投稿時間:2022-11-25 07:16:27 RSSフィード2022-11-25 07:00 分まとめ(14件)

カテゴリー等 サイト名等 記事タイトル・トレンドワード等 リンクURL 頻出ワード・要約等/検索ボリューム 登録日
IT InfoQ Presentation: DevOps for Java Developers https://www.infoq.com/presentations/devops-java-devs/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=global Presentation DevOps for Java DevelopersIx chel Ruiz discusses DevOps for Java developers By Ix chel Ruiz 2022-11-24 21:40:00
IT ITmedia 総合記事一覧 [ITmedia News] TwitterのマスクCEO、「民の声」により凍結アカウントの大量恩赦を開始するとツイート https://www.itmedia.co.jp/news/articles/2211/25/news093.html itmedianewstwitter 2022-11-25 06:47:00
IT ITmedia 総合記事一覧 [ITmedia ビジネスオンライン] キャリアステップが多様な企業 2位「サイバーエージェント」、1位は? https://www.itmedia.co.jp/business/articles/2211/25/news071.html itmedia 2022-11-25 06:30:00
IT ビジネス+IT 最新ニュース 【単独】ナイアンティックに聞く「リアルメタバース」戦略、現実世界をどう拡張する? https://www.sbbit.jp/article/cont1/99737?ref=rss 【単独】ナイアンティックに聞く「リアルメタバース」戦略、現実世界をどう拡張するポケモンGOで知られる米ナイアンティックCEOジョン・ハンケ氏が「メタバースはディストピアの悪夢です。 2022-11-25 06:10:00
Google カグア!Google Analytics 活用塾:事例や使い方 JASRACとApple Podcast、Spotifyは包括提携していません https://www.kagua.biz/marke/podcast/jasrac%e3%81%a8apple-podcast%e3%80%81spotify%e3%81%af%e5%8c%85%e6%8b%ac%e6%8f%90%e6%90%ba%e3%81%97%e3%81%a6%e3%81%84%e3%81%be%e3%81%9b%e3%82%93.html anchor 2022-11-24 21:00:58
海外TECH MakeUseOf How to Unlock the Hidden Developer Tab in Excel https://www.makeuseof.com/tag/unlock-hidden-developer-tab-excel/ developer 2022-11-24 21:46:16
海外TECH DEV Community NGINX WAF alternatives: App Protect vs. ModSecurity vs. open-appsec https://dev.to/openappsec/nginx-waf-alternatives-app-protect-vs-modsecurity-vs-open-appsec-325f NGINX WAF alternatives App Protect vs ModSecurity vs open appsecWritten by Rubaiat HossainNginx is a popular web server software that can also be used for caching load balancing and reverse proxying Its asynchronous event driven architecture makes Nginx a good choice for high traffic systems which is the reason a lot of DevOps engineers and web developers choose to use it However having a high performance web server is only helpful when you protect your web app accordingly This is where web application firewalls WAFs come into play WAFs sit between your web app and its traffic and they filter out malicious HTTP requests A solid WAF solution can prevent various layer attacks including the OWASP Top Ten bot attacks and zero day attacks Since Nginx has different use cases protecting your application depends on how and where you use it It s recommended that you have a reliable WAF solution since they block most harmful requests in the first place In this article you ll compare three toolsーModSecurity F Nginx App Protect and open appsecーbased on their active development advanced security features and open source commitment to help you figure out which tool is right for you ModSecurityModSecurity is an open source WAF that has been developed since It s proved to be a great success and developers across the world use it Active DevelopmentBefore addressing ModSecurity s active development it s important to define what the term active development means here In this article when a tool is reviewed based on its active development it s in reference to the program having a continuous development effort and a committed community Effective July Trustwave SpiderLabs the developers behind ModSecurity announced the end of life EOL support for this WAF The open source community should continue the development of ModSecurity as the code is freely available and many projects use it However commercial support will no longer be available after the EOL date ModSecurity v has also introduced major changes in how ModSecurity works The entire WAF is not packed together anymore Instead the single libmodsecurity engine is paired with a connector module that interfaces the application with the server Different connectors are available based on the server and are hosted as independent packages This means that there s a separate ModSecurity v Nginx Connector project Advanced Security FeaturesAdvanced security features of a WAF are the functionalities that set it apart As a public facing component of the internet modern WAFs require solid defense mechanisms to protect from rapidly emerging new threads and malicious activities ModSecurity offers many powerful features such as continuous inspection of HTTP streams reliable blocking capabilities and a robust rule engine complemented by a straightforward rule language called SecRule What sets ModSecurity apart is its flexibility You can use its features any way you see fit from real time