The Weekly Dev - 202213
Running your code, secure and at scale
It takes a lot of work, to build code that is theoretically able to scale globally, and apparently it takes much less to take it down, if you're not up-to-date with the latest threats and related mitigations, if only from a technical point of view.
That is - of course - only part of the story, but one we're deeply in.
API development
A funny story, by its own means:
CORS is not meant to secure an API endpoint
Source: nikofischer.com
"A microservice application with an uptime percentage of 99.9% can be considered highly available, but a downtime of 0.1% quickly becomes pronounced as volumes increases. Per 1000 requests, there might be only one failure, but per million requests? That’s 1000 failures."
How to Design Reliable Microservices
Source: levelup.gitconnected.com
Data-Intensive Systems
"It shares some of the same goals of programs like launchd, daemontools, and runit. Unlike some of these programs, it is not meant to be run as a substitute for init as “process id 1”. Instead it is meant to be used to control processes related to a project or a customer, and is meant to start like any other program at boot time." Supervisor: A Process Control System
Source: supervisord.org
Approaches to Migrate SQL Applications to Apache Cassandra
Source: thenewstack.io
Boring Security
Some useful information about Security Headers in your web application.
Source: securityheaders.com
Mostly in line with the infos on OWASP website: OWASP Secure Headers Project
Source: owasp.org
Also very valuable if you want to check the headers by yourself on the command line with this project:
Source: github.com/riramar
[api] [security] [git] [cassandra]