AWS |
AWS Architecture Blog |
Seamlessly migrate on-premises legacy workloads using a strangler pattern |
https://aws.amazon.com/blogs/architecture/seamlessly-migrate-on-premises-legacy-workloads-using-a-strangler-pattern/
|
Seamlessly migrate on premises legacy workloads using a strangler patternReplacing a complex workload can be a huge job Sometimes you need to gradually migrate complex workloads but still keep parts of the on premises system to handle features that haven t been migrated yet Gradually replacing specific functions with new applications and services is known as a “strangler pattern When you use a strangler pattern monolithic … |
2022-04-14 15:37:51 |
海外TECH |
MakeUseOf |
MAGIX Easter Sale: Save 20% Through Us for Audio and Video Editing Software |
https://www.makeuseof.com/magix-easter-sale/
|
easter |
2022-04-14 15:45:15 |
海外TECH |
MakeUseOf |
The Top 10 Podcasts for Positivity and Inspiration |
https://www.makeuseof.com/top-podcasts-positivity-inspiration/
|
inspirational |
2022-04-14 15:45:14 |
海外TECH |
MakeUseOf |
Why Thousands of Etsy Sellers Have Gone on Strike |
https://www.makeuseof.com/why-etsy-sellers-strike/
|
sellers |
2022-04-14 15:29:32 |
海外TECH |
MakeUseOf |
What to Know About WhatsApp's Upcoming Communities Feature |
https://www.makeuseof.com/what-are-whatsapp-communities-groups/
|
whatsapp |
2022-04-14 15:22:33 |
海外TECH |
MakeUseOf |
How to Enable or Disable Mouse Pointer Shadow in Windows 10 |
https://www.makeuseof.com/windows-10-enable-disable-mouse-pointer-shadow/
|
mouse |
2022-04-14 15:15:14 |
海外TECH |
DEV Community |
Get Started Part 4: Connect to the network display tool |
https://dev.to/luos/get-started-part-4-connect-to-the-network-display-tool-4jn4
|
Get Started Part Connect to the network display toolGet Started Part Connect to the network display toolThe last part will guide you in using the Luos Network Display tool to view your entire network online A simple and intuitive way to discover our new alpha version of Luos App |
2022-04-14 15:53:27 |
海外TECH |
DEV Community |
What is your best way to manage emails? |
https://dev.to/shahednasser/what-is-your-best-way-to-manage-emails-5bi1
|
What is your best way to manage emails Emails become harder to deal with time A lot of emails get lost among spam or other more important emails How do you manage your emails Do you use a tool or apply any labels For my personal email I use labels a lot but it doesn t help much For work I have set up smart mailboxes to try and keep track of important stuff |
2022-04-14 15:52:45 |
海外TECH |
DEV Community |
About Optimizing for Speed: How to do complete AWS Security&Compliance Scans in 5 minutes |
https://dev.to/aws-builders/about-optimizing-for-speed-how-to-do-complete-aws-securitycompliance-scans-in-5-minutes-46ld
|
About Optimizing for Speed How to do complete AWS Security amp Compliance Scans in minutesThe project steampipe uses a fast programing language and an intelligent caching approach outrunning prowler speed tenfold While I tried to workaround prowlers limits I learned a lot about optimizing AWS security best practices assessmentsTo support security first you should check your account against best practices and benchmarks Two of the most used are the AWS Foundational Security Best Practices from AWS and the CIS Center for Internet Security AWS Benchmark I will compare the widely used tool prowler git k stars with a newer one steampipe git k stars which shows an auspicious approach ProwlerProwler introduces itself Prowler is an Open Source security tool to perform AWS security best practices assessments audits incident response continuous monitoring hardening and forensics readiness It contains more than controls covering CIS PCI DSS ISO GDPR HIPAA FFIEC SOC AWS FTR ENS and custome security frameworks ArchitectureThe application runs bash scripting with the AWS CLI as the base Queries are done with a combination of bash pipes and the cli query syntax This makes implementing controls easy at the beginning The bash script waits after each AWS API request SpeedThe problem with that architecture is that a scan can take minutes up to several hours Let s have a look at one check as an example check as exampleIn checks check from the prowler repository you will find this bash script Configuration sectionThe attributes of the check are stored in environment variables CHECK ID check CHECK TITLE check check Ensure IAM policies that allow full administrative privileges are not created CHECK SCORED check SCORED CHECK CIS LEVEL check LEVEL CHECK SEVERITY check Medium CHECK ASFF TYPE check Software and Configuration Checks Industry and Regulatory Standards CIS AWS Foundations Benchmark CHECK ASFF RESOURCE TYPE check AwsIamPolicy CHECK ALTERNATE check check CHECK SERVICENAME check iam CHECK RISK check IAM policies are the means by which privileges are granted to users groups or roles It is recommended and considered a standard security advice to grant least privilegeーthat is granting only the permissions required to perform a task Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions CHECK REMEDIATION check It is more secure to start with a minimum set of permissions and grant additional permissions as necessary rather than starting with permissions that are too lenient and then trying to tighten them later List policies an analyze if permissions are the least possible to conduct business activities CHECK DOC check CHECK CAF EPIC check IAM Code section check Ensure IAM policies that allow full administrative privileges are not created Scored LIST CUSTOM POLICIES AWSCLI iam list policies output text PROFILE OPT region REGION scope Local query Policies Arn Defau ltVersionId grep v e None awk F t print n if LIST CUSTOM POLICIES then for policy in LIST CUSTOM POLICIES do POLICY ARN echo policy awk F print POLICY VERSION echo policy awk F print POLICY WITH FULL AWSCLI iam get policy version output text policy arn POLICY ARN version id POLICY VERSION query Policy Version Document Statement Action null Effect Allow amp amp Resource amp amp Action PROFILE OPT region REGION if POLICY WITH FULL then POLICIES ALLOW LIST POLICIES ALLOW LIST POLICY ARN fi done if POLICIES ALLOW LIST then for policy in POLICIES ALLOW LIST do textFail REGION Policy policy allows REGION policy done else textPass REGION No custom policy found that allow full administrative privileges REGION fi else textPass REGION No custom policies found REGION fi The code does the following List policies line AWSCLI iam list policies Loop line AWSCLI iam get policy version AWS cli speedWith python for each call the python interpreter starts taking time on each call Let me show you what I mean time aws iam list policiesaws iam list policies s user s system cpu totalIt takes about seconds Now list policies is a timewise costly operation so I look at a simpler one S list To see which part is python time and which AWS time I compare aws s ls with a faster go application This is the AWS python cli time aws s lsaws s ls s user s system cpu totalNow you could say the terminal output takes some time We eliminate that time aws s ls gt dev nullaws s ls gt dev null s user s system cpu totalSo seconds in total for AWS CLI PythonIn Contrast a small GO program takes less time time slist gt dev null slist gt dev null s user s system cpu totalWhere the main code is like res err client ListBuckets context TODO amp s ListBucketsInput for bucket range res Buckets