application monitoring to full traffic logging and URL encoding to web app hardeningーthe scope of creativity is unlimited Its solid HTTP blocking capabilities and flexible rule engine allow ModSecurity to patch vulnerabilities without touching the application itself This practice is known as virtual patching and it can protect any app using communication channels like HTTP However it should be noted that signature based solution are reactive by nature meaning that often signatures aren t available until after vulnerabilities have been known for some time and exploits are put into circulation ModSecurity also excels in logging HTTP requests Since most web servers log a few pieces of information by default ModSecurity s effective logging capabilities make it a lucrative choice from a security standpoint Open SourceModSecurity is an open source project with its codebase open for third party contributions It has an active GitHub community of open source developers who maintain the project and fix issues You can easily fork this WAF and tune features yourself However with its backing organization announcing ModSecurity s end of support you can expect little to no active development from the vendor in the future Nginx App ProtectNginx App Protect is a premium WAF solution that seamlessly integrates with Nginx and provides robust features for DevOps teams F has acquired Nginx and is actively developing its paid offerings As a result Nginx App Protect should be viable for those looking to safeguard enterprise systems and data Active DevelopmentYou can expect new features and updates to be added once every few months to Nginx App Protect for handling newer threats and support is available on demand Coupled with Nginx s extensive documentation and active community finding support should be effortless for developers Advanced Security FeaturesNginx App Protect is a capable WAF solution that can protect modern web applications APIs containers and microservices Nginx App Protect follows the same role based access control policy used by ModSecurity It benefits from the security rules derived from other F security solutions and excels at preventing regular layer attacks Like ModSecurity it is based on signatures and so usually reactive to zero day attacks as signatures aren t available until after vulnerabilities have been known for some time and exploits are put into circulation This WAF solution aligns with modern software architecture and continuous integration continuous deployment CI CD principles The platform agnostic nature and declarative policies used by Nginx App Protect allow engineers to focus on innovation rather than worrying about security right from the very beginning The Nginx Controller App Security allows to manage declarative configuration files for App Protect in a centralized manner It makes managing Nginx App Protect simpler than ModSecurity which though immensely flexible lacks central control Open SourceNginx App Protect is a closed source solution To use the WAF product you ll need to sign up for a premium offering from F Nginx that includes NGINX Plus or NGINX Ingress Plus and a licence for App Protect U S List Prices starts at per month for Nginx Plus for Single Instance and Standard Support plus per month for the App Protect Add On for Single Instance Although the enterprise nature of Nginx App Protect ensures prompt support and in depth documentation the absence of an open source model prevents DevOps engineers or developers from auditing the code themselves and diving deeper into the features open appsecopen appsec is a modern day WAF solution that leverages machine learning ML to detect and prevent unknown zero day attacks as well as standard known attacks Active Developmentopen appsec is under active development and the code is open source and public This move allows for regular feature updates and bug fixes by open source developers The core open appsec WAF engine is developed in C and is available via GitHub Additional security components are written in C and Go and are readily available The developers are actively adding new features and adjustments to the ML based threat engine In addition the open source codebase is updated regularly and offers thorough documentation making it a suitable choice for securing modern day Nginx systems Advanced Security Featuresopen appsec offers several advanced security features of which the flagbearer is its ML based threat detection engine The ML powered core automatically prevents OWASP Top Ten and zero day attacks without