practices. If we get a request from our client on scaling a solution, we are eager to revise the security aspects of the solution architecture.

If you need a reliable software solution, contact us. Our team will help you build, secure, and optimize your product.
Comment
Suggested
Recent
Cards you may also be interested in
Facility Management & Maintenance Services | Bengaluru | Chennai
Handiman Services is an ISO-9001:2015 certified company that provides cost-effective and customer-centric Facility Management & Maintenance Services in Bangalore. We also have a strong presence in Mumbai, Hyderabad, Mysore, and Chennai with a network reach to all major cities across India. Handiman provides a "Complete Facility Management Solution" by being not just a better service provider, but by being a "caretaker." It is not just about maintaining or guarding your premises but taking away your anxieties about uncertainty in service delivery. So, you can entrust your property's custodianship to Handiman. Today, with a workforce of more than 5000+ manpower, we are providing Housekeeping Services, Security & Guarding Services, Pantry Operations and Sanitation, Electrical, Plumbing, Carpentry, Gardening, Sanitization, and Pest Control Services to commercial & residential premises. Some of the key industrial segments that we cater to are Manufacturing, Factories, Residential, Education Centers, Office Buildings, Hospitals, Retail Outlets, Resorts & Hotels, Shopping Malls & Complexes. Handiman Services has committed and competent manpower to establish a safe, healthy, and comfortable environment for your premises. We offer Annual Maintenance Contracts (AMC) for large facilities such as residential complexes, corporate offices, and establishments. With so many clients in B2B, we have provided high-quality customized services for over 24 years to build trust and encourage the full gamut of procurement, management, and monitoring of the services. We are also into customized one-time service offerings for the workspace and residential premises in collaboration with interior firms, event management companies, and direct clients. The infrastructure surrounding the buildings we live in and work in, as well as its functioning, comfort, safety, sustainability, and history, are all ensured by facility management. Handiman is responsible for deploying a staff that can create an environment where the system functions flawlessly in order to improve the quality of life. As one of the most sought-after firms offering Facility Management and Maintenance services, we are aware of the essential duties that support a productive workplace. Handiman is the total integration of human resources, systems, technology, and domain expertise of the services provider for optimal staff support service delivery. It involves a number of disciplines to enable the smooth and efficient running of the built environment. In many different corporate, residential, and commercial sectors, the company meets the needs for facilities management and maintenance-related services.
ISO 41001 Certification in Lebanon
ISO 41001 Certification in Lebanon What is the ISO 41001 Standard? ISO 41001 is the most well-known international standard for facility management systems (FMS), and it was published in April 2018. The first Facility Management Standard issued by International Organization for Standardization(ISO) is this one. Bureau Standards Institute (BSI) published earlier FMS in 2006. Organizations wishing to incorporate facilities management into their current management system should also consider the standard. It gives all organizations around the world a precise framework to build facilities management. The baseline for creating efficient, strategic, planned, and FMS practices is ISO 41001. The requirement is intended to be utilized along with other ISO standards, such as ISO 9001 and ISO 14001. The ISO 41001 standard is a tool that aids acquisition and facilities teams in evaluating the effectiveness and capacity of the services they employ. This standard's primary goal is to describe how the Facility Management System continually serves the company through efficient and effective delivery. The ISO 41001 standard is crucial for businesses. It is intended for businesses, government agencies, and educational institutions that want to set up a facility management system. No of their size, nature, or industry, all companies are subject to the norm. The ISO 41001 standard is a critical element for businesses to maintain an organized framework across the entire supply chain process, which boosts employee productivity and human capital quality of life. How to get ISO 41001 Certification in Lebanon? Obtaining ISO 41001 certification from Lebanon involves a number of processes. Finding a certified certification body that offers the certification is the first step. You must get in touch with the recognized organization you've found and request an application form. You must deliver the form to the certifying organization once it has been filled out. Following that, they will examine your application to see if you satisfy their standards. They will give you a certificate if you comply. We are one of the top ISO certification organizations in Lebanon, offering ISO certification services for numerous worldwide ISO standards. We belong to a number of international associations, including the IAF, the IQA, and