DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

The Latest Maintenance Topics

article thumbnail
Docker Use Cases: 15 Most Common Ways to Use Docker
Containerization technology can be adopted in all industries. Here are the top 15 ways to implement it using Docker.
November 26, 2022
by Alfonso Valdes
· 7,663 Views · 3 Likes
article thumbnail
Kubernetes Autoscaling: How to Use the Kubernetes Autoscaler
This article will explain the different methods of Kubernetes Autoscaling and how it can be implemented.
November 25, 2022
by Alfonso Valdes
· 4,328 Views · 1 Like
article thumbnail
Utilize These Detection-as-Code Best Practices
Does your security team have a modern approach to threat detection? Or are you still trying to keep pace using legacy systems of the past?
November 24, 2022
by Jack Naglieri
· 7,581 Views · 2 Likes
article thumbnail
Why It’s Time to Shift Left Technical Debt
We need to talk about shifting tech debt left. Here’s how we can improve codebase health and push quality upstream by focusing on tech debt.
November 22, 2022
by Ruth Dillon-Mansfield
· 5,988 Views · 2 Likes
article thumbnail
Write Your Kubernetes Infrastructure as Go Code - Combine CDK8s With AWS CDK
Learn how to write your Kubernetes infrastructure as a Go code.
November 19, 2022
by Abhishek Gupta CORE
· 15,704 Views · 3 Likes
article thumbnail
LocalStack in Action (Part 1)
Introducing you to LocalStack to help you learn how to run AWS applications or lambdas on your local machine without connecting to a remote cloud provider.
November 17, 2022
by Moaad Aassou
· 3,775 Views · 2 Likes
article thumbnail
Reducing Kubernetes Costs With Autoscaling
Kubernetes comes with three built-in autoscaling mechanisms. Read how these mechanisms of autoscaling in Kubernetes can help to reduce your cloud bill.
November 9, 2022
by Ruchita Varma
· 5,161 Views · 3 Likes
article thumbnail
Write Your Kubernetes Infrastructure as Go Code - Manage AWS Services
Deploy DynamoDB and a client app using cdk8s along with AWS Controller for Kubernetes.
November 3, 2022
by Abhishek Gupta CORE
· 11,987 Views · 2 Likes
article thumbnail
Monoliths to Microservices: Untangling Your Spaghetti
Using AI and automation to refactor monolithic applications into microservices.
October 26, 2022
by Tom Smith CORE
· 5,844 Views · 2 Likes
article thumbnail
Is Multi-Cloud Infrastructure the Future of Enterprises?
Why and how multi-cloud infrastructure benefits enterprise and considered as the future of enterprises.
October 26, 2022
by Heena Soni
· 5,891 Views · 3 Likes
article thumbnail
How Disaster Recovery Solutions for Cloud Databases Have Evolved Over the Years
In this article, you’ll learn about the development of disaster recovery technologies and the databases that have adopted those innovations.
October 23, 2022
by Allen Gao
· 6,401 Views · 1 Like
article thumbnail
What Is GitOps?
GitOps extends the functionality of IaC by allowing developers to declare every resource in Git and automatically maintain the desired state across the infrastructure.
October 23, 2022
by Alfonso Valdes
· 7,449 Views · 8 Likes
article thumbnail
Balancing Technical Debt and Feature Development With Service Level Objectives
Eliminating tech debt is impossible, so learning the best way to manage it relative to new development is the right mindset. Learn more in this article.
October 19, 2022
by Kit Merker
· 5,146 Views · 2 Likes
article thumbnail
Infrastructure as Code (IaC) for Java-Based Apps on Azure
A closer look at Java at Microsoft and Azure and what Microsoft can offer to modernize existing Java-based apps or bring new ones with the practice of IaC
October 19, 2022
by Bobur Umurzokov
· 6,703 Views · 2 Likes
article thumbnail
How To Create Asynchronous and Retryable Methods With Failover Support
Learn about a new framework that allows processing methods asynchronously with retries in case of failure and the support of load-balancing and failover.
October 18, 2022
by Mohammed ZAHID CORE
· 7,820 Views · 1 Like
article thumbnail
Data Warehouse and Data Lake Modernization: From Legacy On-Premise to Cloud-Native Infrastructure
Learn how to build a modern data stack with cloud-native technologies, such as data warehouse, data lake, and data streaming, to solve business problems.
October 7, 2022
by Kai Wähner CORE
· 4,879 Views · 3 Likes
article thumbnail
Technical Debt [Comic]
Don't ignore them.
October 5, 2022
by Daniel Stori CORE
· 5,833 Views · 2 Likes
article thumbnail
Appsec and Technical Debt
Technical debt is a fact of life for anyone working in software development: work that needs to be done to make the system cleaner and simpler and cheaper to run over the long term, but that the business doesn't know about or doesn't see as a priority. This is because technical debt is mostly hidden from the people that use the system: the system works ok, even if there are shortcuts in design that make the system harder for developers to understand and change than it should be; or code that’s hard to read or that has been copied too many times; maybe some bugs that the customers don’t know about and that the development team is betting they won’t have to fix; and the platform has fallen behind on patches. It’s the same for most application security vulnerabilities. The system runs fine, customers can’t see anything wrong, but there’s something missing or not-quite-right under the hood, and bad things might happen if these problems aren't taken care of in time. Where does Technical Debt come from? Technical debt is the accumulation of many decisions made over the life of a system. Martin Fowler has a nice 2x2 matrix that explains how these decisions add to a system’s debt load: I think that this same matrix can be used to understand more about where application security problems come from, and how to deal with them. Deliberate Decisions Many appsec problems come from the top half of the quadrant, where people make deliberate, conscious decisions to short cut security work when they are