• Home
    • Phil-Wilkins.uk
  • About
    • Presenting Activities
    • http://phil-wilkins.uk/
    • LinkedIn
  • Books & Publications
    • Logging in Action with Fluentd, Kubernetes and More
      • Logging in Action with Fluentd – Book
      • Fluentd Book Resources
      • Log Generator
    • API & API Platform
      • API Useful Resources
    • Oracle Integration
      • Book Website
      • Useful Reading Sources
  • Resources
    • GitHub
    • Mindmaps Index
    • Patterns Sources
    • Oracle Integration Site

Phil (aka MP3Monster)'s Blog

~ from Technology to Music

Phil (aka MP3Monster)'s Blog

Monthly Archives: June 2019

Mastering Distributed Tracing – book review

29 Saturday Jun 2019

Posted by mp3monster in Books, FluentD, General, Technology

≈ 4 Comments

Tags

CNCF, Jaeger, monitoring, open tracing, Tracing

So recently we have been working on ‘knowing what I don’t know’ when it comes to Open Tracing and how such tech may intersect with traditional logging and the use of FluentD.

As part of that, I have read the Packt book Mastering Distributed Tracing written by Yuri Shkuro who has been key in the OpenTracing API and Jaeger and is the technical lead for Uber’s tracing team.

Whilst I have a good relationship with Packt, the fact they published the book is pretty much coincidental.

Understanding tracing over traditional logging is very important when moving into the world of microservices and reactive frameworks such as Node.js where threads are picked up and put down, you don’t know where and when the next service in a solution will pick up the next related activity. When you add to this solutions are more polyglot than ever – not only in the sense of different languages that may be used but a more diverse source of middle features e.g. historically you’d probably use JMS based messaging if you’re a Java developer and MSMQ for .net. Now you may be using AWS SNS as easily as Kafka. This means the mechanisms for passing and tracing events through these services need to be more unifying than ever.

Complexity of Observability

Continue reading →

Popping Up on the Net and more

28 Friday Jun 2019

Posted by mp3monster in APIs & microservices, Books, Dev Meetup, development, General, Oracle, Packt, Technology

≈ Leave a comment

Tags

API, blog, books, developer, interview, meetup, Oracle

It’s been a quiet month for this blog, but I’ve been pretty busy with a raft of other activities…

  • a recent article on our sister site – oracle-integration.cloud on  RPA.
  • I also appear in an interview with K21 Academy here.
  • 4186btedcpl._sx403_bo1204203200_Reviewing a new book on Enterprise API Management for Packt which we would very highly recommend if you want to understand the more Enterprise perspectives of adopting APIs, particularly if you’re considering APIs as a potential new revenue stream.
  • UK Oracle User Group committees for TechFest (having been reviewing the paper submissions it looks like it’s going to be an excellent conference in December) and Southern Summit (next week).
  • Just launched a number of sessions for the Oracle London Developer Meetup, with another to be announced soon (Blockchain) and potentially two more before the end of the year (we’re working on the speakers now).
ch-1
meetup-monitoring

 

API Security

01 Saturday Jun 2019

Posted by mp3monster in API Platform CS, APIs & microservices, General, Oracle, Technology

≈ Leave a comment

Tags

API, API Platform, api Security.io, Owasp, pen testing, SANS, Security

I’ve started to subscribe to the APISecurity.io newsletter. The newsletter includes the analysis of recent API based security breaches along with other useful API related news. Some of the details of the breaches make for interesting reading and provide some good examples of what not to do. It is rather surprising how regularly the lack of the application of good practises is, including:

  • Checking the payload is valid to the definition,
  • Checking the payload size to ensure it is in the expected bounds,
  • Use strong typing on the content received it will help validate the content and limit the chances of poisonous content like injected SQL,
  • owaspEnsuring the API has mitigation’s against the classic OWASP Top 10 – SQL Injection, poor authentication implementation.

More broadly, we see that people will recognise the need for applying penetration testing, and look to external organisations to perform the testing, when such work is commissioned the understanding of what the pen tester does is not understood by those logocommissioning the tests (SANS paper of security scoping), therefore know whether all the risks are checked. When you add to that, the temptation to keep such costs down resulting in the service provider not necessarily probing your APIs to the fullest extent. Not all penetration test services are equal, so simply working to a budget isn’t wise, yes there is a need for pragmatism, but only when you understand the cost/risk trade-off.

But also remember application logic and API definitions and the security controls in place change over time as do the discovery of new vulnerabilities on the stack you’re using, along with evolving compliance requirements. All meaning that a penetration test at the initial go-live is not enough and should be an inherent part of an APIs lifecycle.

cloudgs_apimgrWhen it comes to payload checks etc, products like Oracle’s API Platform make it easy to realise or provide out of the box checks for factors such as size limits, implementing payload checks, so better to use them.

If you ever need to be reminded that of why best practises are needed and should be implemented; a mindset of when not if a breach will happen will ensure you’re prepared and the teams are motivated to put the good practises in.