the IAAR. In addition to ISO certification, ISO consultancy, ISO training, and ISO auditing, we also offer other services. Our team of highly skilled and knowledgeable ISO consultants can assist you in getting ISO certification for your business. We offer a range of services, including ISO 9001, ISO 14001, and ISO 41001 certification in Lebanon, among others. What are the benefits of ISO 41001 Certification in Lebanon? The standardized facility management strategy ISO 41001 is intended to provide the following advantages, Enhancing overall operations and tactical planning. Increasing labor productivity inside the organization. Giving all different types of groups the same goal. Enhancing the person's well-being, wealth, and security. Better organizational efficiency and effectiveness result from raising costs. Increasing the dependability of the services provided. Improve interactions and communication between public and private sector organizations. Increases the trust that customers have in your offerings. Lowering the hazards to the company. Enhancing credibility and marketability. Boosting client satisfaction and safeguarding the ownership of their company's assets. Aids in enhancing your reputation in the marketplace. Helps you lower the risk of supplier failures and project failures. Helps you make sure you are receiving value for your money by ensuring that you receive the services you expect. Assists you in ensuring that you are adhering to legal standards. Aids in conflict avoidance and litigation risk reduction aid in enhancing the reputation of your company by demonstrating your dedication to its improvement. Helps you locate and use the best suppliers, which will increase the competitiveness of your company. Helps you raise your client satisfaction levels. Helps you to cut expenditures. Helps you increase your profitability. What are the requirements for ISO 41001 Certification in Lebanon? controls the organization's guiding principles. discovered and listed the external and internal problems. confirms commitment and leadership. keeping the documentation records current. carrying out an internal audit. helps the organization plan, carry out, and maintain processes. presenting a method for making decisions in order to detect risks and possibilities. Create the procedures that help an organization achieve its objective. Why FINECERT? Finecert is a top-ranking consulting and service provider for all types of ISO certifications, including ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001, ISO 21001, HACCP, CE Marketing, etc. We specialize in providing organizations all over the world with consultancy and service solutions for ISO certification. Finecert has a sizable global network and a team of professionals with excellent credentials. In countries including India, Dubai, Iraq, Nigeria, Kenya, Uganda, Romania, Jordan, Oman, and Saudi Arabia, we employ more than 30 highly skilled people. Our skilled staff members are knowledgeable in a variety of industries, including banking, education, the food sector, software, IT firms, and schools. We have a constant commitment to providing the best solutions to all businesses worldwide. If you need any more information, don't hesitate to contact us.
How to Choose The Best Security Guard Services
It might be time-consuming and difficult to choose the ideal Security Guard for your company. A wider pool of fresh candidates has been drawn to the security sector due to the rising demand for protection. Don't be fooled; hiring a security guard may appear simple. A security guard should be hired after considering a number of things. Here are Some of The Ways to Choose The Best Security Guards Critical Thinking Our security guards are sharp thinkers, which could be useful. The guard needs to be able to think critically in order to process information and assess a scenario. This additional information may prove useful at a crucial time for your business. A security guard who can stand back and come up with creative strategies to stop violence is crucial. Training For Security Guards For every Security Guard position, training is a requirement. Due to the fact that every jurisdiction has its own criteria, there is no national accreditation. Most likely, training will cover fundamentals like first aid and catastrophe response. A Security Guard must first have a licence in order to legally carry a gun while on duty. A security guard shouldn't have a criminal record for drug use or police involvement. In Physically Good Shape Physical stamina and other skills like problem-solving and social interaction help a security guard react to unforeseen situations efficiently. Any Security Guard should be proficient in this ability. Since a security guard is a crucial component of the company, it is crucial that they maintain good physical and mental health. Event Security Guards, Commercial Security Guard Services Knowledge and Skills Practical experience, in addition to a formal degree, is essential for any Security Guard to succeed. A lack of credentials, such as a lack of prior experience with security at other locations, cannot be made up for. It's ideal to look for people with experience working in security at a similar institution, even if you intend to train every new hire on the job. Keep in mind that your security services are helping to protect your company. These are only a few crucial criteria that may be used to select the best security guard services. Source: Link