requiring any tuning or configurations The intelligent WAF engine continuously analyzes user behavior and transaction profiles to detect and mitigate threats before escalation This shift toward proactive threat mitigation from the reactive approaches utilized by standard rule based WAFs makes open appsec a worthy WAF solution for the future generation of web apps Moreover open appsec s seamless integration with modern CI CD tools allows developers to spend less time securing apps and more time shipping new builds It s also a breeze to automate You can use declarative infrastructure as a service IaaS or APIs to take care of heavy tasks In addition open appsec needs little manual administration It s an install and forget solution that preemptively prevents newer threats and reduces the attack surface significantly compared to traditional WAFs like ModSecurity which require manual rule enforcement to stop the latest threats Users of paid solutions like Nginx App Protect must also wait for vendor supplied signaure rules for newer vulnerabilities Open Sourceopen appsec provides a fully open source solution that can be audited by third parties or extended by individual developers As previously stated the project is hosted on GitHub and has undergone rigorous auditing by independent security experts The code is easy to read and understand You can also compile open appsec with standard compilation tools and it makes analyzing program behavior simple using traditional code analysis tools This WAF solution also meets the security standards of the Open Source Security Foundation OpenSSF which indicates the high quality of the source material The advanced machine learning model of this tool is also open source and available for download by anyone ConclusionNginx is one of the most widely used software for serving web content proxying and load balancing However you still need to secure your Nginx consuming web apps from threat actors and malware A solid WAF should be your first layer of defense as they block harmful requests at the application layer In this article you reviewed ModSecurity Nginx App Protect and open appsec based on their active development advanced security features and open source principles ModSecurity is a robust solution that offers an advanced rule engine and an open source codebase But it lacks active development commitments from the vendor In contrast Nginx App Protect is actively being developed and offers intelligent features and CI CD integrations However it doesn t offer any open source edition open appsec is the only WAF in this list that not only is under active development but also offers the solution as open source software These coupled with its advanced ML based threat detection engine make open appsec a viable solution for modern web apps 2022-11-24 21:02:30
Apple AppleInsider - Frontpage News Happy Thanksgiving from AppleInsider https://appleinsider.com/articles/22/11/24/happy-thanksgiving-from-appleinsider?utm_medium=rss Happy Thanksgiving from AppleInsiderWherever you are wherever you ve traveled to happy Thanksgiving from all of us at AppleInsider We re here all day so don t miss all the news and tremendous Apple bargains we re finding for you It s probably too late to recommend flight apps for your iPhone ーalthough if you have to fly back home take a look at Flighty And it s certainly too late for any Thanksgiving recipe app recommendations although Paprika is worth it all year round What it s definitely time for is checking out bargains You can t step outside from your family for six hours while you track down a saving no matter how great it is but you can keep an eye on AppleInsider Read more 2022-11-24 21:59:33
海外TECH Engadget Elon Musk will offer 'amnesty' to banned Twitter accounts amid more layoffs https://www.engadget.com/twitter-engineers-fired-holiday-pay-amnesty-elon-musk-210356513.html?src=rss Elon Musk will offer x amnesty x to banned Twitter accounts amid more layoffsTwitter owner and CEO Elon Musk says a general amnesty for banned accounts will begin next week for those who have not broken the law or engaged in egregious spam He polled users on whether Twitter should offer the amnesty seemingly overlooking the fact that such polls can be easily gamed by bots Over percent of the million votes approved of Musk s amnesty proposal nbsp Musk reinstated Donald Trump s account last weekend after a similar poll Trump has yet to tweet after getting his account back though he has continued to post on his own app Truth Social Late last week Musk restored