• Home
    • Phil-Wilkins.uk
  • About
    • Presenting Activities
    • http://phil-wilkins.uk/
    • LinkedIn
  • Books & Publications
    • Logging in Action with Fluentd, Kubernetes and More
      • Logging in Action with Fluentd – Book
      • Fluentd Book Resources
      • Log Generator
    • API & API Platform
      • API Useful Resources
    • Oracle Integration
      • Book Website
      • Useful Reading Sources
  • Resources
    • GitHub
    • Mindmaps Index
    • Patterns Sources
    • Oracle Integration Site

Phil (aka MP3Monster)'s Blog

~ from Technology to Music

Phil (aka MP3Monster)'s Blog

Tag Archives: software

Security Vulnerabilities in Solution Deployment

04 Saturday Jan 2020

Posted by mp3monster in development, General, Technology

≈ Leave a comment

Tags

CNCF, deployment, Oracle, Owasp, Security, software, TUF, update framework, updating

To varying degrees, most techies are aware of the security vulnerabilities identified in the OWASP Top 10 (SQL Injection, trying to homebrew Identity management etc), although I still sometimes have conversations where I feel the need to get the yellow or red card out. But the bottom line is that these risks are perhaps more appreciated because it is easier to understand external entities attacking seeking direct attacks to disrupt or access information. But there are often subtler and at least more costly to repair attacks such as internal attacks and indirect attacks such as compromising software deployment mechanisms.

This, later attack Is not a new risk, as you can see from the following links, been recognised by the security community for some time (you can find academic papers going back 10+ years looking at the security risks for Yum and RPM for example).

  • Survivable Key Compromise in Software Update Systems
  • Consequences of Insecure Software Updates
  • Attacks on Package Manager
  • The Problem of Package Manager Trust

But software is becoming ever more pervasive, we’re more aware than ever that maintaining software to the latest releases means that known vulnerabilities are closed. As a result, we have seen a proliferation in mechanisms to recognise the need to update and deploying updates. 10 years ago, updating frameworks where typically small in number and linked to vendors who could/had to invest in making the mechanisms as a secure as possible – think Microsoft, Red Hat. However we have seen this proliferate, any browser worthy of attention has automated updating let alone the wider software tools. As development has become more polyglot every language has its central repos of framework libraries (maven central, npm, chocolatey ….). Add to this the growth in multi-cloud and emphasis on micro deployments to support microservices and the deployment landscape gets larger and ever more complex and therefore vulnerable.

What to do?

Continue reading →

Enterprise Architect Cloud

18 Thursday Dec 2014

Posted by mp3monster in General, Technology

≈ Leave a comment

Tags

Cloud, EA, EA Cloud, Enterprise Architect, modelling, software, Sparx, tool

With version 11 of Sparx‘ Enterprise Architect tool a new cloud feature was introduced to support team working, which previously had been achieved using a shared Database.

When we heard about EA Cloud, both myself and my colleagues got rather excited, thinking that this would be the opportunity to offload the effort of looking after a central DB (making sure backups happened, fine tuning the DB settings and so on) plus maintaining the platform’s patching for security etc. Not only that through the cloud capability we could host the repository that made it very easy for the team to access the repository on the move without needing to have another whole in our corporate firewall etc.

Unfortunately, EA Cloud provides all the software to establish a cloud based repository – which can be used through firewalls etc – HTTPS traffic rather than DB connectors on unusual ports but not the hosting.  This seems to a bit of a missed opportunity for Sparx who already have to deal with all of these points to host 3 demo cloud servers.  So the next step of instantiating a server for a regular on going fee doesn’t seem too challenging, not to mention promotes customer tie in, plus the ability to capture some potentially interesting metrics about its users (e.g. which modelling techniques are most popular etc).  Having looked at Sparx partners they don’t offer the capability either which is a shame.

Oracle WebCenter Suite Structure Representation

23 Friday May 2014

Posted by mp3monster in Oracle, Technology

≈ Leave a comment

Tags

Oracle, OTN, product families, software, structure, Webcenter, Webcentre

When it comes to understanding the range of products and how product families fit together Oracle have created some helpful block diagrams, such as the one below.

SOA / AIA Structure

This really helpful – particuarly when trying to understand potential licensing relationships. However there doesn’t appear to be an equivalent diagram (certainly not on OTN). So after a bit of navigating around OTN we have produced the following diagram:

WebCentre Suite Makup

WebCentre Suite Makup

If you find it useful, help yourself but a nod would be appreciated.

eBook Library Organizes and Indexes Your Books

02 Wednesday Sep 2009

Posted by mp3monster in General

≈ Leave a comment

Tags

book, ebook, library, Lifehacker, software

I came across this – eBook Library Organizes and Indexes Your Books [Downloads] which looks interesting. I have a growing collection of eBooks and PDF based articles – as most engineers do.  The problem is quickly searching them for the information that is needed.  so We’ll be giving this tool a try.

SOAPatterns Mind map

17 Monday Aug 2009

Posted by mp3monster in General, mindmap, Technology

≈ Leave a comment

Tags

Design, freemind, mindmap, Patterns, Service Orientated Architecture, SOA, software

My SOA Patterns mind map can be viewed in more detail here.

SOA Patterns

SOA Patterns

AJAX Resources

11 Tuesday Aug 2009

Posted by mp3monster in General

≈ Leave a comment

Tags

AJAX, development, software, Technology, UI, web

With WebUI’s getting more like thick applications as a result of the increasing adoption and sophistication of AJAX use I came across a website that does a good job of pulling together AJAX lessons, examples and tips tricks called www.ajaxlessons.com. Its a link’d recommedn adding to any web developers list of dev resources.

