Explain complex systems using visuals and simple terms. Help you prepare for system design interviews. - GitHub - ByteByteGoHq/system-design-101: Explain complex systems using visuals and simple te...

One of the best practices around development environment is to have one large Kubernetes cluster in a multi-tenant mode for your developers. This brings in cost saving specially when you have many small teams divided along the lines of microservices. Before we dive into understanding how we can setup a cluster in a multi-tenant mode, […]

Purple Academy by Picus provides free cybersecurity courses around Red, Blue and Purple Teaming topics. Successful students earn certificates and CPE credits.

Checklist of security precautions for Ruby on Rails applications. - GitHub - SecZetta/secure-coding-standards: Checklist of security precautions for Ruby on Rails applications.

Security Guide for Developers (实用性开发人员安全须知). Contribute to FallibleInc/security-guide-for-developers development by creating an account on GitHub.

The biggest Privacy Resource list you can find on the Internet.

53 votes and 49 comments so far on Reddit

Docker has revolutionized the way we package and deploy software to the cloud. However, when it comes to securing our applications, we have many of the same old challenges. How do we know the software we’re running is secure? When new vulnerabilities come up, how can we roll out fixes quickly, and without service interruptions? In this talk we’ll talk about Google’s approach to securing your build pipeline, detecting vulnerabilities in production, and, of course, methods to prevent vulnerabilities from ever getting there. SEC208 Event schedule → http://g.co/next18 Watch more Security sessions here → http://bit.ly/2zJTZml Next ‘18 All Sessions playlist → http://bit.ly/Allsessions Subscribe to the Google Cloud channel! → http://bit.ly/NextSub re_ty: Publish; product: Cloud - General; fullname: Justin Beckwith; event: Google Cloud Next 2018;

Architectural diagrams can be useful tools for documenting and communicating the design of a system. They must be self descriptive, consistent, accurate enough and connected to the code. Applying some guidelines can ensure the diagrams are useful to a variety of stakeholders.

Deploy-time security control that uses signature validation to ensure only trusted container images are deployed to Google Kubernetes Engine.

Split DNS returns different results depending on the source IP. It's commonly promoted as significant security measure for internal resources, for limiting enumeration and discovery. I've had many

So, you plan to sell your startup’s product to big companies one day. Congratu-dolences! Really, that’s probably the only reason you should care about this article. If that’s not you, go forth and live your life! We’ll ask no more of your time. For the rest of you: Industry people talk about SOC2 a lot, and it’s taken on a quasi-mystical status, not least because it’s the product of the quasi-mystical accounting industry.

Adventures in Kubernetes

Author: Andrew Martin (ControlPlane) Kubernetes security has come a long way since the project's inception, but still contains some gotchas. Starting with the control plane, building up through workload and network security, and finishing with a projection into the future of security, here is a list of handy tips to help harden your clusters and increase their resilience if compromised. Part One: The Control Plane 1. TLS Everywhere 2. Enable RBAC with Least Privilege, Disable ABAC, and Monitor Logs 3.

So you built a cluster. Maybe you have some apps deployed. You’re sold on this whole Kubernetes thing. Now what do you do?

By Connor Gilbert, product manager at StackRox Last month, the Kubernetes ecosystem was shaken by the discovery of the first major security flaw in Kubernetes, the world’s most popular container…

The container orchestrator war is over, and Kubernetes has won. With companies large and small rapidly adopting the platform, security has emerged as an important concern – partly because of the learning curve inherent in understanding any new infrastructure, and partly because of recently announced vulnerabilities.

This document covers topics related to protecting a cluster from accidental or malicious access and provides recommendations on overall security. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:

Discover reference architectures, diagrams, design patterns, guidance, and best practices for building or migrating your workloads on Google Cloud.

This article introduces the most common techniques and patterns to build and operate a highly available microservices architecture.

Code and technology musings by Orr Sella