GitGuardian API Security Best Practices

The team behind GitGuardian, a tool that helps developers to keep credentials and other secrets outside of the source code, shares their documentation for the API security best practices.

The cool bit about their documentation is that it covers both how to avoid the issues and how to solve them if they happened.

Using the NetworkManager’s DNSMasq plugin

Fedora Magazine runs a handy article for anyone using work/corporate VPNs from a home computer – “Using the NetworkManager’s DNSMasq plugin“. This is also not the only use for the DNSMasq plugin. It comes in useful when you work local cluster setups for development or testing. Furthermore, pretty much any setup where you need to route DNS queries to different servers, this can either be used out of the box, or provide good ideas as to how to solve the problem.

Intro to basic web application security

Intro to basic web application security” is an excellent overview of the most common mistakes web developers make when it comes to security. The article provides practical examples (including code snippets and screenshots), which illustrate the problems and ways to solve them. The list includes:

  • SQL injection (of course! no such guide would be complete without it)
  • Cross-site scripting (XSS)
  • Cross-site Request Forgery (CSRF/XSRF)
  • Local file inclusion (LFI)
  • Insufficient password hashing
  • Man in the middle (MITM)
  • Command injection
  • XML external entity (XXE)
  • Sensitive data exposure (including error messages and exceptions)
  • Login rate limits
  • and a variety of other, small, but potentially dangerous issues.

A Deep Dive into Iptables and Netfilter Architecture

It’s been a while since I had to dive into the iptables and netfilter. These days I mostly have to do some basic configuration here and there, with occasional adjustments or troubleshooting (less and less so, thanks to Amazon AWS). But if drilled on the details, I quickly lose my confidence. In an effort to refresh my memory, I looked around for a blog post or an article that is short and simple, yet deep enough for me to brush some rust of. I found “A Deep Dive into Iptables and Netfilter Architecture” very helpful.

Turns out, the bit I needed the most was this one:

Chain Traversal Order

Assuming that the server knows how to route a packet and that the firewall rules permit its transmission, the following flows represent the paths that will be traversed in different situations:

* Incoming packets destined for the local systemPREROUTING -> INPUT
* Incoming packets destined to another hostPREROUTING -> FORWARD -> POSTROUTING
* Locally generated packetsOUTPUT -> POSTROUTING

Technical documentation is so much easier these days. I remember the old days of manual pages and HOWTO guides, and I think we’ve made a lot of progress.

Docker and Kubernetes in high security environments

Docker and Kubernetes in high security environments” is an interesting case-study from the Swedish Police Authority, on how to setup and maintain a high security configuration of Docker and Kubernetes.

Not something that you’d think of on a daily basis, but a very handy guide for a weekend reading, or for a priority target scenario.