No Image

NGINX Announces Eight Solutions that Let Developers Run Safely with Scissors

2020-09-16 KENNETH 0

NGINX Announces Eight Solutions that Let Developers Run Safely with Scissors Technology is hard. As technologists, I think we like it that way. It’s built‑in job security, right? Well, unfortunately, the modern application world has become unproductively hard. We need to make it easier. That’s why I like describing the current developer paradox as the need to run safely with scissors. NGINX Balances Developer Choice with Infrastructure Guardrails Running with scissors is a simple metaphor for what is the admittedly difficult ask we make of software engineers. Developers need to run. Time to market and feature velocity are critical to the success of digital businesses. As a result, we don’t want to encumber developers with processes or technology choices that slow them down. Instead we empower them to pick tools and stacks that let them deliver code to customers as [ more… ]

No Image

The Essence of Sprint is Speed

2020-09-16 KENNETH 0

The Essence of Sprint is Speed We’re living in interesting, albeit challenging, times. This year set a new standard for change that saw both our professional and personal lives transformed almost overnight. The global pandemic has fueled a radical departure from established initiatives, bringing the rate at which businesses are able to adapt and respond even more sharply into focus. The message is clear: Speed will be key for modern organizations that not only want to survive – but thrive – in the future. Digital Is Table Stakes – Speed Is the Differentiator At this point, it’s fair to say that every business is a digital business. Going digital is no longer an option, but a critical factor to meeting consumer expectations. But beyond simply delivering digital services and goods, companies have to ensure they give customers a great experience. Today’s consumers [ more… ]

No Image

Addressing a DoS Vulnerability (CVE-2020-15598) in ModSecurity

2020-09-15 KENNETH 0

Addressing a DoS Vulnerability (CVE-2020-15598) in ModSecurity On 14 September 2020, the OWASP ModSecurity Core Rule Set (CRS) team published details of a vulnerability in ModSecurity. The vulnerability has been assigned the identifier CVE-2020-15598, but details have not been published as of this writing. The nature of the issue is disputed by Trustwave, the maintainer of the ModSecurity project, who has proposed mitigations for the problematic behavior. The issue can affect the NGINX Plus ModSecurity module, which is based on the current ModSecurity 3.0.4 release. The NGINX team at F5 worked with the reporter and have validated and applied their recommended update to recent releases of the NGINX Plus ModSecurity module (for NGINX Plus R20, R21, and R22). For more details on the issue, please refer to the following resources: OWASP CRS team: CVE-2020-15598 – ModSecurity v3 Affected By DoS (Severity HIGH) Trustwave: ModSecurity, [ more… ]

Deploying Application Services in Kubernetes, Part 1

2020-09-09 KENNETH 0

Deploying Application Services in Kubernetes, Part 1 If we’ve observed just one change that has come with the growth of Kubernetes and cloud‑native architectures, it’s that DevOps teams and application owners are taking more direct control over how their applications are deployed, managed, and delivered. Modern applications benefit from an increasingly sophisticated set of supporting “application services” to ensure their successful operation in production. The separation between the application and its supporting services has become blurred, and DevOps engineers are discovering that they need to influence or own these services. Let’s look at a couple of specific examples: Canary and blue‑green deployments – DevOps teams are pushing applications into production, sometimes multiple times per day. They actively use the traffic‑steering capabilities of the load balancer or application delivery controller (ADC) to validate new application instances with small quantities of traffic before [ more… ]

Best Practices for Managing Internal APIs

2020-09-03 KENNETH 0

Best Practices for Managing Internal APIs Some consumer‑facing APIs are so widespread they’ve become household names – think Google Maps and Stripe – but internal APIs are the real powerhouse of the API economy. Internal APIs – by which we mean APIs exposed only to clients and developers within an organization – are a key pillar for an enterprise’s digital transformation efforts. Building internal APIs is usually the first step in the development of digital products and services. In fact, according to IDC’s recent survey, APIs – The Determining Agents Between Success or Failure of Digital Business, supporting internal integration of applications and products is one of the top priorities for API development initiatives in enterprises. Why are internal APIs important? What are the benefits of internal APIs? And crucially, what’s the most optimal architecture to manage them? This blog addresses these questions to help [ more… ]