Trickest, Inc.’s Post

I love that Dependabot automagically lets me know there are vulnerabilities in libraries i’m using. Where tooling like this falls down is the complete lack of context about the program I've built. rexml is a dependency of jekyll, a static site generator. I run jekyll locally on my machine, and it generates static HTML files I copy to a server. There isn’t an exploit of interest here. Even if there magically was, the impact isn’t particularly exciting: a DoS when regenerating my D&D blog. I would forgive someone for tuning out the messages from Dependabot, because the serious can end up mixed together with the so-so. You have a similar issue with the results from code scanners. It’s easy for those tools to misunderstand the impact of what you’ve written. Certainly every interaction I’ve had with them has involved looking at their output to first figure out what’s a legit finding. I am sure many developers have had to fix non-issues to placate 3rd parties who treat the output of these tools as sacrosanct. I have no pithy conclusion to this post: doing application security well is difficult.

Optimize your docker image by 90% not just in size but also in security. 1. 𝗨𝘀𝗲 𝗠𝘂𝗹𝘁𝗶-𝗦𝘁𝗮𝗴𝗲 𝗯𝘂𝗶𝗹𝗱𝘀. Stage 1 will build an artifact consisting of all the required libraries & dependencies. Stage 2 will use a slim/scratch base image and copy only the artifact from Stage 1 resulting in up to 95% less image size. 2. 𝗣𝗶𝗰𝗸 𝘀𝗹𝗶𝗺 𝘃𝗲𝗿𝗶𝗳𝗶𝗲𝗱 𝗯𝗮𝘀𝗲 𝗶𝗺𝗮𝗴𝗲𝘀. Slim images don’t have any unnecessary components like shell utilities, libraries, or metadata. It will reduce the size and the attack surface area. 3. 𝗕𝗲𝗻𝗲𝗳𝗶𝘁 𝗳𝗿𝗼𝗺 𝘁𝗵𝗲 𝗟𝗮𝘆𝗲𝗿 𝗖𝗮𝗰𝗵𝗶𝗻𝗴. Always order the instructions from least changing to most changing i.e. use COPY instruction much later in the Dockerfile. 4. 𝗨𝘀𝗲 𝗹𝗲𝘀𝘀 𝗹𝗮𝘆𝗲𝗿𝘀. Commands like RUN COPY ADD create layers. Fewer layers = Small Size = Faster Build Times. 5. 𝗡𝗲𝘃𝗲𝗿 𝗿𝘂𝗻 𝗶𝗺𝗮𝗴𝗲𝘀 𝗮𝘀 𝘁𝗵𝗲 𝗿𝗼𝗼𝘁 𝘂𝘀𝗲𝗿. By default, every image runs with root privileges, so make sure you run the image as a non-pseudo user[may break your application, some processes need root privileges] 6. 𝗦𝗰𝗮𝗻 𝗶𝗺𝗮𝗴𝗲𝘀 𝗳𝗼𝗿 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 using tools like Trivy & Scout. Avoid CRITICAL and HIGH vulnerabilities. Tip: To see individual layers of an image use tools like Dive.

A multistage Dockerfile enhances efficiency and reduces the size of the final Docker image by using multiple build stages within a single file. Each stage has its own set of dependencies, ensuring that unnecessary files or packages are excluded from the final image. This method significantly minimizes the image size.

🚀 Multi-Stage Docker Builds: A Game Changer 🐳 In the world of containerization, Multi-Stage Docker Builds are truly a game changer. They allow you to streamline your Docker images, keeping them lightweight, efficient, and secure. By splitting the build process into multiple stages, you only retain what's necessary for the final image, reducing bloat and improving performance. The benefits: ⬇️ Smaller images – Say goodbye to hefty images! ⚡ Faster deployments – Efficient images lead to quicker deploys. 🔒 Better security – Minimizes unnecessary software and vulnerabilities. If you're not using them yet, it's time to give them a try! #docker #devops #containers #softwaredevelopment #efficiency #devopstools

Optimise your docker image by 90% not just in size but also in security. 1. 𝗨𝘀𝗲 𝗠𝘂𝗹𝘁𝗶-𝗦𝘁𝗮𝗴𝗲 𝗯𝘂𝗶𝗹𝗱𝘀. Stage 1 will build an artifact consisting of all the required libraries & dependencies. Stage 2 will use a slim/scratch base image and copy only the artifact from Stage 1 resulting in up to 95% less image size. 2. 𝗣𝗶𝗰𝗸 𝘀𝗹𝗶𝗺 𝘃𝗲𝗿𝗶𝗳𝗶𝗲𝗱 𝗯𝗮𝘀𝗲 𝗶𝗺𝗮𝗴𝗲𝘀. Slim images don’t have any unnecessary components like shell utilities, libraries, or metadata. It will reduce the size and the attack surface area. 3. 𝗕𝗲𝗻𝗲𝗳𝗶𝘁 𝗳𝗿𝗼𝗺 𝘁𝗵𝗲 𝗟𝗮𝘆𝗲𝗿 𝗖𝗮𝗰𝗵𝗶𝗻𝗴. Always order the instructions from least changing to most changing i.e. use COPY instruction much later in the Dockerfile. 4. 𝗨𝘀𝗲 𝗹𝗲𝘀𝘀 𝗹𝗮𝘆𝗲𝗿𝘀. Commands like RUN COPY ADD create layers. Fewer layers = Small Size = Faster Build Times. 5. 𝗡𝗲𝘃𝗲𝗿 𝗿𝘂𝗻 𝗶𝗺𝗮𝗴𝗲𝘀 𝗮𝘀 𝘁𝗵𝗲 𝗿𝗼𝗼𝘁 𝘂𝘀𝗲𝗿. By default, every image runs with root privileges, so make sure you run the image as a non-pseudo user[may break your application, some processes need root privileges] 6. 𝗦𝗰𝗮𝗻 𝗶𝗺𝗮𝗴𝗲𝘀 𝗳𝗼𝗿 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 using tools like Trivy & Scout. Avoid CRITICAL and HIGH vulnerabilities. Tip: To see individual layers of an image use tools like Dive.

