Sat through the OWASP Top 10 training this Thursday. What's sad is how little heart & soul today's devs put into their work. Simple, assumed items like security fail to make it in the appa they build simply b/c they are told to do it. When interviewing devs, understanding their development philosophies are critical to know the way they code. Without knowing their personal coding integrity, you're risking a lot. Thank you Troy Hunt for bring more exposure to security and its i mportance.
Popular posts from this blog
Running a NodeJS / Express / PM2 PM2 basically deamonizes node express... and when new files are uploaded need to run "pm2 restart" A TeamCity plugin to ssh and run the above command is a must, and I can't seem to find one that exists. I wrote a simple PowerShell script to execute PLink (from Putty) but will fail if the host thumbprint isnt already in the list of cached entries. Plink does provide means to enter the location of the private key file, but another/better solution ahould be used. Follow-up: The TeamCity plug-in "Deployment" or "Deployer" contains this SSH Exec build runner... and a few others on the team are using it in their own projects. It really is a time/life saver.
Off-loading steps from TeamCity to Octopus... aka: right tool for the job. After almost daily use of Octopus, I'm finding it to be indispencable (sp), but still nowhere near as mature as TCity. Paul and his team are very active on the project and I'm glad to have convinced our company to purchase the 60 nodes/$2k version of Octopus. One disappointment is that a Slack step keeps failing to use Slack's API, failing the deployment... causing my team to look no so good, at a critical time in the formation of it. Now, I had to change all Slack notifications to be sent from TeamCity. Really nbd... but still a PITA. Octopus is now executing PM2 Delete & Start on each deployment (vs. relying on the --watch switch)... this solves several problems for managing the app environment, but I still need to take it a step further by assuming nothing is installed on the Linux instance -- leads to SALT perhaps. The above addition allows for changes to be made on an environment agnostic l