bucketarray append bucketarray bucket Name return bucketarray nilSo seconds in total for a compiled GO program Some of you may say Rust is the new speed king ok let s try Rust could be faster But in the moment the rust SDK is still in beta so it takes more time than GO but is faster than python time target debug rust s gt dev nulltarget debug rust s gt dev null s user s system cpu totalSo seconds in total for a compiled Rust program created with cargo build This is the rust code use aws config meta region RegionProviderChain use aws sdk s Client Error tokio main async fn main gt Result lt Error gt let region provider RegionProviderChain default provider or else eu central let config aws config from env region region provider load await let client Client new amp config if let Err e show buckets amp client await println e Ok async fn show buckets client amp Client gt Result lt Error gt let resp client list buckets send await let buckets resp buckets unwrap or default for bucket in buckets println bucket name unwrap or default println Ok OptimizationAs you see a compiled GO program is much faster than the python script So I tried to optimize the cli with a GO cache The project is Please just see it as an experiment it worked somehow but did not create the desired results What I found was AWS CLI is doing many more things than just calling the serviceAWS CLI is not always json Looking at line of the check query Policy Version Document Statement This works on the json but important APIS like EC API S API and IAM reponse with XML not json So replacing the query function with an own program is not easy The most promising approach was to prefetch regions in parallel Prowler is doing everything sequentially But with about a day s work I only got better speed out of prowler That made me realize that my thinking was wrong I was optimizing locally not globally If you read the book The Goal it says We are not concerned with local optimums So my approach to only replace AWS cli as a local optimum lead nowhere back to the drawing board After some research I discovered a project which used a global optimizing approach Steampipe Steampipe a different approachSteampipe uses a Postgres Foreign Data Wrapper to present data and services from external systems as database tables The queries are not run on a JSON like in AWS cli The AWS data is presented in tables and the queries work directly on those tables All results are cached and the queries run on the local postgres table not as AWS service calls So when I look at a similar control like check here called Control IAM policies should not allow full administrative privileges the query is written in SQL The configuration foundational security iam sp is separated from the logic in a separate file and looks like this control foundational security iam title IAM policies should not allow full administrative privileges description This control checks whether the default version of IAM policies also known as customer managed policies has administrator access that includes a statement with Effect Allow with Action over Resource The control only checks the customer managed policies that you create It does not check inline and AWS managed policies severity high sql query iam custom policy no star star sql documentation file foundational security docs foundational security iam md tags merge local foundational security iam common tags foundational security item id iam foundational security category secure access management This query is located in query iam iam policy no star star sql in the github repositoryWith prowler it is a query with AWS cli and pipe some Bash logic query PolicyVersion Document Statement Action null Effect Allow amp amp Resource amp amp Action With steampipe the syntax is sql with bad policies as select arn count as num bad statements from aws iam policy jsonb array elements policy std gt Statement as s jsonb array elements text s gt Resource as resource jsonb array elements text s gt Action as action where s gt gt Effect Allow and resource and action or action group by arn The bash text comparism Effect Allow becomes where s gt gt Effect Allow Developing SQL queriesYou can develop the sql statements with the steampipe query command which gives you a local sql query toolThe first step is that with the tables command you get all AWS tables after installing the AWS plugin inspect aws iam policyThe second step is to see which fields you may query The inspect command shows the fields You may start to experiment with the queries gt select policy std from aws iam policy policy std Statement Action logs createloggroup The functions to work with JSON make it possible to interpret the policy documents see jsonb array elements text s gt Action as action in the following statement jsonb array elements policy std gt Statement as s jsonb array elements text s gt Resource as resource jsonb array elements text s gt Action as actionwhere s gt gt Effect Allow and resource and action or action Now we know how a control is built let s look at the speed Speed for the single control Speed with prowlerRunning the single control with prowler takes more than minutes Speed with steampipeWith steampipe it is down to seconds while giving the same results Speed for whole scanWhen doing a complete scan prowler takes about minutes for one region steampipe is running in minutes Maybe you want to try this yourself well CloudShell is your friend Here is a complete small walkthrough to check your account Walktrough getting startedThe overall steps are Download and install SteampipeInstall the AWS pluginClone repo steampipe mod aws complianceGenerate your AWS credential reportConfigure regions optional Run all benchmarksDownload report fileIn detail Login into your AWS account with admin rights Open a cloudshell Execute these commands sudo bin sh c curl fsSL steampipe plugin install steampipesteampipe plugin install awsgit clone cd steampipe mod aws complianceaws iam generate credential report Optional Edit region configIf you just want to scan specific region s you can set this in the configuration vi steampipe config aws spc connection aws plugin aws regions eu central us east You know that you do not copy the line numbers do you Wait for credential reportaws iam generate credential reportYou get this when the report is running State STARTED Description No report exists Starting a new report generation task And this when its done State COMPLETE Execute complete check with html outputsteampipe check all export htmlThis should take only minutes You see the process running Download report Look for all date time html like all htmlIn the Actions menu of cloudshell you can Download the html file You have to write the whole path like this Now you have the full report Conclusion Security ScanThere are many good open source AWS compliance and security scanning tools on github With a full report including installation on cloud shell in about minutes SteamPipe is the new shooting star in my tools portfolio We will see in the long run You should really take the minutes to try it OptimizingWhat I have learned Prefer global before local optimizing Tools and languages have restrictions Look for alternatives instead of spending much time on workarounds Compiled is faster than interpreted Do not trust general statements Write the smallest proof of concept possible to challenge your belief Feedback amp discussionFor discussion please contact me on twitter megaproaktiv Learn more GOWant to know more about using GOLANG on AWS Learn GO on AWS here SourcesGoldratt Eliyahu M Jeff Cox The Goal A Process of Ongoing Improvement North River Press Kindle Version Steampipe checkSteampipe HubProwler |
