Monday, August 29, 2011

"DevOps with SecOps" ~ short intro to Security Implications in DevOps Process

It's a short introduction to Security Implications in the new emerging & highly required domain of DevOps.


As currently, the major concern around DevOps world is 'The Mantra of Automation' at the level of
+ System/Environments Provisioning
    (easy & fast using Cloud Support)
+ Idempotent Configuration
    (using Automated Configuration Services)
+ Logging & Analytics
    (using automated detailed logging and clever analysis )

This presentation just mentions the security considerations related to all these 3 DevOps processes...

+ Provisioning being affected by
 |=+ Non-Robust Cloud Frameworks,
 |=+ Vulnerable Service APIs, &
 |=+ Virtualization BreakOuts
 |
+ Configuration Management threatened by
 |=+ Non-Robust Services, &
 |=+ Non-preferred storage of sensitive
 |     configuration data
 |
+ Analytics
 |=+ Log Analysis frameworks have been 
 |     several times attacked by infecting 
 |     the received logs resulting in service
 |     level non-sanitized input attacks. 
 |_

Thursday, August 11, 2011

howto check for safety of Shorten URLs before opening them in your browsers

Short URLs were in fashion a while back and now they are in requirement.
No matter which social, professional or public web portal you browse, you get to see short url.

But Short URLs from so many sources are not secure as a carefully planted short url redirecting (sometimes single redirection and sometimes multiple) to an infected web portal.
So, all the short links from non-reliable sources must be first traced back to original links and only visited if they cross-check successfully.

So, how to know the actual portal to be visited without using that URL and following it to final location.

[] from your shell
$ curl --head -L http://short.en/url | grep Location:
so, place the short url to be checked in place of "http://short.en/url" in the command provided above and then you can see the entire url trace and the final url to be visited...
~~~~~~~~~~~~~~~~~~~~

[] from the web-app
Link: http://webhoudini.appspot.com/
At this portal paste in the link in Short URL text box and click the 'Unshorten' button to see the actual redirected URL.

~~~~~~~~~~~~~~~~~~~~