CupLeads is The Best Solution For Affiliate Marketing
Start making money by making super high-converting Landing pages , sale funnels or sell your products automatically Right now With just a few clicks, you can start your own business and start making money. BUY NOW>> Quickly and easily create and publish landing pages and sales funnels, or automatically sell your own products with the best online builder. Are you ready for our online builder and a lot of unique templates and awesome blocks? Choose Your Plan Ultimate Premium Build Unlimited high-converting landing pages and sale funnels. Access to a large number of attractive templates and awsome blocks in the best-selling categories (new templates every week) Unlimited number of leads and orders (The possibility of receiving information from forms filled by visitors and customers). Sell Unlimited products directly and automatically (recieve cash to your bank account). Accurate monitoring of all your business processes with real-time charts. Providing Unlimited hosting and subdomains. Use your own domain or customize subdomain. Everything is Unlimited. Would you like to create super high-conversion landing pages or sales funnels in less than 5 to 10 minutes? We give you the tools to create your own landing pages and sales funnels in 5–10 minutes. Access several amazing templates and awsome blocks (updated weekly) in different categories and use the most advanced monitoring tools, monitor your business processes in real time and accurately. In addition, Cupleads makes you able to sell products directly and automatically via PayPal and Stripe and manage all orders automatically and pre-planned in just a few clicks. Don’t waste your time and join thousands of happy customers. Just choose the plan you need and enjoy our service. Hello every one, As you know , modern world and the Internet have made it possible for everyone to make their own complete income, regardless of their age or level of experience and just by using internet and PC, tablet or even smart phone, you can easily earn high income and even after a while , you can get out of your daily job and become own boss and start enjoying your life. Also improve the quality of life for your loved ones And among these online enterprises, affiliate marketing is one of the best, fastest and easiest way, It makes us able to offer services without the need for significant financial outlay (product manufacturing and production costs, storage and shipping costs, etc.) Without a doubt, we may simply earn a lot of money by spending just a little of time and doing simple works. You don’t have to worry about the material’s manufacture or provide a warranty. Affiliate marketing is promoting other people’s products and earning great income from sales commissions (which is usually 50% of the product price) requires to find a product and sharing products and offering them to those who need or are interested in them, and whenever a customer buys the product through your affiliate link,you’ll instantly earn money, but you can’t post affiliate links directly on social media or Google Ads, etc . You have to use a landing page. So you need a tool to creating landing pages and sales funnels. The Cupleads software allows you to use one of the best and most up-to-date page builders and a large number of wonderful templates and awosome blocks that are suitable for affiliate marketing and in the most popular and best-selling product categories, in less than 5 to 10 minutes, super high converting landing pages and sales funnels Create with just a few clicks. Also, the cupleads team is always trying to optimize and update the templates and other features to make it as easy as possible for customers. Also, by using our accurate monitoring tools, you can monitor all your business processes in real time and find your right strategy and review your performance. Please do not compare cupleads and its price with samples of low quality and unsupported products. The creation of this software took a lot of money, time and work, as well as providing continuous 24/7 and high-quality services, it requires constant costs, and we also have to spend continuously to improve the quality of services, but still our price is 60% less than others (not those who sell low-quality and life-time products) from our customers. Here you can see example of the income of some of our customers who have reached high incomes in affiliate marketing by using the Cupleads platform, building super high converting landing pages and sale funnels. Buy now>>>>> https://cupleadssoftware.brizy.site/
How to track my wife’s Whatsapp messages?
