Skip to content

NimTechnology

Trình bày các công nghệ CLOUD một cách dễ hiểu.

  • Kubernetes & Container
    • Docker
    • Kubernetes
      • Ingress
      • Pod
    • Helm Chart
    • OAuth2 Proxy
    • Isito-EnvoyFilter
    • Apache Kafka
      • Kafka
      • Kafka Connect
      • Lenses
    • Vault
    • Longhorn – Storage
    • VictoriaMetrics
    • MetalLB
    • Kong Gateway
  • CI/CD
    • ArgoCD
    • ArgoWorkflows
    • Argo Events
    • Spinnaker
    • Jenkins
    • Harbor
    • TeamCity
    • Git
      • Bitbucket
  • Coding
    • DevSecOps
    • Terraform
      • GCP – Google Cloud
      • AWS – Amazon Web Service
      • Azure Cloud
    • Golang
    • Laravel
    • Python
    • Jquery & JavaScript
    • Selenium
  • Log, Monitor & Tracing
    • DataDog
    • Prometheus
    • Grafana
    • ELK
      • Kibana
      • Logstash
  • BareMetal
    • NextCloud
  • Toggle search form

Category: DevSecOps

[Vulnerability] CVE-2024-6387 – Critical vulnerability in OpenSSH

Posted on July 4, 2024July 11, 2024 By nim No Comments on [Vulnerability] CVE-2024-6387 – Critical vulnerability in OpenSSH
[Vulnerability] CVE-2024-6387 – Critical vulnerability in OpenSSH

CVE-2024-6387 is a critical vulnerability in OpenSSH that allows unauthenticated remote code execution, affecting millions of Linux systems. The flaw, named “regreSSHion,” is particularly dangerous because it can be exploited without authentication, making it a significant threat to affected systems.Affected Versions: 8.5p1 to 9.7p1. Stop and Remove Existing OpenSSH Service Install OpenSSH 9.8 Maybe you encounter…

Read More “[Vulnerability] CVE-2024-6387 – Critical vulnerability in OpenSSH” »

DevSecOps

[Security] Find vulnerabilities in your EC2 Linux instance

Posted on July 4, 2024July 4, 2024 By nim No Comments on [Security] Find vulnerabilities in your EC2 Linux instance
[Security] Find vulnerabilities in your EC2 Linux instance

To find vulnerabilities on your EC2 Linux instance, including ones related to OpenSSH and other software, you can use several open-source tools. Here are some recommended steps and tools: These tools will help you identify and mitigate vulnerabilities on your EC2 Linux instance. Be sure to regularly update these tools and your system to keep…

Read More “[Security] Find vulnerabilities in your EC2 Linux instance” »

DevSecOps

[Security] How to access S3 when you stay at any EC2!

Posted on June 26, 2024June 26, 2024 By nim No Comments on [Security] How to access S3 when you stay at any EC2!
[Security] How to access S3 when you stay at any EC2!

You already have limited access inside the AWS account with the credentials of a compromised IAM user. To find out the name of your IAM user, you have to execute aws iam get-user. There are 3 ways to give permissions to an IAM user: inline policies (aws iam list-user-policies), attached policies (aws iam list-attached-user-policies) and…

Read More “[Security] How to access S3 when you stay at any EC2!” »

DevSecOps

[DefectDojo] Vulnerability Management and Remediation by DefectDojo

Posted on December 24, 2023 By nim No Comments on [DefectDojo] Vulnerability Management and Remediation by DefectDojo
[DefectDojo] Vulnerability Management and Remediation by DefectDojo

Generate Security Scanning Reports Hiện theo cách đơn giản là bạn có rất nhiều tool scanning và bạn cần 1 nơi centralize report of the scanning tool Khi bạn sử dụng 1 tool scan thì bạn config sao cho tool scan will create a report file.Và chúng ta sẽ lưu file đó vào artifact của…

Read More “[DefectDojo] Vulnerability Management and Remediation by DefectDojo” »

DevSecOps

[Gitleaks/njsscan/semgrep] Secure Your code by CAST and SAST tools

Posted on November 27, 2023December 3, 2024 By nim No Comments on [Gitleaks/njsscan/semgrep] Secure Your code by CAST and SAST tools
[Gitleaks/njsscan/semgrep] Secure Your code by CAST and SAST tools

Look into CAST tool Ở đây mình sẽ dụng Docker để run gitleaks Bạn sẽ cần replace: ${path_to_host_folder_to_scan} đây là folder chứa code của bạn.Và tiếp theo là phần [COMMAND]: Và bên dưới là phần chúng ta scan, mình sử dụng command detect. nếu bạn muốn output hiện thị chi tiết hơn thêm –verbose Để…

Read More “[Gitleaks/njsscan/semgrep] Secure Your code by CAST and SAST tools” »

CI/CD, DevSecOps

How do companies ship code to production?

Posted on October 18, 2023 By nim No Comments on How do companies ship code to production?

Tham khảo link:https://blog.bytebytego.com/p/ep81-how-companies-ship-code-to-production?ref=dailydev Step 1: The process starts with a product owner creating user stories based on requirements. Step 2: The dev team picks up the user stories from the backlog and puts them into a sprint for a two-week dev cycle. Step 3: The developers commit source code into the code repository Git. Step…

Read More “How do companies ship code to production?” »

Coding, DevSecOps

[DevSecOps] Mutation testing

Posted on September 11, 2023 By nim No Comments on [DevSecOps] Mutation testing
[DevSecOps] Mutation testing

Look into Mutation testing. Mutation testing is a type of software testing where certain statements in the source code are changed (or “mutated”) to determine if the test cases can detect the changes. The idea is to ensure that the test suite is robust and can catch defects in the code. Here’s a basic overview…

Read More “[DevSecOps] Mutation testing” »

DevSecOps

[DevSecOps] Engines for Pentesters

Posted on September 2, 2023 By nim No Comments on [DevSecOps] Engines for Pentesters
[DevSecOps] Engines for Pentesters

“Which search engines do Pentesters use during the information gathering phase❓” Today I have a great resource suggestion where you can find the answer to this question❗️🌝 You should definitely add it to your bookmarks.🤞🏻🌸

DevSecOps

[DevSecOps] Use CrowdSec to detect the malicious behaviors in your system.

Posted on September 2, 2023 By nim No Comments on [DevSecOps] Use CrowdSec to detect the malicious behaviors in your system.
[DevSecOps] Use CrowdSec to detect the malicious behaviors in your system.

CrowdSec là một giải pháp mã nguồn mở được thiết kế để bảo vệ máy chủ và ứng dụng của bạn khỏi các cuộc tấn công độc hại. Nó hoạt động dựa trên cơ chế phát hiện và cấm IP dựa trên hành vi độc hại và sau đó chia sẻ các địa chỉ IP…

Read More “[DevSecOps] Use CrowdSec to detect the malicious behaviors in your system.” »

DevSecOps

[DevSecOps] Scan Terraform

Posted on July 27, 2023 By nim No Comments on [DevSecOps] Scan Terraform
[DevSecOps] Scan Terraform

Mình copy bài này:https://spacelift.io/blog/what-is-tfsec More and more organizations are adopting IaC to codify their infrastructure requirements and streamline the maintenance processes around it. While Terraform is one of the dominant technologies today in the space of Infrastructure as Code (IaC), there is still a lot of scope of improvement. One such opportunity is its SecOps…

Read More “[DevSecOps] Scan Terraform” »

DevSecOps, Terraform

Posts pagination

1 2 3 Next
Tham Gia Group DevOps nhé!
Để Nim có nhiều động lực ra nhiều bài viết.
Để nhận được những thông báo mới nhất.

Recent Posts

  • [WordPress] Hướng dấn gửi mail trên WordPress thông qua gmail. June 15, 2025
  • [Bitbucket] Git Clone/Pull/Push with Bitbucket through API Token. June 12, 2025
  • [Teamcity] How to transfer the value from pipeline A to pipeline B June 9, 2025
  • [Windows] Remove the process that consumes too much CPU. June 3, 2025
  • Deploying Web-Based File Managers: File Browser and KubeFileBrowser with Docker and Kubernetes June 3, 2025

Archives

  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021

Categories

  • BareMetal
    • NextCloud
  • CI/CD
    • Argo Events
    • ArgoCD
    • ArgoWorkflows
    • Git
      • Bitbucket
    • Harbor
    • Jenkins
    • Spinnaker
    • TeamCity
  • Coding
    • DevSecOps
    • Golang
    • Jquery & JavaScript
    • Laravel
    • NextJS 14 & ReactJS & Type Script
    • Python
    • Selenium
    • Terraform
      • AWS – Amazon Web Service
      • Azure Cloud
      • GCP – Google Cloud
  • Kubernetes & Container
    • Apache Kafka
      • Kafka
      • Kafka Connect
      • Lenses
    • Docker
    • Helm Chart
    • Isito-EnvoyFilter
    • Kong Gateway
    • Kubernetes
      • Ingress
      • Pod
    • Longhorn – Storage
    • MetalLB
    • OAuth2 Proxy
    • Vault
    • VictoriaMetrics
  • Log, Monitor & Tracing
    • DataDog
    • ELK
      • Kibana
      • Logstash
    • Fluent
    • Grafana
    • Prometheus
  • Uncategorized
  • Admin

Copyright © 2025 NimTechnology.