Showing posts from October, 2017

Serverless Python Web Services

Zappa makes it super easy to build and deploy server-less, event-driven Python applications (including, but not limited to, WSGI web apps) on AWS Lambda + API Gateway. Think of it as "serverless" web hosting for your Python apps. That means infinite scaling, zero downtime, zero maintenance - and at a fraction of the cost of your current deployments!

Microservices are hard — an invaluable guide to microservices.

Nice article I came across this evening here  by Joey Clover, Technical Co-founder @ TabbDrink Tools covered for microservice management are Containers (Docker) Orchestration (Kubernetes) Management (Forge) Api Gateway / Canary (Ambassador) Edge Proxy (Envoy) Monitoring (Prometheus) Local Testing (Telepresence) I love this diagram

FIGO Banking API is the first Banking-as-a-Service in Europe. It enables access to every financial services provider through one API. With the figo Banking API, we can query a bank account, the history of transactions, and the submission of payments. Authentication is available via OAuth2. Formats in JSON and REST allow to request and receive responses to retrieve bank accounts, modify bank accounts, and remove a PIN number from the server. Below is a library of microservices written in GO that will allow you interact with the FIGO API.  Before you begin you will need to obtain a client ID / token ID from FIGO. There is a development version available. 1. Install pre-reqs go get go get ....more to post

Microservices and Secrets management - How to comply with security must-dos

Very nice and concise article with respect to secret management and what you need to consider when building microservices to meet with security requirements Microservices and Secrets management - How to comply with security must-dos The article highlights the following must-dos when considering a solution for secret management as part of your overall microservices deployment architecture Secure storage of various type of secrets (API Token, Keys, Certificates, username & passwords) Reliable API based access to secrets Dynamic secret distribution for automated encryption and authentication of keys Full Audit of access to secrets. Multi-level role based access to secrets Centralized revocation of secrets and redistribution

OWASP Zed Attack Proxy (ZAP) Project

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing

Terraform Module for VictorOps Alerts

My first attempt at a basic terraform module written in GO to interface with VictorOps thorugh the VOPS API resource_alerts.go This is rough, just to connect the terraform module to generate an alert in VictorOps Need to clean up the passing of parameters from the instead of hard coding in GO But this is easy enough package main import ( ""   "bytes"   "encoding/json"   "net/http"   "io/ioutil" ) type VictoropsAlerts struct { Code int `json:"code"` Message string `json:"message"` Data struct { MessageType       string `json:"message_type"` EntityID          string `json:"entity_id"` EntityDisplayName string `json:"entity_display_name"` StateMessage      string `json:"state_message"` } `json:"data"` } package main import ( "

Terraform Locking State in S3

Terraform, as of v0.9, offers locking remote state management. To get it up and running in AWS create a terraform s3 backend, an s3 bucket and a dynamDB table. For full details check out this blog post