Monthly Notes 20

Midsummer started the holiday season in Finland and things are slowing down. Time to take some break from routines, enjoy the Summer and stroll in the forest. And on rainy days read books and check out what happens in technology. Here’s monthly notes for June and it’s about microservices, designing user experience and React.

Issue 20, 26.6.2017

Microservices

The Dark Side of Microservices
There’s much debate for and against using Docker and microservices and although I don’t fully agree with the writer, the post gives something to think about.

The Hardest Part About Microservices: Your Data
Microservices aren’t as easy as you think. This blog series looks good for explaining it. First understand your data.

Microservices implementation — Netflix stack
There are lot of tools and technologies for implementing Microservices. This article is focusing on doing it with the Netflix stack and SpringBoot. (from The Microservices Weekly)

7 reasons to switch to microservices — and 5 reasons you might not succeed
Using a microservices can improve resilience and expedite your time to market, but breaking apps into fine-grained services offers complications. The article doesn’t provide much surprises but gives something to think about. (from The Microservices Weekly)

User Experience needs thought

Building systems that don’t match your worldview
Developing systems with accessibility in mind makes it possible and pleasant to use for all groups. WCAG is one part of the solution.

Cultural Blind Spots in UX
Designing for international markets is about understanding the nuances, starting with how cultures look at web pages in different ways.

How Human Memory Works: Tips for UX Designers
If design is all about understanding humans, then understanding how our memory works is going to play a vital part. (from iOS dev weekly #306)

React

React Express: Learn React with Interactive Examples
An opinionated, all-in-one guide walking through create-react-app, webpack, Babel, ES2015+, JSX, Redux, CSS-in-JS, and more. (from JavaScript weekly 340)

Techniques for decomposing React components
React components have a lot of power and flexibility but it’s incredibly easy for components to grow over time, become bloated and do too much. Adhering to the single responsibility principle not only makes your components easier to maintain, but also allows for greater reuse. However, identifying how to separate the responsibilities of a large React component is not always easy. Here are three techniques to get you started, from the simplest to most advanced. (from JavaScript weekly 340)

Something different

Notes from OWASP Helsinki chapter meeting #31

What is DevSec, how to use Docker securely, why developers leak credentials? All those questions were answered at OWASP Helsinki chapter meeting #31 which was held 13.6.2017 at Solita premises. Here’s my short notes from the event. I’ll add links to presentations when they’re available.

DevSec – Developers are the key to security

DevSec is a emerging trend to move developers closer to security experts, akin to DevOps. Antti Virtanen from Solita talked about DevSec and how they do it (slides, pdf). As talk’s title tells us developers are the key but often buying one cybersolution is easier (giving out money) than peoples’ time. But if we look at the return of investment, passive defense is more effective.

Value for life?
Challenges in DevSec
Issues with DevSec
Recipe works!

Docker Security

Docker is currently experiencing very high adoption rate and people are deploying on Docker without considering the security landscape. Mika Vatanen from Digia told us about Docker Security (slides, pdf), possible attack vectors, how Docker handles security and what recommendations we should use when using it.

Possible attack vectors
How Docker handle security

Docker image tech recommendations
Docker image: tech recommendations
Docker image: policy recommandations
Docker runtime
Host and engine recommendations
AppArmor and seccomp
Seccomp
Seccomp

Leaking credentials – a security malpractice more common than expected

Bogdan Mihaila from Synopsys talked about Protecode and research of leaked credentials (slides, pdf).

Why credentials are leaked
Keys that got public
Mitigation
Conclusion: raise awareness

Upcoming: DevSecOps “mini-hackathon”

Last topic was introduction to upcoming “mini-hackathon” by Pekka Sillanpää from OWASP Helsinki. They are planning a hands-on event in August for familiarizing and investigating some nice open source tools, including: OWASP Dependency-Check, ZAP Proxy, OWASP DefectDojo, DevSec hardening framework and Clair. See more info from OWASP Helsinki page.