Archive

So, recently I’ve faced a scenario where I got a chance to dig more into different Kubernetes Service types and experiment with those. I would like to share about one of the experiments where I tested several Kubernetes Service types in order to implement proxying of the requests to external services from Kubernetes cluster. Why would proxying to external services from Kubernetes cluster be relevant? There may be multiple reasons for why you would look into setting up this kind of proxying to external services from Kubernetes cluster. ...

What is static code analysis and why do I need it? Developers are doing an important job - we create programs and systems that make life on this planet easier, better and safer. Ideally. But, how do we actually ensure that the code, that these systems and programs are built upon, is actually secure? Though we're developers we're also humans, and humans make mistakes. Let's say we're developing an online store where users can buy products, pay for them and get them delivered to their doorstep by providing their personal and credit card information. While developing this application we've unintentionally introduced a SQL injection vulnerability which was discovered and exploited by a malicious actor resulting in him/her getting access to application's database and stealing all information about our customers and their credit cards. Well, that sounds pretty scary, don't you think? ...

If you're a .NET developer, I bet that at least once you've experienced errors like "System.IO.FileLoadException: Could not load file or assembly '[ASSEMBLYNAME], Version=x.x.x.x, Culture=neutral, PublicKeyToken=xxxxxx' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)" If you did, welcome to the club! I've been dealing with issues like this for several years now and there are some tools out there that could make this process less painful. Trust me, sometimes it may get pretty painful… ...

There are probably no developers out there (or at least very few) who have never created a console application - use cases where such apps are a first choice are hundreds, if not thousands. In my team we have several administrative tools that are being distributed as console apps in addition to the main application. Multiple stakeholders are using these apps in order to easily perform administrative tasks, make changes to application's metadata, interact with the database, integrate customizations into standard application functionality, etc. ...

Why should you care about security of third-party dependencies No matter how small the application you’re developing is, at some point you’ll end up using code that has been developed by someone else, i.e. you’ll be adding third-party dependencies to your source code. Deciding on when you should create a specific functionality yourself or when you should utilize a third-party library depends on the security and privacy requirements for your application, time restrictions, maintenance cost, available resources, size of implementation and many other factors. I will not go into detail about when you should choose what, but I would like to underline that it’s important to evaluate every case individually and perform third-party risk assessment where possible. ...