2022-04-14 15:52:16 |
海外TECH |
DEV Community |
Building labs using component-based architecture with Terraform and Ansible |
https://dev.to/edersonbrilhante/building-labs-using-component-based-architecture-with-terraform-and-ansible-15dm
|
Building labs using component based architecture with Terraform and AnsibleCurrently I am a Site Reliability Engineer SRE in the observability team at Splunk But when I worked this solution I was part of the GDI Get Data In teamNow let s talk about the problem Part of the engineer s job in GDI is building add ons to Splunk Add ons in a nutshell are plugins to connect third party data sources to Splunk platform Every time we need to work on a new add on version of a specific third party we need to set up labs for development purposes and the other with QA specifications The GDI organisation owns many add ons so we use a strategy to make rotations in which team and who in the team will work in a new version every time This is good to spread the knowledge but we had problems keeping reliable and consistent labs across the dev cycle and the teams A big fraction of people s time was manual work to set up the labs manual configuration or writing new bash power shell scripts Along with a lot of time expended in the development process the manual work creates a great deal of headache for the developersThe teams agreed it needed some automation in order to reduce the pain to create labs and avoid duplication or rework We came up with the idea of using infra as code IaC Which was nothing so special that other companies weren t already doing Because the teams are small and they are focused on the development of add ons we need an approach where the teams could have customised labs but not necessary to write IaC scripts Based on the Design Principles of react components we came up with an idea to create components that can be reused and plugged in other components And each component would be a Terraform Module an Ansible Playbook or an Ansible Role For a better elucidation let s use this example Build a lab with different environments Environment A will have windows instances Windows Server as Domain Controller Windows Servers as members server Windows Server with Windows Event Collector Splunk Universal ForwardCollecting only Sysmon events from nodes Windows Server with Windows Event Forwarding Windows Server with Windows Event ForwardingEnvironment B will have windows instances Windows Server as Domain Controller Windows Servers as members server Windows Server with Windows Event Collector WEC A Splunk Universal ForwardCollecting only Application events from nodes Windows Server with Windows Event Forwarding sending logs to WEC A Windows Server with Windows Event Forwarding sending logs to WEC A Windows Server with Windows Event Collector WEC B Splunk Universal ForwardCollecting only Security events from nodes Windows Server with Windows Event Forwarding sending logs to WEC B Windows Server with Windows Event Forwarding sending logs to WEC BEnvironment C will have windows instances Windows Server as Domain Controller with Windows Event Collector Splunk Universal ForwardCollecting only Security and Sysmon events from nodes Windows Servers as Members Server Windows Server with Windows Event Forwarding Windows Server with Windows Event ForwardingNormally Using terraform modules and Ansible Playbooks we could reproduce these environments We would need to create specific playbooks and terraform configs for each environment And here comes the problem Spending time coding permutations in some similar configurations To avoid that our approach with component based architecture we only have to write a single config file describing which modules these labs need to run without touching any Terraform Script or Ansible Playbook ArchitectureThe solution we made is compatible with many kind of labs configurations deployed in AWS Terraform scripts are used to deploy the infrastructure spinning up EC instances and other AWS resources And to provision softwares and system configuration inside of each EC instance terraform calls proper ansible playbooks Playbooks are a group of roles A role represents an implementation of specifics configuration in an independent way Take role windows splunk universal forward as example This role downloads installs and configures a splunk universal forward instance in Windows This role is coded to be used any windows version Repo Structure ├ーansible │├ーall roles ││└ーdistros ││├ーlinux │││└ーroles │││└ー lt new linux role gt ││└ーwindows ││└ーroles ││└ー lt new windows role gt │└ーplaybooks │└ー lt new playbook gt └ーterraform └ーmodules ├ーdistros │└ー lt new distro type gt └ーenvironments └ー lt new environment type gt TerraformTerraform is an open source infrastructure as code software tool that provides a consistent CLI workflow to manage hundreds of cloud services Terraform codifies cloud APIs into declarative configuration files For more info check on official documentation Terraform Structure terraform ├ーmodules │├ーconstants │├ーcore │├ーdistros ││└ー lt distro type gt │└ーenvironments │└ー lt environment type gt └ーwireWhat is an environment A environment is a pre defined kind of relations between nodes Each module environment is found in path terraform modules environments And uses the modules in terraform modules distros to build the proper relations For elucidation take this case as an example Windows Domain Controller X number of Member Servers We have this hierarchy because we need create first the DC and so give some data to member servers such as IP file terraform modules environments linux standalone main tfmodule windows domain controller source distros windows server module windows server member source distros windows server windows domain controller module windows domain controller What is a distro A distro is a pre defined kind of AMI with specific kind of setup and or provisioning Each module distro is found in path terraform modules distros And have a proper ansible playbook to execute the provisioning For elucidation take these cases as examples LinuxWindowsSplunkFree BSDTerraform example locals provisioning command ansible playbook i PUBLIC IP opt automation tools ansible playbooks windows yml extra vars local extra vars resource aws instance windows server resource null resource ansible triggers command replace local provisioning command PUBLIC IP aws instance windows server public ip provisioner local exec command replace local provisioning command PUBLIC IP aws instance windows server public ip AnsibleAnsible is an open source software provisioning configuration management and application deployment tool enabling infrastructure as code It runs on many Unix like systems and can configure both Unix like systems as well as Microsoft Windows For more info check on official documentation Ansible Structure ansible ├ーall roles│ ├ーdistros│ │ └ー lt distro type gt │ │ └ーroles│ │ └ー lt distro role gt └ーplaybooks What is a distro type A distro type is folder that centralize all ansible roles that can be used executed in a specific Take windows as example ansible all roles distros windows This folder centralize all