Oracle Ace Director

TOGAF 9

Logging in Action

Oracle Cloud Integration Book

API Platform Book

Oracle Dev Meetup London

Categories

  • App Ideas
  • Books
    • Book Reviews
    • manning
    • Oracle Press
    • Packt
  • Enterprise architecture
  • General
    • economy
    • LinkedIn
    • Website
  • Music
    • Music Resources
    • Music Reviews
  • Photography
  • Technology
    • APIs & microservices
    • chatbots
    • Cloud
    • Dev Meetup
    • development
    • drone
    • FluentD
    • mindmap
    • OMESA
    • Oracle
      • API Platform CS
        • tools
      • Helidon
      • ITSO & OEAF
      • Java Cloud
      • NodeJS Cloud
      • OIC – ICS
    • TOGAF
    • UKOUG
  • xxRetired

Twitter

  • This song builds beautifully highly recommend .. open.spotify.com/track/1MfySlDz…Next Tweet: 2 days ago
  • #LoggingInAction #MEAP has a new chapter available now. 2 more chapters in the editorial process as well covering… twitter.com/i/web/status/1…Next Tweet: 5 days ago
  • Deal of the Day March 1: Half off my book @ManningBooks Logging in Action and selected titles: bit.ly/3uDEk0fNext Tweet: 1 week ago
  • #LoggingInAction #MEAP has a new chapter available now. 2 more chapters in the editorial process as well covering… twitter.com/i/web/status/1…Next Tweet: 1 week ago
  • Oracle's new generation of hospitality system with its strong out of the box API enablement is looking to be a sign… twitter.com/i/web/status/1…Next Tweet: 1 week ago
Follow @mp3monster

OraWorld

OraWorld

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 572 other followers

Blogs I Follow

  • Rick's blog
  • A journey in development
  • Phil (aka MP3Monster)'s Blog
  • RedThunder.Blog
  • A millennial's musings
  • Shalindra's Blogs
  • BTplusMore
  • Creativenauts
  • PaaS Community Blog
  • RedStack
  • Musings of an Enterprise Software Technologist
  • The Open Group Blog
  • SutoCom Solutions
  • Rob's Wall Of Music
  • DataCentricSec.com
  • A World of Events

My Other Web Content & Contributions

  • All My Links
  • Amazon Author entry
  • API Platform
  • Dev Meetup (co-managed)
  • Fluentd Book
  • http://phil-wilkins.uk/
  • ICS Book Website
  • Mindmaps
  • Monster's Photos
  • my Capgemini Profile
  • OMESA
  • Oracle Community Directory
  • Packt Author Bio

RSS

RSS Feed RSS - Posts

RSS Feed RSS - Comments

Calendar

March 2021
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031  
« Feb    

Other Pages

  • About
    • Presenting Activities
  • Books & Publications
    • API & API Platform
      • API Useful Resources
      • Useful Reading Sources
    • Logging in Action with Fluentd, Kubernetes and More
    • Oracle Integration
  • Mindmaps Index
    • Patterns Sources

Speaker Recognition

Open Source Summit Speaker

Flickr Pics

UKOUG volunteersBrightonBrightonBrighton
More Photos

History

Goodreads

OraNA

Aggregated by OraNA

Blogroll

  • A Journey in Development
  • A Neate Blog
  • Blog by Robert van Mölken (co-author on ICS book)
  • Exigency In Specie
  • Ora World
  • SOA4U

Social

  • View @mp3monster’s profile on Twitter
Follow Phil (aka MP3Monster)'s Blog on WordPress.com

Tags

6 Music Aaron Woody Ace AIA album Ansible API apiary API Platform applications article BBC Big Data blog book books Capgemini cd CEP Cloud code concert conference data Design developer development download ebook enterprise FluentD free fusion Good Morning Nantwich Groovy Helidon integration java JBoss jBPM London Luis Weir meetup Microservices mindmap monitoring Music OIC OIC - ICS OOW Oracle Oracle Press OTN PaaS Packt Packt Publishing Patterns Phill Jupitus playlist podcast Presentation promotion Puppet reading Redhat review Security SeeWhy SOA SOA Suite software Technology TOGAF UKOUG video

Blog at WordPress.com.

Rick's blog

End-to-End OIC to SAP integration

A journey in development

A blog-post by blog-post journey of a ERP Cloud Solutions Degree Apprentice

Phil (aka MP3Monster)'s Blog

from Technology to Music

RedThunder.Blog

Demystifying cloud technologies...

A millennial's musings

Shalindra's Blogs

Technofunctional Blogs

BTplusMore

Business, Technology and more

Creativenauts

Personal, design, inspiration, interests.

PaaS Community Blog

by Jürgen Kress

RedStack

Oracle Cloud Stuff

Musings of an Enterprise Software Technologist

My thoughts on Enterprise Software Technologies...and more.

The Open Group Blog

Achieving business objectives through technology standards

SutoCom Solutions

Success & Satisfaction with the Cloud

Rob's Wall Of Music

Thoughts of a lifelong music hoarder...

DataCentricSec.com

A World of Events

A Blog for Event and Data Analytics

Cancel

You must be logged in to post a comment.

Loading Comments...
Comment
    ×
    Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
    To find out more, including how to control cookies, see here: Our Cookie Policy