Oracle Ace Director

TOGAF 9

Logging in Action

Oracle Cloud Integration Book

API Platform Book

Oracle Dev Meetup London

Categories

  • App Ideas
  • Books
    • Book Reviews
    • manning
    • Oracle Press
    • Packt
  • Enterprise architecture
  • General
    • economy
    • LinkedIn
    • Website
  • Music
    • Music Resources
    • Music Reviews
  • Photography
  • Technology
    • APIs & microservices
    • chatbots
    • Cloud
    • Dev Meetup
    • development
    • drone
    • FluentD
    • mindmap
    • OMESA
    • Oracle
      • API Platform CS
        • tools
      • Helidon
      • ITSO & OEAF
      • Java Cloud
      • NodeJS Cloud
      • OIC – ICS
    • TOGAF
    • UKOUG
  • xxRetired

Twitter

  • Deal of the Day March 1: Half off my book @ManningBooks Logging in Action and selected titles: bit.ly/3uDEk0fNext Tweet: 1 day ago
  • #LoggingInAction #MEAP has a new chapter available now. 2 more chapters in the editorial process as well covering… twitter.com/i/web/status/1…Next Tweet: 2 days ago
  • Oracle's new generation of hospitality system with its strong out of the box API enablement is looking to be a sign… twitter.com/i/web/status/1…Next Tweet: 4 days ago
  • So is this cloud edge, Hybrid cloud, or a C21 take on hardware leasing? It is certainly innovative and taking Oracl… twitter.com/i/web/status/1…Next Tweet: 4 days ago
  • RT @confluentinc: Learn how to take full advantage of Apache Kafka®, understand how it works, and how it’s designed with this comprehensive…Next Tweet: 5 days ago
Follow @mp3monster

OraWorld

OraWorld

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 571 other followers

Blogs I Follow

  • Rick's blog
  • A journey in development
  • Phil (aka MP3Monster)'s Blog
  • RedThunder.Blog
  • A millennial's musings
  • Shalindra's Blogs
  • BTplusMore
  • Creativenauts
  • PaaS Community Blog
  • RedStack
  • Musings of an Enterprise Software Technologist
  • The Open Group Blog
  • SutoCom Solutions
  • Rob's Wall Of Music
  • DataCentricSec.com
  • A World of Events

My Other Web Content & Contributions

  • All My Links
  • Amazon Author entry
  • API Platform
  • Dev Meetup (co-managed)
  • Fluentd Book
  • http://phil-wilkins.uk/
  • ICS Book Website
  • Mindmaps
  • Monster's Photos
  • my Capgemini Profile
  • OMESA
  • Oracle Community Directory
  • Packt Author Bio

RSS

RSS Feed RSS - Posts

RSS Feed RSS - Comments

Calendar

June 2019
M T W T F S S
 12
3456789
10111213141516
17181920212223
24252627282930
« May   Jul »

Other Pages

  • About
    • Presenting Activities
  • Books & Publications
    • API & API Platform
      • API Useful Resources
      • Useful Reading Sources
    • Logging in Action with Fluentd, Kubernetes and More
    • Oracle Integration
  • Mindmaps Index
    • Patterns Sources

Speaker Recognition

Open Source Summit Speaker

Flickr Pics

UKOUG volunteersBrightonBrightonBrighton
More Photos

History

Goodreads

OraNA

Aggregated by OraNA

Blogroll

  • A Journey in Development
  • A Neate Blog
  • Blog by Robert van Mölken (co-author on ICS book)
  • Exigency In Specie
  • Ora World
  • SOA4U

Social

  • View @mp3monster’s profile on Twitter
Follow Phil (aka MP3Monster)'s Blog on WordPress.com

Tags

6 Music Aaron Woody Ace AIA album Ansible API apiary API Platform applications article BBC Big Data blog book books Capgemini cd CEP Cloud code concert conference data Design developer development download ebook enterprise FluentD free fusion Good Morning Nantwich Groovy Helidon integration java JBoss jBPM London Luis Weir meetup Microservices mindmap monitoring Music OIC OIC - ICS OOW Oracle Oracle Press OTN PaaS Packt Packt Publishing Patterns Phill Jupitus playlist podcast Presentation promotion Puppet reading Redhat review Security SeeWhy SOA SOA Suite software Technology TOGAF UKOUG video

Blog at WordPress.com.

Rick's blog

End-to-End OIC to SAP integration

A journey in development

A blog-post by blog-post journey of a ERP Cloud Solutions Degree Apprentice

Phil (aka MP3Monster)'s Blog

from Technology to Music

RedThunder.Blog

Demystifying cloud technologies...

A millennial's musings

Shalindra's Blogs

Technofunctional Blogs

BTplusMore

Business, Technology and more

Creativenauts

Personal, design, inspiration, interests.

PaaS Community Blog

by Jürgen Kress

RedStack

Oracle Cloud Stuff

Musings of an Enterprise Software Technologist

My thoughts on Enterprise Software Technologies...and more.

The Open Group Blog

Achieving business objectives through technology standards

SutoCom Solutions

Success & Satisfaction with the Cloud

Rob's Wall Of Music

Thoughts of a lifelong music hoarder...

DataCentricSec.com

A World of Events

A Blog for Event and Data Analytics

Cancel

You must be logged in to post a comment.

Loading Comments...
Comment
    ×
    Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
    To find out more, including how to control cookies, see here: Our Cookie Policy