ansible roles that can be used executed in a windows machines What is a distro role A distro role is a group of ansible tasks that implements related configurations that represents a functionality For elucidation take the list of tasks from splunk UF role Downloads Splunk UF Installs the download file Sets default configuration Starts Splunk UF Explaining the config fileHere you can find a complete config example config myenv type windows standalone nodes myvm type windows enabled roles windows funcionality true windows funcionality true os size t medium distro windows type windows version myvm type linux standalone nodes mylinux type linux enabled roles linux funcionality true linux funcionality true os size t medium distro ubuntu type linux version Under the hood this configuration will be translated to create EC instances in AWS and each instance will run playbooks with specific roles Block explanation Each block myenvx represents how the environment will be deployed The type represents which predefined environment will be used Each block myvmx represents a VM that will be created The type represents which predefined distro will be used The block os has properties that will create a proper EC instance The AWS type instanceType of Distro windows linux etc OS Distro ubuntu debian suse windows etc Version of the OS DistroWith this info the terraform will know which AWS AMI to use to spin up in the EC instanceThe block enabled roles represents a list of Ansible Roles to execute in each instanceFor more details about the code and implementation check the code demo fully functional |
2022-04-14 15:48:35 |
海外TECH |
DEV Community |
What's a fun group activity that we could do during CodeLand 2022? |
https://dev.to/devteam/whats-a-fun-group-activity-that-we-could-do-during-codeland-2022-1dh9
|
What x s a fun group activity that we could do during CodeLand We re in the midst of prepping for CodeLand which is set to happen June amp in the CodeNewbie Community As part of our preparations we re looking for a fun game or activity that we could do as a group mob In the past we had a fun little game hosted by Twilio called Nom Nom where we split everybody into teams and gave folks control over Roomba vacuums ーthe first team to vacuum up the other teams confetti was declared winner It s wonderfully chaotic and as goofy as it sounds but hopefully easy to understand how fun it is when you watch the video Skip ahead to or click here to be taken directly to the Nom Nom game So anybody got any ideas for an activity that would be fun for a big group of folks to take part in online Note We need to keep things rolling so I m going to put a deadline on this discussion for next Tuesday April th at PM UTC |
2022-04-14 15:47:37 |
海外TECH |
DEV Community |
Beginner's Guide to web app pentesting |
https://dev.to/dumboprogrammer/beginners-guide-to-web-app-pentesting-52o5
|
Beginner x s Guide to web app pentestingA pen test allows us to determine any security weakness of the entire web application and across its components including the source code database and back end This helps the developer in prioritizing the pinpointed web app vulnerabilities and threats and come up with strategies to mitigate them WHY CARE Almost everything that we do is done through the internet From shopping to banking to everyday transactions most of them can be done digitally And there are several web applications that can be used to complete these online activities The popularity of web applications has also introduced another vector of attack that malicious third parties can exploit for their personal gains Since web applications usually store or send out sensitive data it is crucial to keep these apps secure at all time particularly those that are publicly exposed to the World Wide Web In a nutshell web penetration testing is a preventive control measure that lets you analyze the overall status of the existing security layer of a system These are the common goals of doing pen testing for web apps Identify unknown vulnerabilities Check the effectiveness of the existing security policies Test publicly exposed components including firewalls routers and DNS Determine the most vulnerable route for an attack Look for loopholes that could lead to the data theft Types of Penetration Testing for Web ApplicationsMethod Internal Pen TestingAs the name implies the internal penetration testing is performed within the organization via LAN including testing web applications that are hosted on the intranet This facilitates the identification of any vulnerabilities that may exist within the corporate firewall One of the greatest misconceptions is that attacks can only occur externally so developers often overlook or do not give much importance to internal Pentesting Some of the internal attacks that can happen include Malicious Employee Attacks by aggrieved employees contractors or other parties who have resigned but still have access to the internal security policies and passwords Social Engineering Attacks Simulation of Phishing Attacks Attacks using User Privileges Method External Pen TestingExternal pen testing focuses on attacks initiated from outside the organization to test web applications hosted on the internet Testers also called ethical hackers do not have information about the internal system and the security layers implemented by the organization They are simply given the IP address of the target system to simulate external attacks No other information is given and it is up to the testers to search public web pages to get more information about the target host infiltrate it and compromise it External pen testing includes testing the organization s firewalls servers and IDS etc HOW TF IS IT DONE Pen testing for web apps focuses on the environment and the setup process instead of the app itself to do this This involves gathering information about the target web app mapping out the network that hosts it and investigating the possible points of injection or tampering attacks It can be done in three stepsStep Active and Passive ReconnaissanceThe first step in web app pen testing is the reconnaissance or information gathering phase This step provides the tester with information that can be used to identify and exploit vulnerabilities in the web app Passive reconnaissance means collecting information that is readily available on the internet without directly engaging with the target system This is mostly done using Google beginning with subdomains links previous versions etc Active reconnaissance on the other hand means directly probing the target system to get an output Here are some examples of methodologies used for active reconnaissance Nmap Fingerprinting You can use the Nmap network scanner to get information about the web app s scripting language OS of the server server software and version open ports and services currently running Shodan Network Scanner This tool can help you get additional information that is publicly available about the web app including geolocation server software used port numbers opened and more DNS Forward And Reverse Lookup This method allows you to associate the recently discovered subdomains with their respective IP addresses You can also use Burp Suite to automate this process DNS Zone Transfer You can do this by using the nslookup command to find out the DNS servers being used Another option would be to use DNS server identification websites then