As applications and infrastructures become more complex and distributed, threat modeling has transformed into a continuous, integral part of modern DevSecOps. This post revisits threat modeling fundamentals and introduces the latest standards, methodologies, and technologies shaping this critical discipline today.
This is the first podcast on this channel
This is the second podcast on this channel
The twelve-factor app principles are a collection of best practices for building microservices-based cloud-native applications. These applications are modular, scalable, and agile. They are designed to perform at web scale and provide high resiliency.
The Reactive Manifesto describes how to design and architect Reactive systems according to your needs.Systems built as Reactive Systems are more Reliable, flexible, loosely coupled, scalable and resilient. This makes them easier to develop and amenable to change. Reactive systems are more tolerant of failure and when failure does occur, they meet it with elegance rather than disaster.
In a world increasingly reliant on digital infrastructure, security is no longer a static state but a continuous process. Reactive security is a gamble no organization can afford. Proactive defense is paramount, and threat modeling stands as a crucial first line of defense. Threat modeling provides a structured approach to proactively identify and mitigate security risks. It’s about stepping into the mindset of an attacker, systematically examining your systems—whether a complex application, a sprawling network, or a cloud deployment—to pinpoint potential weaknesses. Threat modeling uncovers potential vulnerabilities, maps likely attack paths, and empowers teams to fortify their defenses preemptively. This process involves visualizing attack vectors, assessing potential impact, and prioritizing mitigation efforts. More than a mere checklist, it’s a dynamic process that blends analytical rigor with creative foresight, enabling you to anticipate and mitigate threats before they materialize. ...
Cross-Origin Resource Sharing or CORS is a mechanism that enables a web browser to perform cross-domain requests. Cross-domain requests are HTTP requests for resources hosted on a different domain than the domain of the resource making the request.
Richardson’s Maturity Model breaks down the journey towards building a truly RESTful API into levels, each adding more constraints and adhering more closely to REST principles.
REST API’s have a very rich vocabulary to communicate a variety of statuses and results. The verbs put, post, update, get and others are used to indicate the action that must be performed. The status indicate the result of the actions performed by the verbs.