Sunday, April 24, 2016

OWASP Training @ PluralSight

Sat through the OWASP Top 10 training this Thursday. What's sad is how little heart & soul today's devs put into their work. Simple, assumed items like security fail to make it in the appa they build simply b/c they are told to do it. 

When interviewing devs, understanding their development philosophies are critical to know the way they code. Without knowing their personal coding integrity, you're risking a lot.

Thank you Troy Hunt for bring more exposure to security and its importance.

Further use of Octopus Deploy

 Off-loading steps from TeamCity to Octopus... aka: right tool for the job.

After almost daily use of Octopus, I'm finding it to be indispencable (sp), but still nowhere near as mature as TCity. Paul and his team are very active on the project and I'm glad to have convinced our company to purchase the 60 nodes/$2k version of Octopus.

One disappointment is that a Slack step keeps failing to use Slack's API, failing the deployment... causing my team to look no so good, at a critical time in the formation of it. Now, I had to change all Slack notifications to be sent from TeamCity. Really nbd... but still a PITA.

Octopus is now executing PM2 Delete & Start on each deployment (vs. relying on the --watch switch)... this solves several problems for managing the app environment, but I still need to take it a step further by assuming nothing is installed on the Linux instance -- leads to SALT perhaps.

The above addition allows for changes to be made on an environment agnostic level... the Octopus changes also updated to allow for dynamic args to be sent to "start" per environment -- which is great for the devs and testing.

One note: When using bash scripts, Octopus has a difficult time deciphering encrypted Octopus variables... but no trouble when transforming files (during deployment).