using the dig command to attempt the DNS zone transfer Identify Related External Sites This part of the information gathering phase is important because of the traffic that flows between the external websites and the target website Using the Burp Suite covers this step quite easily Analyze HEAD and OPTION Requests The responses generated from HEAD and OPTIONS HTTP requests show the web server software and its version plus other more valuable data You can use Burp Suite s intercept on feature when visiting the target website to get this information Data From Error Pages Error pages provide more information than you d expect By modifying the URL of your target website and forcing a Not Found error you ll be able to know the server and the version the website is running on Checking the Source Code Examining the source code helps you find useful information you can use to pinpoint some vulnerabilities It helps you determine the environment the app is running on and other relevant information Documenting All Data After getting all this information it is important to organize and document your findings which you can use later on as a baseline for further study or for finding vulnerabilities to exploit Step Attacks or Execution PhaseThe next step is the actual exploitation step In this phase you implement the attacks based on the information you have gathered during the reconnaissance stage There are several tools you can use to attack the designated applicatio Let s look at the top penetration tools used for web applications in the industry today Nmap Nmap or Network Mapper is a scanning and reconnaissance tool It is used for both network discovery and security auditing Aside from providing basic information on the target website it also includes a scripting module that can be used for detecting vulnerability and backdoor and execution of exploitations WireShark Wireshark is one of the most popular network protocol analyzers right now facilitating deep inspection of protocols as well as live traffic capture and offline analysis of a captured file The data can also be exported analyzing Metasploit This the s e tool This pen testing tool is actually a framework and not a specific application You can use this to create custom tools for particular tasks Nessus This vulnerability scanner helps testers identify vulnerabilities configuration problems and even the presence of malware on web applications This tool however is not designed for executing exploitations but offers great help when doing reconnaissance Burp Suite This tool is an all in one platform for testing the security of web applications It has several tools that can be used for every phase of the testing process including Intercepting proxy Application aware spider Advanced web application scanner Intruder tool Repeater tool and Sequencer tool Step Reporting And Recommendations After collecting data and exploitation processes the next step is writing the web application pen testing report Create a concise structure for your report and make sure that all findings are supported by data Stick to what methods worked and describe the process in detail Aside from writing down the successful exploits you need to categorize them according to their degree of criticality to help the developers focus in dealing with the more serious exploits first A book helped me learn ethical hacking you can read it for free here |
2022-04-14 15:29:34 |
海外TECH |
DEV Community |
How to Download Python 3 On Windows Without any Incorrect Version |
https://dev.to/shriekdj/how-to-download-python-3-on-windows-without-any-incorrect-version-1kie
|
How to Download Python On Windows Without any Incorrect VersionSo This is Start of the Series Python tutorials by shriekdj So Most of the Time this process is very simple to follow just go to website click download button to get python but there may be some problems occure in this process Direct Method of Downloading Python From there WebsiteAs per my case I was trying to install python on my college computer which had Windows Educational On It and gone to python org s download page which looks like below Here I Just clicked download button and try to install EXE but it was not able to download The reason was that my college computer was Bit the download button is configured for bit Version Now Even if the that exe was bit it should be run on bit but still the errors are there then actual location of the python bit exe was at given address in below image After this the process of installing it same as all other apps just Click agree continue and next whatever available and Be Aware to Select an Checkbox Name Add to Path as checked Because it helps you run python code from anywhere in the system from command line also Otherwise you will have issues for running python programs Like if you want to run file named main py then the command python main py will not work you have to specify your python exe location with the command like given below Command If python is added to PATHpython main py or python main py Command if python is not added to PATHC python bin python exe main pyAnd Obviously you don t want to something like thatBe Aware of the Current Latest Python Versions are Python Python and Python And Does Not Bing Released for deprecated os Windows and Below But You Can Build the Python From There GitHub Repo By Reading there Installation docs Given Below is GitHub Repo of Cpython python cpython The Python programming language This is Python version alpha Copyright Python Software Foundation All rights reserved See the end of this file for further copyright and license information ContentsGeneral InformationContributing to CPythonUsing PythonBuild InstructionsProfile Guided OptimizationLink Time OptimizationWhat s NewDocumentationConverting From Python x to xTestingInstalling multiple versionsIssue Tracker and Mailing ListProposals for enhancementRelease ScheduleCopyright and License InformationGeneral InformationWebsite Source code Issue tracker Documentation Developer s Guide Contributing to CPythonFor more complete instructions on contributing to CPython developmentsee the Developer Guide Using PythonInstallable Python kits and information about using Python are available atpython org Build InstructionsOn Unix Linux BSD macOS and Cygwin configuremakemake testsudo make installThis will install Python as python You can pass many options to the configure script… View on GitHub Downloading Python From Windows App StoreIt is the easiest way to download and install python from there own app store which available for free to download Just be aware to install Python not Python I Will Suggest Installing Other Terminal like Windows Terminal or Git Bash Shell which are easy to use and less error prone for example the built in command line tools are to non user friendly for programmer and I am Saying from my experience Installing Python From Packages Managers Built for Windows Operating SystemNow In This decade some devs out there builted some package managers for windows operating system which is similar to linux or mac os command line package manager Some of them are given belowChocolatey Package Manager The Third Party Package Manager You Can also install things like Visual C Runtime Python NodeJS and Many More Winget Package Manager by Microsoft So this is an Package Manager build by Microsoft themselves I do not have any Experience with using it but you can try and give your opinions in comments and also the link is of github repo not download link Thanks for taking time the time to reading the post until here Give any reactions for giving my content algorithm boost Bye |
