Sign in

Your web app is most likely vulnerable to an attack right now. In fact, according to this recent survey, 9 out of 10 web applications were vulnerable to attack in 2019, and 45% of production apps had ‘high risk’ vulnerabilities. That’s a serious number. Luckily, a number of tools are available to help you execute security checks, and many of them can be conveniently automated through your CI/CD run.

In this article, I’ll look at the top 10 security vulnerabilities you should protect against. We’ll look at some tools you can use to check for those vulnerabilities, and how they…


Containers have been around in Linux for years. It a concept where one or more processes are isolated from the rest of the system. The containers have all the files they need to run those processes independent of the system, which is why they have become a commonly used tool for deployments.

They solve a problem that many developers deal with across more systems than just Linux. Containers make it so an application can run consistently on any operating system without worrying about dependency failures and varying configurations. …


With cloud-native applications, there’s always a chance that something could interrupt your services. Maybe a wire gets unplugged and that brings down your server or one of your services loses network connections that you depend on.

These are issues your system doesn’t typically account for in code or infrastructure. You have a way to figure out where some of your system weaknesses are and give those areas extra attention. …


Many engineering teams are making the switch to a DevOps culture. This has a lot to do with the way the software development cycle has changed over the years. It used to take months to implement a new feature, get it through testing, fix any issues, and finally get it to production.

Now that bug fixes and new features need to be delivered to users faster, that same method of getting changes to production doesn’t work well anymore. …


DevOps is supposed to help streamline the process of taking code changes and getting them to production for users to enjoy. But what exactly does it mean for the process to be “streamlined”? One way to answer this is to start measuring metrics.

Why metrics are important to track

Metrics give us a way to make sure our quality stays the same over time because we have numbers and key identifiers to compare against. Without any metrics being measured, you don’t have a way to measure improvements or regressions. You just have to react to them as they come up.

When you know the indicators that…


At some point we’ve all said the words, “But it works on my machine.” It usually happens during testing or when you’re trying to get a new project set up. Sometimes it happens when you pull down changes from an updated branch.

Every machine has different underlying states depending on the operating system, other installed programs, and permissions. Getting a project to run locally could take hours or even days because of weird system issues.

The worst part is that this can also happen in production. If the server is configured differently than what you’re running locally, your changes might…


Intro

When we talk about the way systems or software behave, it’s easy to forget that there are actually people behind them. Everything we interact with online is thought of, built, and maintained by other people like you.

There are project managers, software developers, DevOps engineers, designers, and many more important people involved. It helps to get some perspective on issues that the people in these roles face every day when they’re trying to keep things going for users.

In this round-up, we’ll focus on DevOps engineers. Usually, no one goes to them unless there is something wrong with a deploy…


When you start working on large scale enterprise systems, handling releases can become complex. You’ll have to think about your front-end, microservices, third-party services, and other services. Making sure these things get deployed in the right order and pass integration tests can be tricky once you start working with asynchronous tasks.

That’s why it’s important to have a DevOps process in place to handle all of these services. Choosing the correct tools and executing steps in the right order takes some time and testing, but after you have it set up you won’t have to do nearly as many manual…


In most DevOps settings you’ll find that there are multiple environments in the pipeline. You might have conditions that change the environment based on which branch was merged or when a branch is tagged for release. There are a number of reasons you want to have more than just a production environment, the biggest reason being testing.

Keep in mind that every organization does things slightly different. You might see more environments than the ones covered here or they might not have the same names. The important part is to know what purpose each environment serves. …


Cybersecurity is a big concern for many companies. With data breaches happening more and more as attacks increase in sophistication, teams are looking at all of the options they have to prevent them. Since DevOps has taken root as the standard way to deploy applications to production, it’s worth figuring out how to include security in your CI/CD pipelines.

Background on DevSecOps

There’s already a field dedicated to adding security to your existing DevOps flow called DevSecOps. Instead of waiting until the end of the process to run security checks, like in the Waterfall method, you include them throughout the different run stages…

Milecia

Starting classes soon! | Software/Hardware Engineer | International tech speaker | Random inventor and slightly mad scientist with extra sauce

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store