Trust and loyalty define every relationship and especially a relationship like marriage. You read this and immediately thought I don’t trust my wife. Can I track my wife’s mobile phone is your very next question, but why? Are these your suspicions over a few actions that looked suspicious but could as well be just something in life that you are not fully aware of? Whether she is cheating or not, it won’t be wise to accuse them without much proof of her actions. 3 Ways to spot your wife’s cheating Technology has changed the way we handle relationships. It is easy to stay in contact anytime, but the unfortunate part of that is that it has also become easier to cheat also. Good for you, there are also some ways to catch a cheater:- Consider watching the video might be helpful for you https://www.youtube.com/watch?v=NYZk29duzCo 1. Find cheating through exchanged messages One of the first methods is quite simple, but like any way that exists, it comes with a caveat. You do need a hold of the target mobile to read someone's Whatsapp messages to detect anything. If you didn’t know, Whatsapp monitors a ranking of the contacts that receive the most messages from the target mobile. You can then spot the suspicious contacts and maybe going through messages can get you further information on conversations with these contacts. This may not completely nail the truth but could raise some red flags. 2. Send Tricky messages It is said that this message is illegal in many countries so it would be a good idea to check its legality in your country before trying this. So, keep that in mind, although many people prefer to use cell phone spy software on their spouse. “Tricky message’ simply said is a fake message that you send to your wife pretending to be her secret lover and then analyze their response. You can learn information about the contacts you suspect of being her lover from the previous method. 3. Using a monitoring software This is also a slightly safer and better way than the previous two methods. You can use this spy app as a Whatsapp Tracking Software on your wife’s mobile and acquire other information from her mobile. It will be done secretly and without any alert on her mobile. How can a monitoring software help you track her Whatsapp messages? As discussed above, the first two methods can be pretty risky and are fraught with dangers. So, a remote method to keep a close eye on Whatsapp conversations is much better. This is where monitoring software solutions or a spy app come in and are a much-preferred option. Here are some reasons and features that will you monitor your wife’s Whatsapp easily:- Remote monitoring Trusted monitoring software has proven to be one of the best ways to track someone's social chats remotely on Whatsapp and other such chat platforms. In the case of the iPhone, you only need the iCloud credentials to start spying, and in Android, you need the target mobile for around 5 minutes. Stealth mode The monitoring software will spy on your wife’s Whatsapp without raising any alerts on her mobile. You will secretly get all her conversations and other data. Multimedia files All the multimedia files exchanged on her Whatsapp profile on her mobile will be viewed to you on the central console of the spy app live. Online calls Whatsapp offers the facility of online calling too, and good quality Whatsapp spy apps offer the facility to see the call details. In addition, the facility to listen to those calls is also there. In addition, you get, Accurate GPS tracking Any reliable spy app is incomplete without an accurate GPS tracker. It will give you a live report of their movement, name, information on the location, and duration of the stay. Call logs tracking You will be able to easily track all the calls made from your wife’s mobile daily. Plus, with your chosen cell phone monitoring software, you can see the regular contacts with details and get access to her phone book to see any suspicious contacts. SMS tracking Monitor all the text messages on your wife’s mobile from the comfort of your mobile phone. Any suspicious contacts and the pattern of their conversation will be visible. Social media tracking The software will give you easy access to track all the activities on your wife’s profiles on all the major social media platforms like Facebook, Instagram, Snapchat, etc. Conclusion Being in a state of confusion and suspicion can make anyone sleepless. But a trusted monitoring software will let you spy on iPhone without jailbreak to get all the information from her mobile. Having a spy app will get you concrete information from the target mobile instead of just plain doubts on her loyalty that won’t get you anywhere. Read more amazing stuff from Spymaster Pro https://www.spymasterpro.com/blog/track-cheating-wifes-activities-online/
무료 웹 데이터 스크래핑 도구 ScrapeStorm Google Sheet로 크롤링 데이터 자동 내보내기
오늘은 ScrapeStorm이라는 무료 지능형 웹 데이터 스크래핑 소프트웨어를 사용하여 웹 스크래핑 데이터를 Google Sheet으로 자동으로 내보내는 방법을 소개하겠습니다. Google Sheet는 언제 어디서나 공유될 수 있고 무료로 편집할 수 있는 온라인 표입니다. Google Sheet은 컴퓨팅 기능이 풍부하여 여러 사람이 동시에 협업하여 스프레드시트를 작성할 수 있습니다. ScrapeStorm은 무료 지능형 웹 데이터 크롤링 소프트웨어로 ScrapeStorm에서 수집된 데이터를 Google Sheet으로 자동으로 내보낼 수 있습니다. 수집 결과를 공식적으로 내보내기 전에 웹 주소를 입력하고 스크래핑 태스크를 설절하고 스크래핑해야 합니다. 이 단계는 이전 글에서 이미 상세한 조작법을 소개했으니 →(웹 스크래핑 도구 ScrapeStorm으로 상품 정보을 수집하는 방법), 여기서 더 이상 군더더기는 하지 않겠습니다. 다음은 주로 스크래핑 데이터 추출과 관련된 작업에 대해 설명하겠습니다. 1. 자동 추출 설정 스크래핑 시작할 때 바로 자동 내보내기 기능을 사용하도록 설정할 수 있습니다. 편집 인터페이스에서 스크래핑 시작 버튼을 클릭하고 팝업 알림 상자에서 자동 추출 버튼을 클릭하여 자동 내보내기 설정 인터페이스로 전환할 수 있습니다. 자동 추출 기능을 선택하고 자동 추출 만들기 버튼을 클릭하여 자동 내보내기 설정을 새로 만듭니다. 추출 만들기 버튼을 클릭하면 소프트웨어가 자동 내보내기 설정 인터페이스를 엽니다. 2. 추출 내용 설정 설정 인터페이스에서 오른쪽 프롬프트에서 Google Sheet을 찾습니다. 알림: Google Sheet을 클릭하면 Google 계정에 로그인할 페이지가 자동으로 팝업되며, 로그인이 완료되면 소프트웨어로 돌아갑니다. 설정 페이지에서 필요에 따라 내보내기 파일의 이름을 변경하고 내보내기 데이터의 수집 범위를 설정할 수 있습니다. 3. 데이터 추출 및 파일 보기 추출 내용 설정이 완료된면 자동 내보내기 자동화 버튼을 클릭합니다. 데이터 추출이 완료되면 Google Sheet에 로그인하여 내보낸 파일을 볼 수 있습니다. ScrapeStorm은 다양한 형식의 데이터 내보내기 방식을 지원하며 Google Sheet으로 내보낼 수 있을 뿐만 아니라 TXT, EXCEL, CSV 및 HTML의 파일 형식을 지원하고 데이터베이스(MySQL, MongoDB, SQL Server, PostgreSQL)에 직접 게시할 수도 있습니다. 혹시나 관련 수요가 있으시다면 본편 공유 튜토리얼을 따라 해보세요~