2022-04-14 15:17:00 |
海外TECH |
DEV Community |
How to measure Change failure rate? |
https://dev.to/codacy/how-to-measure-change-failure-rate-6dc
|
How to measure Change failure rate Change failure rate is one of the most interesting metrics you should use to evaluate your team s quality and overall efficiency of your Engineering performance There are four key Accelerate metrics that we will cover in detail Lead time for changes Deployment frequency Time to recover andChange failure rate In this article we are focusing on Change failure rate So keep on reading to know what Change failure rate is how we measure it in Pulse and how your team can start using it to achieve elite engineering performance What is Change failure rate In a nutshell Change failure time measures the percentage of deployments causing a failure in production requiring remediation e g hotfix rollback patch “A key metric when making changes to systems is what percentage of changes to production including for example software releases and infrastructure configuration changes fail In the context of Lean this is the same as percent complete and accurate for the product delivery process and is a key quality metric Accelerate The science of lean software and DevOps Building and scaling high performing technology organizationsWhat does Change failure rate measure Change failure rate is a good indicator of the teams capabilities and overall development process efficiency It is one of the most interesting quality metrics for an organization to work on to ensure their software s stability and correct functioning This metric is inspired by the Lean principles and analyzes how your team guarantees the security of code changes and how deployments are being managed How to read Change failure rate On the one hand a Change failure rate that is too high indicates there may be broader issues like manual or inefficient deployment processes and lack of testing before deployment On the other hand a low Change failure rate shows that your team was able to shift left enough verifications to identify infrastructure errors and application bugs before deployment Your team s goal should be to continuously reduce your Change failure rate because it means that your code is being extensively tested to avoid a disruption in your software As a result you are not compromising your software s availability and correct functioning Change failure rate in PulseProducts like Pulse make it easy for your team to know what your Change failure rate looks like Pulse connects seamlessly with your GitHub Jira and PagerDuty to give you Change failure rate and other Engineering metrics out of the box Your team only needs to focus on making informed decisions to improve your results How is Pulse measuring Change failure rate Pulse measures Change failure rate by calculating the percentage of deployments causing a failure in production e g service impairment or unplanned outage It s computed with the following formula number of deployments that caused incidents total number of deploymentsPulse calculates the metrics per repository or service and when displaying them they are aggregated using an average by time interval Change failure rate in PulsePulse takes care of all the details to ensure your metrics are accurate and reliable Pulse can automatically detect your deployments by picking signals from GitHub and then associate incidents with the failed deployments simplifying the integration and enabling you to explore the metrics by repository service and each of your GitHub teams What Change failure rate should a team have The best practice performance level for this metric published every year on the Accelerate State of DevOps report Elite High Medium N A Low The Accelerate State of DevOps report defines the same range of values for both Medium and Low performance levels so we ve opted to skip the Medium level in Pulse See what s your Change failure rate lt wp button gt How to use Change failure rate Over time Change failure rate should be getting smaller while your team is increasing in the performance level until reaching best practice levels Having a small Change failure rate allows your team to have a sound overall deployment process and deliver high quality software quickly Causes of high Change failure rateRelying on manual deployment processes prone to human error Perform infrastructure changes that are not reproducible Tests being carried out manually Poor code quality that difficult maintainability and introduction of new code leading to more complex testing and unexpected application errors How to reduce Change failure rateWork on small and self contained changes working with smaller versions of changes makes it easier to test them and less likely to break Leverage infrastructure and application configuration as code guarantee that mission critical configurations and services infrastructure are visible and reproducible Use test automation incorporating automated tests at every stage of the CI CD pipeline can help you reduce delivery times since it helps catch issues earlier Automate code reviews using automated code review tools like Codacy can help you improve your code quality and save your team valuable time ConclusionChange failure rate is a fundamental metric to analyze and improve the efficiency of your Engineering team It is a valuable metric to understand the capabilities of your team and how they learn from previous problems to improve later workflows Together with Lead time for changes Deployment frequency and Time to recover this metric provides valuable insights for your team to achieve full engineering performance With Pulse you can easily measure and analyze the Change failure rate in your projects and make better decisions We also suggest you re watch our webinar on How to boost your Engineering Speed amp Quality with the right Metrics We talked about how your team can deploy faster and more efficiently without compromising code quality and how you can make the most out of the engineering data already available to you Don t miss out |
2022-04-14 15:02:46 |
海外TECH |
DEV Community |
Introduction to GitLab CI | What is GitLab CI | GitLab Tutorial For Beginners | Part I |
https://dev.to/lambdatest/introduction-to-gitlab-ci-what-is-gitlab-ci-gitlab-tutorial-for-beginners-part-i-3bba
|
Introduction to GitLab CI What is GitLab CI GitLab Tutorial For Beginners Part IGitLab is an open source end to end DevOps platform that leverages the upstream concepts of Agile Methodologies DevOps and Continuous Delivery Start FREE Testing Integrate GitLab with LambdaTest This is Part of the GitLab Tutorial for beginners wherein Moss tech with moss a DevOps engineer introduces you to the GitLab CI the fundamental commands of Git and showcases how to work with GitLab using GitLab flow He further explains how to migrate from Jenkins Pipelines to GitLab and deploy software using GitLab packaging and releasing features This video will help answer the following questions What is GitLab CI Why GitLab is used How does GitLab CI work What is the difference between Git and GitHub and GitLab How do I migrate from Jenkins to GitLab In this video tutorial module Moss helps you learn the basics of Git and understand what is GitLab You will get to know the major components of the GitLab interface basic workflow in GitLab called GitLab flow and multiple examples of performing activities with the GitLab flow Further deep diving into more advanced topics of how to do CI CD in GitLab explore GitLab packaging and releasing and learn how to integrate LambdaTest platform with GitLab CI CD and perform cross browser testing |
