TL;DR style notes from articles I read today.
How to avoid data breaches in the cloud
- Draft a good data loss prevention (DLP) policy. Build a solution against breaches as well as unauthorized extraction & deletion.
- Implement encryption in transit as well as at rest: TLS/SSL connections are a must, as are IPsec VPN tunnels.
- Deploy your own advanced network monitoring tools. Use intruder detection tools to watch your entire ecosystem of applications.
- Beware of a too-complicated ecosystem. Its layers can create blind spots.
- Consider using API-based cloud access security brokers (CASBs).
- Use micro-segmentation to restrict access privileges to those who need them, for only the timeframe they need them and only to the level of access they need.
Full post here, 4 mins read
Security assessment techniques for Go projects
- Static analysis tools like gosec, go-vet, and staticcheck can help catch low hanging fruits not included in compiler errors & warnings.
- Dynamic analysis techniques like fuzzing, property testing & fault injection should be used for deeper results.
- Dynamic testing tools like dvyukov/go-fuzz let you quickly & effectively implement mutational fuzzing.
- google/gofuzz can help by initializing structures with random value.
- For property testing, the leanovate/gopter framework addresses the shortcomings of other testers.
- The build directives of the compiler can be used to perform name linking, and avoid renaming while getting testable access to desired functions.
Full post here, 15 mins read
Scalability problems: Hidden challenges of growing a system
- Two main challenges of scaling distributed systems: centralization and synchronization.
- When one node has too much control, the main source’s capacity/capability limits the entire system in terms of resources it can handle or users it can serve.
- When scaling up, the system can run into computational limitations, storage limitations, and network limitations.
- Synchronous communication over a WAN is not only slower, but also less reliable compared to a LAN.
- Synchronous communication across larger geographies can be an obstacle to scaling.
Full post here, 8 mins read