This is the story of an investigation that I was recently involved in at a client. It took over a week to resolve, involved networking acronyms that seemed to increase in length each day (MTU...ICMP...PMTUD?!), and wound up with us learning all about a rather scary-sounding concept: black-hole connections.
In part 1 of this tutorial, we briefly looked at the concept of canary deployments, and installed Jenkins and Prometheus on an EKS-based Kubernetes cluster. In this part, we will setup Spinnaker using AWS S3 as its backend. After enabling canary deployment functionality we'll set up a canary pipeline to test our basic service.
I was lucky enough to have the opportunity via Shine recently to attend the inaugural OWASP AppSec Day 2018 (Melbourne) at RMIT. Security professionals from around the globe gave some insightful talks into the state of secure application development in 2018. In this post I'll share you some of the key insights I gained from these talks.