2022-04-14 15:02:35 |
海外TECH |
DEV Community |
Paracetamol.js💊| #101: Explica este código JavaScript |
https://dev.to/duxtech/paracetamoljs-101-explica-este-codigo-javascript-cd0
|
Paracetamol js Explica este código JavaScript Explica este código JavaScript Dificultad Avanzado¿Cuál de las siguientes funciones es pura const returnNumber num gt num console log returnNumber Math random const returnDate date gt date console log returnDate Date now const getApi api gt return fetch api then res gt res json then response gt console log response console log getApi const exp x y gt x y console log exp A getApi y returnNumber son funciones purasB Ninguna es una función puraC Todas son funciones purasD Solo exp es una función puraRespuesta en el primer comentario |
2022-04-14 15:01:28 |
Apple |
AppleInsider - Frontpage News |
How to access extended characters like the degree symbol on iPhone and Mac |
https://appleinsider.com/inside/iphone/tips/how-to-access-extended-characters-like-the-degree-symbol-on-iphone-and-mac?utm_medium=rss
|
How to access extended characters like the degree symbol on iPhone and MacYour physical or digital keyboards present a limited number of character options on the surface However there are a few ways to access accented letters special characters and more on iOS and Mac An Apple keyboardThe standard iOS keyboard gives you quick access to upper case and lower case letters the standard numbers punctuation marks and characters There is of course a plethora of other characters out there You can choose from letters with umlauts to an upside down question mark Read more |
2022-04-14 15:54:21 |
海外TECH |
Engadget |
US warns of state-supported malware built to attack critical infrastructure |
https://www.engadget.com/us-warning-state-backed-malware-critical-infrastructure-155038942.html?src=rss
|
US warns of state supported malware built to attack critical infrastructureThe US is still on high alert for more cyberattacks against critical infrastructure TechCrunchnotes the Cybersecurity and Infrastructure Security Agency Energy Department FBI and NSA have issued a warning that hackers have developed custom malware to hijack industrial control systems Nicknamed Incontroller by Mandiant researchers the quot very likely quot state backed code breaches controllers from Omron and Schneider Electric that are frequently used for industrial automation Neither the government nor Mandiant attributed Incontroller to a particular country or hacking group However Mandiant said the malware s capabilities were quot consistent quot with Russia s past efforts and its quot historical interest quot in compromising industrial control systems The software is complex enough to have required ample expertise to develop researchers said and it s not very useful for quot financially motivated quot hacks One component Tagrun is a quot reconnaissance quot tool that provides a detailed look at control processes and production systems The alert s timing is difficult to ignore It comes as Ukraine grapples with Russia s invasion and recently foiled a cyberattack against an energy provider that was allegedly the work of Russian military operatives The US Justice Department also indicted Russian government staff over years of energy sector attacks The response also follows a year after a string of attacks against American infrastructure companies like Colonial Pipeline and JBS although those were ransomware incidents more likely perpetrated by criminal groups Regardless of who s responsible there s no direct protection against Incontroller at the moment In their warning US officials recommended common security measures such as multi factor authentication and frequent password changes to minimize the chances of an intrusion While it wouldn t be surprising to see companies deliver security fixes in the near future there s still a practical risk that intruders could disrupt power grids manufacturers and others that depend on the affected equipment |
2022-04-14 15:50:38 |
海外TECH |
Engadget |
Honda will retire the hybrid Insight to focus production on its 'core' models |
https://www.engadget.com/honda-will-retire-the-hybrid-insight-to-focus-production-on-its-core-models-153857934.html?src=rss
|
Honda will retire the hybrid Insight to focus production on its x core x modelsThe Honda Insight was first released in and immediately gained a passionate following among car enthusiasts but was always something of an odd duck in the automaker s lineup ーit was the Civic Hybrid before there was officially a Civic Hybrid However the Insight s days of being the single most fuel efficient gas powered vehicle on the road that doesn t plug in are coming to a close Despite record sales of more than electrified vehicles that s EVs and hybrids in Honda on Thursday announced that it will be sunsetting the venerated Insight this June as the company refocuses production efforts on its quot core quot hybrid models ーthe Accord CR V and Civic ーand continues to migrate towards full EV capacity “Hybrid electric vehicles are effective in reducing greenhouse gas emissions and are a critical pathway toward Honda s vision for zero emission vehicle sales in North America by said Mamadou Diallo vice president of Auto Sales at American Honda Motor Co Inc “Making the volume leader of our core models hybrid electric will dramatically boost electrified sales in the Honda lineup a strategy that will be augmented by the arrival of a Civic Hybrid in the future The company notes that the Indiana Auto Plant where the Insight was produced will transition into making the CR V CR V Hybrid and Civic Hatchback Honda plans to introduce new iterations of the CR V Hybrid later this year followed by the Accord Hybrid and quot in the future quot the Civic Hybrid |
2022-04-14 15:38:57 |
海外TECH |
Engadget |
Korg's Volca FM 2 synth adds more voices, reverb and randomization |
https://www.engadget.com/korg-volca-fm-2-synthesizer-152847286.html?src=rss
|
Korg x s Volca FM synth adds more voices reverb and randomizationKorg arguably kickstarted something of a synth revolution when it launched the Volca line And the Volca FM has been a consistent favorite in the series It was also the first quot real quot synth I ever got so I have something of a soft spot for it Now some six year later the company is issuing an updated model the Volca FM Like the Volca Sample it released in this is a mostly incremental improvement on the previous model but it does address some pain points nbsp Let s start with what hasn t changed ーthe core six operator algorithm synth engine The Volca FM remains an unabashedly traditional take on the Yamaha DX The form factor is also unchanged and you can still power it with six AA batteries You also still get the same step sequencer with quot motion sequencing quot Physically the changes are subtle The display is now blue eight segment LEDs instead of red The five pin MIDI DIN has been replaced with a TRS MIDI jack but that has also made room for MIDI out incase you want to control other gear with the Volca s sequencer The big changes though are under the hood For one the the Volca FM is a six voice synth instead of a three voice one That s a huge change and allows you to play bigger richer chords And it now responds to velocity over MIDI something you basically needed a hack to get before There s also a reverb effect built in in addition to the chorus A little reverb goes a long way when you re dealing with a synth especially a digital one So this is another very welcome upgrade Lastly Korg has added a randomization feature This allows you to quickly create new and unique sounds without having to master the arcane art of FM synthesis nbsp The Volca FM is available to preorder today for |
