When Docker first appeared, it was loved for the slogan: “Build once, run anywhere”. Developers stopped hearing the phrase “it works on my machine, but not on the server.” But along with convenience came a new threat.
A container is not just your application. It’s a whole mini-operating system (OS) with its own libraries, utilities, and system calls. And if you don’t look after that OS, you leave hackers with a huge door wide open.
Read moreImagine you are building a house. You designed the walls yourself, checked every brick, and made sure you didn’t leave the keys in the lock. But what if the concrete you bought from a third-party supplier starts crumbling over time? Or the finished window frames you installed have hidden defects?
In modern development the situation is exactly the same. The average application today is 80–90% made up of Open Source libraries. You write only a small portion of the code (the tip of the iceberg) that orchestrates a huge mass of someone else’s code hidden “under the water”.
Read moreHave you ever wondered how experienced programmers find bugs in someone else’s code just by looking at it? They look for patterns. They know that if user data goes straight into an SQL query — that’s bad. If a password is compared with a plain == instead of a secure function — that’s a risk.
But a person can’t review 100,000 lines of code without missing something. This is where SAST (Static Application Security Testing) comes in.
Read moreImagine this scenario: you’ve been working on a cool project all night. By 4 a.m. everything is ready, you do a final git push and go to sleep with a clear conscience. In the morning you find your AWS balance is zero and a miner is running on your servers. What happened? It turns out you left a line in one of the files: AWS_ACCESS_KEY_ID = "AKIA...".
This is a classic mistake thousands of developers have made. In this article we’ll look at why “just deleting the password” won’t help and how to set up automatic protection that will physically prevent you from making the mistake.
Read moreThanks to Let’s Encrypt HTTPS has become the standard for the entire internet. This project made it possible for any site administrator to get a free SSL certificate in just a few commands. But other players have appeared on the market, offering more convenience, integrations, and flexibility.
If you want to try something besides Let’s Encrypt — below is an overview of the most reliable and popular alternatives.
ZeroSSL (Austria) — the main competitor to Let’s Encrypt. It is fully compatible with the same ACME protocol, but emphasizes convenience.
Read more