Open Thoughts β·
Opinions are My Own.
π₯οΈ Designing Resilient and Robust Systems| β Rust | π¨π»βπ» DevSecOps |
π Cyber Security| π οΈ Technologist | βπΌ Hobby Blogger | πͺ½ Listener
Latest Featured Blogs π
Uncontrolled Data Used in Path Expression: A Cyber Security Threat
Path expressions are used in a variety of software applications to construct file paths. However, if these expressions are not properly validated, they can be used by attackers to gain unauthorized access to sensitive data or systems.
Uncontrolled Data Used in Path Expression: A Cyber Security Threat
In today's interconnected world, web applications rely on various external services to provide dynamic content and functionality. However, this dependence on external resources can also create security vulnerabilities, one of which is Server-Side Request Forgery (SSRF). SSRF is a type of attack where an attacker manipulates a web application to send unauthorized requests to internal or external resources. In this blog, we will delve into the concept of SSRF, its potential impact on your Java applications, and discuss strategies to mitigate this critical security risk.
Securing Meshery Installation: The best practices
We are delighted that you are loving Meshery, so it is our sole responsibility to make sure that you are in safe hands. The below few lines will describe how can you harden your security for accessing meshery so that you make eventually keep all your infrastructure sharing the same network are safe.
Uncontrolled Data Used in Path Expression: A Cyber Security Threat
It is essential in the field of software development to provide people control over their data and experiences. Users' experiences are improved when they can build unique queries using user-controlled sources, which also gives them a sense of control and flexibility. This strategy has a lot of advantages, but it also has its share of drawbacks and potential problems.
Shell script to Migrate Azure Container Registry
When someone asks to migrate an ACR from one Azure subscription to another azure subscription, it feels like a tedious task. Because you must migrate Image repositories and all the image tags that are in those repositories.
Physics in Product Metaphor: Navigating Momentum Through Pivot
Let's Understand what is Pivot in a Product and business by corelating it to Physics Metaphor. We look in to various Use cases with regards to the key Influences which cause the pivot. What exactly a product team can Adapt
Cross-Site Scripting (XSS) Vulnerability and Mitigation in Web Applications
In the realm of web security, Cross-Site Scripting (XSS) stands as one of the most prevalent and hazardous vulnerabilities. With its ability to manipulate the interaction between a web application and its users, XSS can lead to unauthorized data exposure, session hijacking, and even malware distribution. This article delves into the concept of XSS, highlighting its potential impact and providing insight into securing applications against this threat.
Shell script to Remove history from a git Branch
There are various instances where we decide to remove the history from a git repository. Let's see a script action.
Gen AI tools made my college days alive
This blog is a good read if you are still poking in to your mobile to read some interesting and relatable Tech stories. Here I share my Experience which resembles the way Generative AI is behaving these days.
This is the upcoming plans for ls-lrt. Apart from the notification from the main site, if you are curious to know the future plans of mine you may keep the tab on here. I try my best to Achieve those but may be delayed due to my Schedule
The System Design for Various Usecase Fully Automated
We will explore two key pipeline designs: one focusing on DevSecOps automation for containerized environments and the other on Infrastructure as Code (IaC) pipelines for managing Kubernetes clusters. Both pipelines help automate various stages of security checks, image verification, and deployment, making operations more efficient and secure.
Configuring Meshery behind ISTIO and ingress gateway
Accessing Workloads behind a ingress-gateway always has been a industry standard practice in Kubernetes setup. It facilitate single entry point for all your services deployed in a production grade Kubernetes. This setup also allows you to leverage the service-mesh functionality of implementing policies and have a better authz and authn to the deployed services. Meshery is no different, you can configure it to be accessed through ingress gateway. Letβs see how can we configure it
Battle of Programming Language: Statically Typed Vs Dynamically Typed ?
In this Blog we will Understand what is Statically-typed and Dynamically typed programming languages Comparing to a real time example. We will discuss on Which language is suited in Which Use Case .
Which service to Use Azure Kubernetes Services or Azure App service (A curated topic)
Getting started with Azure App-service is quite easy and a best place to start with. configuration through Azure dashboard with few click is the most liked feature of this Azure service. But when we talk about a production grade application and an infrastructure for the same , App service lacks in various perspective. This article highlights all the pros and cons of using App-service for a application hosting and Azure Kubernetes with facts.
Imposing mandatory http(s) security headers in NGINX ingress in Kubernetes
Making an application up and running does not qualify as a full-fledged product. It is particularly important to have security measure in the Product. Now in the ever-increasing digital revolution, security flaws are really risk for an organisation as-well as the users. Though we cannot eliminate all the risks, we can always try to address most of them and the important CVEs.
SBOM: Know the Software's source of truth
Over the years, our focus has been on enhancing our software's functionality and striving for vendor neutrality. We've integrated various freely available modules from diverse sources to expand our applications. However, we inadvertently overlooked verifying the authenticity of these sources.
Creating An Aks Private cluster with Istio and Application Gateway
Security has been a very key consideration in modern application architecture. When we talk about cloud-native application architecture, people tend to think about security a lot. That is why all the cloud providers have a bunch of features to make your application more secure and robust. For example, Azure provides various gateways like Network security groups, Application gateway, Azure front-door. These azure services provide a secure connection either by introducing a firewall or validating SSL.certificates.
Part-2: Recursive Search with Rust
In this blog lets talk about the recursive search In Rust programming, We will understand it from the algo with and try to build a small command line utility to practice that.
Part:0 - Few facts about Rust programming language
This is the very first write-up of our Rust journey. In this part, we will learn a few interesting facts about Rust programming language. This will give us an overview of how and what of Rust at a high level.
Parameters to Consider while choosing an Open-Source tool.
When deciding on an open-source tool for a specific purpose, there are several key parameters you should consider to ensure the tool meets your needs and is a good fit for your project. Here are some important parameters to keep in mind.
Building a Dynamic Data Pipeline from Scratch with Snowflake and Python
Data Pipelines are very crucial to data modeling and training. Inthis blog we will design a pipeline from very scratch using Python , snowflake and numpy.
Part 1: Variable and DataTypes in Rust
Variables are the basic building blocks of a programming language. It holds data in the computer memory during runtime. The data that a variable hold can be different types. Like other languages, Rust has 2 kinds of high-level data types. Scalar and Compound . Scalar contains a single value whereas Compound holds multi-value data in the memory during run time.
Why I was encouraged to learn Rust (Comparing Rust and Python
It is been 8 years in my Job career as an infrastructure/DevSecOps engineer, I am much satisfied. But in the corner of my heart, I had the urge to learn programming so that I can relate my daily job to the developer program easily.