2022-04-14 15:28:47 |
海外TECH |
Engadget |
WhatsApp wants to turn your group chats into 'Communities' |
https://www.engadget.com/whatsapp-communities-group-chats-150248053.html?src=rss
|
WhatsApp wants to turn your group chats into x Communities x WhatsApp will start experimenting with Communities an update that represents a “major evolution for the messaging app according to Mark Zuckerberg An unreleased version of the feature was first spotted last year but the company hadn t confirmed its existence until now Communities will allow people to combine separate group chats “under one umbrella with a structure that works for them WhatsApp wrote in a blog post “That way people can receive updates sent to the entire Community and easily organize smaller discussion groups on what matters to them The company hasn t shared details around exactly how these groups will be formed but a spokesperson said the idea is to give “close knit groups more ways to communicate beyond the chat features currently offered by WhatsApp The company will start testing the feature later this year in “select countries but will eventually make it available globally In a post on Facebook Zuckerberg said that Communities would be a major shift for WhatsApp and Meta one that emphasizes “feeds and traditional social networking features less than “community messaging “In the same way that social feeds took the basic technology behind the internet and made it so anyone could find people and content online I think community messaging will take the basic protocols behind one to one messaging and extend them so you can communicate more easily with groups of people to get things done together he wrote He added that Meta was working on similar features for Messenger WhatsApp and Facebook as well It s also a playbook Meta has used in the past In Zuckerberg tried to reorient Facebook around Groups and “meaningful communities The company started building new feature for Groups and encouraging users to join as part of its new mission to quot bring the world closer together Zuckerberg seems to be following the same strategy now with WhatsApp which is far more popular than Facebook in much of the world nbsp Making WhatsApp more like Groups on Facebook also comes with some risks though Facebook s earlier pivot to Groups may have resulted in increased polarization on the platform and Groups have also been pegged as major sources of misinformation on the platform And WhatsApp which due to its encryption lacks many of the moderation tools available to Facebook has already struggled with misinformation and other problematic content Making it even easier to connect disparate group threads into one place could potentially exacerbate these issues A spokesperson said the company is “building a number of updates focused on safety and pointed to new controls that allow admins to delete messages and existing limits on message forwarding |
2022-04-14 15:02:48 |
Cisco |
Cisco Blog |
New Software Architecture Enables Session-Aware Networking to Massively Scale Authentication and Access Policy Control |
https://blogs.cisco.com/networking/new-software-architecture-enables-session-aware-networking-to-massively-scale-authentication-and-access-policy-control
|
New Software Architecture Enables Session Aware Networking to Massively Scale Authentication and Access Policy ControlThe SANet re architecture has evolved from being a single core Cisco IOS XE application to a horizontally scalable application adapting to Cisco s database centric programming model The device state is now maintained in the database along with making use of the multicore capabilities of device platforms |
2022-04-14 15:00:44 |
海外科学 |
NYT > Science |
Why Did Two Antarctic Ice Shelves Fail? Scientists Say They Now Know. |
https://www.nytimes.com/2022/04/14/climate/antarctic-ice-shelves-atmospheric-rivers.html
|
Why Did Two Antarctic Ice Shelves Fail Scientists Say They Now Know The collapse of the two huge ice shelves was most likely triggered by vast plumes of warm air from the Pacific researchers have found |
2022-04-14 15:27:39 |
海外TECH |
WIRED |
Elon Musk Has Triggered a Battle for the Future of Twitter |
https://www.wired.com/story/elon-musk-takeover-twitter
|
board |
2022-04-14 15:50:17 |
海外TECH |
WIRED |
WhatsApp Doubles Down With End-to-End Encrypted ‘Communities’ |
https://www.wired.com/story/whatsapp-communities-feature
|
expansion |
2022-04-14 15:05:22 |
金融 |
RSS FILE - 日本証券業協会 |
株券等貸借取引状況(週間) |
https://www.jsda.or.jp/shiryoshitsu/toukei/kabu-taiw/index.html
|
貸借 |
2022-04-14 15:30:00 |
金融 |
金融庁ホームページ |
鈴木財務大臣兼内閣府特命担当大臣閣議後記者会見の概要(令和4年4月12日)を公表しました。 |
https://www.fsa.go.jp/common/conference/minister/2022a/20220412-1.html
|
内閣府特命担当大臣 |
2022-04-14 17:00:00 |
ニュース |
ジェトロ ビジネスニュース(通商弘報) |
VW、半導体などの分野でサンパウロ大学と共同研究へ |
https://www.jetro.go.jp/biznews/2022/04/6b944dc8850cc065.html
|
共同研究 |
2022-04-14 15:40:00 |
ニュース |
ジェトロ ビジネスニュース(通商弘報) |
ジェトロ、米国西海岸の港湾の最新動向セミナーを開催 |
https://www.jetro.go.jp/biznews/2022/04/dc898cccf20bf0f3.html
|
西海岸 |
2022-04-14 15:30:00 |
ニュース |
ジェトロ ビジネスニュース(通商弘報) |
ポルシェ、チリで合成燃料を製造するプロジェクト企業に出資 |
https://www.jetro.go.jp/biznews/2022/04/d62902f015b3ddf4.html
|
製造 |
2022-04-14 15:20:00 |
ニュース |
ジェトロ ビジネスニュース(通商弘報) |
元トップモデル、ファッション産業の盛り上げに意欲強く |
https://www.jetro.go.jp/biznews/2022/04/0f0f41fd8cba8c4e.html
|
産業 |
2022-04-14 15:10:00 |
ニュース |
BBC News - Home |
UK government criticised over 'cruel' Rwanda asylum plan |
https://www.bbc.co.uk/news/uk-politics-61110237?at_medium=RSS&at_campaign=KARANGA
|
trial |
2022-04-14 15:33:31 |
ニュース |
BBC News - Home |
Russian warship Moskva: What do we know? |
https://www.bbc.co.uk/news/world-europe-61103927?at_medium=RSS&at_campaign=KARANGA
|
russia |
2022-04-14 15:40:35 |
ニュース |
BBC News - Home |
Prince Charles stands in for Queen at Maundy Service |
https://www.bbc.co.uk/news/uk-61111303?at_medium=RSS&at_campaign=KARANGA
|
traditional |
2022-04-14 15:37:23 |
ニュース |
BBC News - Home |
Michael Snee and Aidan Moffitt killings: Man due in Sligo court |
https://www.bbc.co.uk/news/world-europe-61106318?at_medium=RSS&at_campaign=KARANGA
|
homes |
2022-04-14 15:40:48 |
ニュース |
BBC News - Home |
Local elections: 'I honestly don't have a clue' |
https://www.bbc.co.uk/news/uk-england-london-61112129?at_medium=RSS&at_campaign=KARANGA
|
londoners |
2022-04-14 15:02:37 |
北海道 |
北海道新聞 |
道内の町村議 なり手不足深刻 統一地方選まで1年 |
https://www.hokkaido-np.co.jp/article/669634/
|
地方議員 |
2022-04-15 00:17:00 |
北海道 |
北海道新聞 |
日本企業29社、再エネ移行表明 米アップル取引先、3倍超に増加 |
https://www.hokkaido-np.co.jp/article/669713/
|
日本企業 |
2022-04-15 00:16:00 |
北海道 |
北海道新聞 |
お薦めの食・旅 ウェブに集合 「トリップイート北海道」開設 |
https://www.hokkaido-np.co.jp/article/669688/
|
北海道新聞社 |
2022-04-15 00:01:00 |
コメント
コメントを投稿