This is an external third-party advertising publication.
Read full article →What Challenges To Overcome with the Help of Automated e2e Testing?
Dangerous developments: An overview of vulnerabilities in coding services
Development and workflow management tools represent an entire class of programs whose vulnerabilities and misconfigs can turn into a real trouble for a company using such software. For a pentester, knowledge of these bugs is a way to successful exploitation; while for an admin, it’s a great opportunity to enhance the protection. This article discusses vulnerabilities discovered in Jira, Confluence, Asana, Docker, GitLab, and other similar products.
Read full article →The beginning of Nginx. Igor Sysoev tells the story of the renowned web server
On December 12, 2019, a surprise search was conducted in the Moscow office of Nginx, Inc. Igor Ippolitov, an engineer at Nginx, was the first to inform the public of it in his Twitter. The original tweet was removed shortly after the publication (Ippolitov was ‘kindly asked’ to do so), but other users have saved it and published photos of the search warrant.
Boost your Nmap! Empowering iconic network scanner with NSE scripts
Nmap is an iconic scanner broadly used by hackers, and many of them are wondering how to expand its capacity. In most cases, Nmap is used in combination with other software tools. In this article, I’ll explain how to use it together with your favorite utilities. After all, it is much easier to push a button and get the result rather then endlessly repeat the same sequence. Nmap scripts enable hackers to hack networks in a more automated way and help system administrators identify and eliminate built-in vulnerabilities in their protected perimeters.
Tempesta FW, a handfull firewall against DDoS attacks
Open source tools for protection against DDoS (IPS), such as, Snort, are based on DPI, that is, they analyze the entire protocol stack. However, they cannot control the opening and closing of TCP connections, since they are too high in the network stack of Linux and represent neither server nor client side. This allows to bypass IPS data. Proxy servers are also involved in establishing the connection, but they cannot protect against major DDoS attacks, because they are relatively slow, as they work based on the same principle as the server. For them, it is desirable to use the equipment which, despite being not as good as the one for the back end, can withstand heavy loads.
This is GameDev, baby! Interview with developers of World of Tanks
Facts
Philip Kucheryavy, Software Engineer in the Operations Team
- He is 24 and has a beard
- In love with Linux and Python
- Paranoiac
- Has no diploma of higher education
- http://github.com/Friz-zy
Using synctool for server configuration management
*nix systems are by default provided with remote management tools, while the method of storing and format of configuration files allows you to rapidly distribute the updated version of settings by simply copying them to the node. This scheme will be good enough for up to a certain number of systems. However, when there are several dozens of servers, they cannot be handled without a special tool. This is when it becomes interesting to have a look at configuration management systems that allow a programmable rather than manual configuration of servers. As a result, the systems can be configured quickly and with fewer errors while the administrator will get the comprehensive report. Also, a CM system knows how to keep track of all changes in the server while supporting the desired configuration.