the accounts of comedian Kathy Griffin who had been needling Musk before her account was suspended right wing provocateur Jordan Peterson and conservative satire website Babylon Bee The people have spoken Amnesty begins next week Vox Populi Vox Dei ーElon Musk elonmusk November The latest twist in the Twitter saga comes a day after the company fired another or so engineers without notice according to reports They were dismissed just after the company started a code review program whereby engineers are asked to submit samples of their work on a weekly basis Dozens of engineers were fired by email the night before Thanksgiving because their “code is not satisfactory according to The Verge s Alex Heath Others received a warning about their performance “Note that not meeting expectations could result in your termination of employment…please use this opportunity to restore our confidence and demonstrate your contributions to the team and company that warning email read The fired engineers were reportedly offered four weeks of severance pay if they sign a separation agreement and waive any claims against Twitter They had remained at the company after Musk laid off around half of the workforce Last week he asked the remaining employees to commit to working at his vision for an extremely hardcore Twitter Those who opted out around of the who were still at the company as of early last week were let go with the promise of three months of severance pay The latest batch of firings occurred just two days after Musk is said to have told employees that layoffs were done and that Twitter is hiring with a focus on people who are great at writing software One of the engineers Twitter turfed out on Wednesday is Ikuhiro Ihara who led the drive to double the tweet character limit to back in Twitter also let go Ying Xiao a senior staff machine learning research scientist who a colleague described to Platfomer s ZoëSchiffer as “the best ML modeler around It appears that some of the fired engineers were on HB visas and now face a race to find a new job if they want to stay in the US One of the people fired Musk s latest purge was Ikuhiro Ihara a highly respected senior software engineer who helped lead the push to expand tweets to characters ーCasey Newton CaseyNewton November Schiffer also reported that Twitter cut holiday pay for its remaining contractors right before a holiday weekend That move came not even two weeks after the company culled thousands of its contractors Musk is said to have slashed perks for employees this week too including daycare allowances home internet costs and training ーeffectively cutting workers compensation packages These measures are part of Musk s intense push to slash costs at Twitter which owes at least billion in annual interest payments on the loans he took out to help buy the company Earlier this week it was reported that Twitter has been stiffing vendors and contractors on payments with some owed millions of dollars in back pay Twitter no longer has a communications department that can be reached for comment Have a great Thanksgiving ️ーElon Musk elonmusk November 2022-11-24 21:03:56
ニュース BBC News - Home Donald Trump sued as New York Adult Survivors Act takes effect https://www.bbc.co.uk/news/world-us-canada-63736485?at_medium=RSS&at_campaign=KARANGA abuse 2022-11-24 21:15:43
ニュース BBC News - Home Kanye West: Adidas investigates after claims of 'toxic' behaviour https://www.bbc.co.uk/news/entertainment-arts-63747492?at_medium=RSS&at_campaign=KARANGA behaviour 2022-11-24 21:45:50
ニュース BBC News - Home Reading Women 3-3 Liverpool Women: Reds still winless after six-goal thriller https://www.bbc.co.uk/sport/football/62784258?at_medium=RSS&at_campaign=KARANGA winless 2022-11-24 21:34:52
ニュース BBC News - Home World Cup 2022: Brazil 2-0 Serbia - Richarlison scores both goals https://www.bbc.co.uk/sport/football/63657471?at_medium=RSS&at_campaign=KARANGA World Cup Brazil Serbia Richarlison scores both goalsRicharlison scores twice including a stunning volley on the turn as five time winners Brazil open their World Cup campaign by beating Serbia 2022-11-24 21:31:00
ビジネス 東洋経済オンライン 「朝から機嫌がいい人」が毎朝2分間だけやること 必要なのは紙とペンだけだから試してみたら? | リーダーシップ・教養・資格・スキル | 東洋経済オンライン https://toyokeizai.net/articles/-/634934?utm_source=rss&utm_medium=http&utm_campaign=link_back 東洋経済オンライン 2022-11-25 06:30:00

コメント

このブログの人気の投稿

投稿時間:2021-06-17 22:08:45 RSSフィード2021-06-17 22:00 分まとめ(2089件)

投稿時間:2021-06-20 02:06:12 RSSフィード2021-06-20 02:00 分まとめ(3871件)

投稿時間:2021-06-17 05:05:34 RSSフィード2021-06-17 05:00 分まとめ(1274件)