Santa Clara, Calif., February 16, 2021 — In the most recent acquisition for the company, DoiT International (DoiT), a global multi-cloud software and managed service provider with deep expertise in Kubernetes, Machine Learning, and Big Data, today announced that it has acquired ProdOps, a top provider of scalable software operations and infrastructure automation services. The acquisition combines two engineering-focused companies to meet growing demand for operational agility and enhances DoiT’s already robust cloud managed services, proprietary cloud management platform, consulting, training, and support capabilities.

Leaders seeking innovation through technology solutions are jumping to the public cloud. And with this trend…


TL;DR

HIPAA compliant architecture can be simply deployed using the AWS boilerplate. This post covers some background of both business and technical aspects. The following is a breakdown of the components delivered by AWS. If you’re familiar with these, you may find more interest in part two, which goes into depth on certain areas where the boilerplate falls short, as well as some applicable suggestions to improve them.

HIPAA

The Health Insurance Portability and Accountability Act is a set of five titles. Set by the Clinton administration back in 1996, it deals with all aspects of healthcare, from insurance to tax…


Cross-Site Request Forgery attack and mitigations explained

Originally published at https://omerxx.com/csrf-attacks

“CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated. With a little help of social engineering (such as sending a link via email/chat), an attacker may force the users of a web application to execute actions of the attacker’s choosing.”

- DVWA

TL;DR: CSRF is as easy to attack as it is easy to protect from! There’s no reason any web-facing application should not implement the relevant protection. Lots of known frameworks have it built in as a feature or an opt-in…


The basics of how to test and protect your application

Photo by Sara Bakhshi on Unsplash
Photo by Sara Bakhshi on Unsplash

Originally published at https://omerxx.com/sql-injection-intro

SQL Injection (SQLi) accounted for more than 72% of all attacks when looking at all verticals during (2018–2019) period.
- State of the internet 2019, Akamai

The quote above says it all. If there’s one attack vector to get familiar with as a web developer it’s an injection and this one in particular. On the OWASP top 10 list injections are ranked first with SQL staring high. The infamous SQLi is very common, easy to automate and can create a lot of unrepairable damage.

This post is a personal attempt at getting to the bottom of…


“Git for Windows provides a BASH emulation used to run Git from the command line.

*NIX users should feel right at home, as the BASH emulation behaves just like the “git” command in LINUX and UNIX environments.”
Git For Windows

“.. Linux users should feel right at home..” — Running git commands is quite straight forward, but what about running 3rd-party Windows binaries, and make them available in Windows Git Bash?

To make sure we’re on the same page — when I refer to binary files, I mean Windows executable (*.exe) files.

A possible solution to that is adding the…


As promised in my last article, Terraform AWS — Dynamic Subnets, today you’re going to learn how to manage Workspaces in Terraform, which are simply used for segregating your developing environments (dev, qa, stage, prod) while sharing the same infrastructure between them. We will also take advantage of the free Terraform Cloud service to store the state file (tfstate) remotely.

Objectives

  1. Share the same infrastructure as code (IaC) in multiple environments (Workspaces)
  2. Store the tfstate file remotely to allow colleagues to manage the infrastructure you’re working on

Knowledge and assumptions

  1. You read my Terraform AWS — Dynamic Subnets tutorial which covers most of the…


Update17-Oct changelog: Terraform released a new function named cidrsubnets, this function creates a list of cidr-subnets. This function is great, and I recommend using it. Even though this function shortens some parts of this tutorial, you should still read it if you want to learn how to use functions in Terraform.

Objectives

  1. Create sets of subnets dynamically
  2. Learn advanced concepts in Terraform
    a. map variable and lookup function
    b. for loop and conditional for loop
    c. index function in a for loop

Knowledge and assumptions

  1. You are familiar with subnetting (a.b.c.d/xx) - a great online tool for calculating subnets - cidr.xyz
  2. You…


Not surprising that even in 2019, there are still people in IT who think that a single server’s utilization should be a significant measurement, completely forgetting the importance of holistically looking at the system as a whole. This post explains the Systems Thinking way to think about IT, with a pinch of Theory of Constraints understanding of “buffers” added in.

The story begins with a recent question in our Operation Israel community:

Policy makers in government want to see proven benchmarks comparing open-source (LAMP, Kubernetes) server utilization vs. classic Microsoft Windows based servers (IIS, SQLServer).

Are there any documents, posts…


“Too much freedom undercuts freedom” — William Raspberry

It is no secret that Continuous Integration, and in most cases,
Continuous Delivery (CI/CD in short)too are one of the most sought after development practices among technology-related companies nowadays.

These practices, provided they are applied correctly, are said to improve software development efficiency.
This, in turn, leads to faster development time, fewer integration issues compared to integrating once, and assisting in the prevention of a well-known phenomenon called “Integration hell”.

One of the many challenges in implementing this practice, which we will discuss in great detail in this post is its starting point.

There is a variety of products to…


An opinionated guide

Lessons from 3-years of intensive learning

TL;DR
Using Vim is by-far the most productiveness-enhancing, enjoyable and rewarding tool you’ll ever adopt. This post was an idea I had for a long time; there are literally endless pieces of information about Vim out there, and every time I started writing I thought I was just adding to the chaos. I feel it became too important to ignore, too much of a productivity change, and probably the best tool I have ever decided to take upon learning, and so I’m sharing my process. This an opinionated post about how I think anyone should start. …

ProdOpsIO

Fusion of Engineering and Operations

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store