Sat through the OWASP Top 10 training this Thursday. What's sad is how little heart & soul today's devs put into their work. Simple, assumed items like security fail to make it in the appa they build simply b/c they are told to do it. When interviewing devs, understanding their development philosophies are critical to know the way they code. Without knowing their personal coding integrity, you're risking a lot. Thank you Troy Hunt for bring more exposure to security and its i mportance.
Showing posts from 2016
- Other Apps
Off-loading steps from TeamCity to Octopus... aka: right tool for the job. After almost daily use of Octopus, I'm finding it to be indispencable (sp), but still nowhere near as mature as TCity. Paul and his team are very active on the project and I'm glad to have convinced our company to purchase the 60 nodes/$2k version of Octopus. One disappointment is that a Slack step keeps failing to use Slack's API, failing the deployment... causing my team to look no so good, at a critical time in the formation of it. Now, I had to change all Slack notifications to be sent from TeamCity. Really nbd... but still a PITA. Octopus is now executing PM2 Delete & Start on each deployment (vs. relying on the --watch switch)... this solves several problems for managing the app environment, but I still need to take it a step further by assuming nothing is installed on the Linux instance -- leads to SALT perhaps. The above addition allows for changes to be made on an environment agnostic l
- Other Apps
Recent changes to the project now have it completely running under Node/Express/PM2. Details of the change(s) should be posted on the project's WIKI, but I thought it important enough to share what I've learned. This link was very helpful to get started. When adding the application to PM2, the following line is used to register/start the application: (THIS ONLY NEEDS TO BE RUN ONCE. There is an entry in /etc/init.d that will run the PM2 Daemon on server startup) pm2 start server/app.js –u app-www --watch --name app -- --app http://################### Let's break it down (now): "pm2" : The name of the cool Node Management platform that "on-the-fly" devotes resources to the given apps. "start" : Creates a new application "server/app.js" : The location of the main application .js "-u app-www" : The user to run under. We don't want PM2 to run as ROOT for security purposes, especially on port 80 or 443. "-