Optimise your docker image by 90% not just in size but also in security. 1. 𝗨𝘀𝗲 𝗠𝘂𝗹𝘁𝗶-𝗦𝘁𝗮𝗴𝗲 𝗯𝘂𝗶𝗹𝗱𝘀. Stage 1 will build an artifact consisting of all the required libraries & dependencies. Stage 2 will use a slim/scratch base image and copy only the artifact from Stage 1 resulting in up to 95% less image size. 2. 𝗣𝗶𝗰𝗸 𝘀𝗹𝗶𝗺 𝘃𝗲𝗿𝗶𝗳𝗶𝗲𝗱 𝗯𝗮𝘀𝗲 𝗶𝗺𝗮𝗴𝗲𝘀. Slim images don’t have any unnecessary components like shell utilities, libraries, or metadata. It will reduce the size and the attack surface area. 3. 𝗕𝗲𝗻𝗲𝗳𝗶𝘁 𝗳𝗿𝗼𝗺 𝘁𝗵𝗲 𝗟𝗮𝘆𝗲𝗿 𝗖𝗮𝗰𝗵𝗶𝗻𝗴. Always order the instructions from least changing to most changing i.e. use COPY instruction much later in the Dockerfile. 4. 𝗨𝘀𝗲 𝗹𝗲𝘀𝘀 𝗹𝗮𝘆𝗲𝗿𝘀. Commands like RUN COPY ADD create layers. Fewer layers = Small Size = Faster Build Times. 5. 𝗡𝗲𝘃𝗲𝗿 𝗿𝘂𝗻 𝗶𝗺𝗮𝗴𝗲𝘀 𝗮𝘀 𝘁𝗵𝗲 𝗿𝗼𝗼𝘁 𝘂𝘀𝗲𝗿. By default, every image runs with root privileges, so make sure you run the image as a non-pseudo user[may break your application, some processes need root privileges] 6. 𝗦𝗰𝗮𝗻 𝗶𝗺𝗮𝗴𝗲𝘀 𝗳𝗼𝗿 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 using tools like Trivy & Scout. Avoid CRITICAL and HIGH vulnerabilities. Tip: To see individual layers of an image use tools like Dive.

Reducing the size of a Docker image is crucial and must be done carefully to avoid breaking the application. #dockerfile #dockerimage

Optimize your docker image by 90% not just in size but also in security. 1. 𝗨𝘀𝗲 𝗠𝘂𝗹𝘁𝗶-𝗦𝘁𝗮𝗴𝗲 𝗯𝘂𝗶𝗹𝗱𝘀. Stage 1 will build an artifact consisting of all the required libraries & dependencies. Stage 2 will use a slim/scratch base image and copy only the artifact from Stage 1 resulting in up to 95% less image size. 2. 𝗣𝗶𝗰𝗸 𝘀𝗹𝗶𝗺 𝘃𝗲𝗿𝗶𝗳𝗶𝗲𝗱 𝗯𝗮𝘀𝗲 𝗶𝗺𝗮𝗴𝗲𝘀. Slim images don’t have any unnecessary components like shell utilities, libraries, or metadata. It will reduce the size and the attack surface area. 3. 𝗕𝗲𝗻𝗲𝗳𝗶𝘁 𝗳𝗿𝗼𝗺 𝘁𝗵𝗲 𝗟𝗮𝘆𝗲𝗿 𝗖𝗮𝗰𝗵𝗶𝗻𝗴. Always order the instructions from least changing to most changing i.e. use COPY instruction much later in the Docker file. 4. 𝗨𝘀𝗲 𝗹𝗲𝘀𝘀 𝗹𝗮𝘆𝗲𝗿𝘀. Commands like RUN COPY ADD create layers. Fewer layers = Small Size = Faster Build Times. 5. 𝗡𝗲𝘃𝗲𝗿 𝗿𝘂𝗻 𝗶𝗺𝗮𝗴𝗲𝘀 𝗮𝘀 𝘁𝗵𝗲 𝗿𝗼𝗼𝘁 𝘂𝘀𝗲𝗿. By default, every image runs with root privileges, so make sure you run the image as a non-pseudo user[may break your application, some processes need root privileges] 6. 𝗦𝗰𝗮𝗻 𝗶𝗺𝗮𝗴𝗲𝘀 𝗳𝗼𝗿 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 using tools like Trivy & Scout. Avoid CRITICAL and HIGH vulnerabilities. Tip: To see individual layers of an image use tools like Dive.

🌟 Zircolite: Shining a Light on Modern Threat Detection 🌟 https://lnkd.in/dGxuwRkq 🚀 Why Zircolite? Think of Zircolite as your first responder in the world of Windows telemetry analysis. Without bulky infrastructure or complex deployments, Zircolite harnesses the power of Sigma rules to quickly identify anomalies and traces of adversarial activities. 💡 What Makes It Different? Simplicity Meets Power: Unlike heavyweight SIEM tools (doesn't mean you shouldn't adopt a SIEM tech) , Zircolite's focus on speed and precision makes threat-hunting accessible and efficient. Compatibility with Sigma: Use the collective power of community-driven threat intelligence by leveraging Sigma rules. Real-Time Visibility: Instant insights without the lag—essential for critical incident response windows.

easier when you know how to host webpage with a form that makes a request automatically. All you have to do is change the method to GET from POST.