designing and developing software. This is where the “debt” metaphor properly applies, because someone is taking out a loan against the future, trading off time against cost – making a strategic decision to save time now, get the software out the door knowing that they have taken on risks and costs that will have to be repaid later. This is the kind of decision that technology startups make all the time. Thinking Lean, it really doesn't matter if a system is secure if nobody ever uses it. So build out important features first and get customers using them, then take care of making sure everything’s secure later if the company lasts that long. Companies that do make it this far often end up in a vicious cycle of getting hacked, fixing vulnerabilities and getting hacked again until they rewrite a lot of the code and eventually change how they think about security and secure development. Whether you are acting recklessly (top left) or prudently (top right) depends on whether you understand what your security and privacy obligations are, and understand what risks you are taking on by not meeting them. Are you considering security in requirements and in the design of the system and in how it’s built? Are you keeping track of the trade-offs that you are making? Do you know what it takes to build a secure system, and are you prepared to build more security in later, knowing how much this is going to cost? Unfortunately, when it comes to application security, many of these decisions are made irresponsibly. But there also situations when people don’t know enough about application security to make conscious trade-off decisions, even reckless decisions. They are in the bottom half of the quadrant, making mistakes and taking on significant risks without knowing it. Inadvertent Mistakes Many technical debt problems (and a lot of application security vulnerabilities) are the result of ignorance: from developers not understanding enough about the kind of system they are building or the language or platform that they are using or even the basics of making software to know if they are doing something wrong or if they aren't doing something that they should be doing. This is technical debt that is hidden even from people inside the team. When it comes to appsec, there are too many simple things that too many developers still don’t know about, like how to write embedded SQL properly to protect an app from SQL Injection, or how important data input validation is and how to do it right, or even how to do something as simple as aForgot Password function without messing it up and creating security holes. When they’re writing code badly without knowing it, they’re in the bottom left corner of the technical debt quadrant – reckless and ignorant. But it’s also too easy for teams who are trying to be responsible (bottom right) to miss things or make bad mistakes, because they don’t understand the black magic of how to store passwords securely or because they don’t know about Content Security Policy protection against XSS in web apps, or how to use tokens to protect sessions against CSRF, or any of the many platform-specific and situation-specific security holes that they have to plug. Most developers won’t know about these problems unless they get training, or until they fail an audit or a pen test, or until the system gets hacked, or maybe they will never know about them, whether the system has been hacked or not. Appsec Vulnerabilities as Debt Thinking of application security vulnerabilities as debt offers some new insights, and a new vocabulary when talking with developers and managers who already understand the idea of technical debt. Chris Wysopal at Veracode has gone farther and created a sensible application security debt model that borrows from existing cost models for technical debt, calculating the cost of latent application security vulnerabilities based on risk factors: breach probability and potential breach cost. Financial debt models like this are intended to help people (especially managers) understand the potential cost of technical debt or application security debt, and make them act more responsibly towards managing their debt. But unfortunately tracking debt costs hasn't helped the world’s major governments face up to their debt obligations and it doesn't seem to affect how most individuals manage their personal debt. And I don't think that this approach will create real change in how businesses think of application security debt or technical debt, or how much effort they will put in to addressing it. Too many people in too many organizations have become too accustomed to living with debt, and they have learned to accept it as part of how they work. Paying off debt can always be put off until later, even if later never comes. Adding appsec vulnerabilities to the existing debt that most managers and developers are already dealing with isn't going to get vulnerabilities taken care of faster, even vulnerabilities that have a high “interest cost”. We need a different way to convince managers and developers that application security needs to be taken seriously.
October 5, 2022
by Jim Bird
· 9,474 Views · 1 Like
article thumbnail
3 Great Articles on Technical Debt
Some great links about technical debt: Are bugs part of technical debt? Technical Debt - from metaphor to theory and practice (presentation) Special IEEE Explore issue on Technical Debt (Nov 2012) Must read if you're passionate about quality and have seen or heard some of the issues mentioned in these materials.
October 4, 2022
by Rodrigo De Castro
· 7,454 Views · 1 Like
article thumbnail
Data Quality Monitoring — You’re Doing It Wrong
Monitoring your “important” data only gets you so far. If you really want data quality coverage, it's time to go deep and broad with your data monitors.
October 3, 2022
by Lior Gavish
· 4,226 Views · 3 Likes
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • ...
  • Next

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: