Snyk is the platform developers choose to build cloud native applications securely.Secure all the components of the modern cloud native application in a single platform.

Snyk is an open source security platform designed to help software-driven businesses enhance developer security. Snyk’s dependency scanner makes it the only solution that seamlessly and proactively finds, prioritizes and fixes vulnerabilities and license violations in open source dependencies and container images.

Image for post
Image for post
snyk.io

List of Advantages of Snyk :

  1. Code Security : Find and fix vulnerabilities in your application code in real-time during the development process.


Burp Suite is an integrated platform/graphical tool for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp Suite is installed by default in Kali Linux.

Image for post
Image for post

The tool is written in Java and developed by PortSwigger Web Security.

The tool has three editions:

  1. Community Edition

2. Professional Edition

3. Enterprise Edition

Pricing of the Editions :


Image for post
Image for post

Octopus Deploy is a single place for your team to manage releases, automate deployments, and automate the runbooks that keep your software operating.

Octopus Deploy is an automated deployment server that makes it easy to automate deployment of ASP.NET web applications, Java applications, NodeJS application and custom scripts to multiple environments.

Azure DevOps will be handle the build/CI automation part of the process and will work with Octopus Deploy to handle deployment orchestration. The Octopus setup contains a central deployment server, along with “Tentacle” agents that run on any target VMs where deployment will take place.

Octopus Deploy has two…


Image for post
Image for post

Appknox is the worlds most powerful plug and play security platform which helps Developers, Security Researchers and Enterprises to build a safe and secure mobile ecosystem using a system plus human approach to outsmart smartest hackers.

Appknox has the ability to perform automated app security testing for Android and iOS mobile apps through the Appknox Platform.

mDevSecOps: Get DevSecOps for Mobile Application Security.

True DAST and Server Side Testing: With our true DAST, run your app in real devices also perform API Testing.

Mobile VAPT in less than 90 mins: Slash mobile app security testing cycles by 75% using Appknox’s automated security solution. …


Azure virtual machine scale set agents, hereafter referred to as scale set agents, are a form of self-hosted agents that can be autoscaled to meet your demands. This elasticity reduces your need to run dedicated agents all the time. Unlike Microsoft-hosted agents, you have flexibility over the size and the image of machines on which agents run.

Create the scale set :

In preparation for creating scale set agents, we must first create a virtual machine scale set in the Azure portal.

We create the virtual machine scale set in a certain way so that Azure Pipelines can manage it, we must disable Azure’s autoscaling so that Azure Pipelines can determine how to perform scaling based on number of incoming pipeline jobs. …


This article provides instructions for running your Azure Pipelines agent in Docker. You can set up a self-hosted agent in Azure Pipelines to run inside a Windows Server Core (for Windows hosts), or Ubuntu container (for Linux hosts) with Docker. This is useful when you want to run agents with outer orchestration, such as Azure Container Instances. In this article, you’ll walk through a complete container example, including handling agent self-update.


Azure Application Insights Troubleshooting guides helps us to solve common problems with our application. we can customize and create new troubleshooting guides to help our team solve issues specific to our own applications.

Image for post
Image for post

To get started, choose a troubleshooting guide or template below. Or, choose ‘Open’ to open an existing troubleshooting guide.

  1. Login to https://portal.azure.com
  2. Create a sample webapp and Application Insights for the webapp
  3. Then do a basic deployment to the webapp and then we can start tracking the logs on the Application Insights.
  4. Then we need to go to Application insights and if we need to troubleshoot with this preview mode , click on the below option called as “Troubleshooting guides (preview)”. …

Azure DevOps extension for Azure Command Line Interface (CLI), we can manage many Azure DevOps Services from the command line. CLI commands and we can enable streamlining of our tasks with faster and flexible interactive canvas, bypassing user interface workflows.

The Azure DevOps Command Line Interface (CLI) is available for Azure DevOps Server 2020 and Azure DevOps Services.

Image for post
Image for post

We need to do the following to implement the Azure Devops CLI on our system.

  1. Install Azure CLI: Follow the instructions provided in Install the Azure CLI to set up your Azure CLI environment. At a minimum, your Azure CLI version must be 2.10.1. …


Azure DevOps Server (formerly Team Foundation Server (TFS) and Visual Studio Team System (VSTS)) is a Microsoft product that provides version control (either with Team Foundation Version Control (TFVC) or Git), reporting, requirements management, project management (for both agile software development and waterfall teams), automated builds, testing and release management capabilities.

Azure DevOps Server is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing and release management capabilities. It covers the entire application lifecycle, and enables DevOps capabilities

Image for post
Image for post

Azure DevOps Server Installation Steps :

Share code, track work, and ship software using integrated software delivery tools, hosted on-premises

  1. Login to Azure portal (https://portal.azure.com). …


Azure Key Vault helps teams to securely store and manage sensitive information such as keys, passwords, certificates, etc.

It is a centralized storage which are safeguarded by industry-standard algorithms, key lengths, and even hardware security modules.

This prevents the disclosure of information through source code, a common mistake that many developers make.

Image for post
Image for post

Many developers leave confidential details such as database connection strings, passwords, private keys, etc., in their source code which when gained by malicious users can result in undesired consequences.

Access to a key vault requires proper authentication and authorization and with RBAC, teams can have even fine granular control who has what permissions over the sensitive data. …

About

Subramani Sundaram

Azure MCT | DevSecOps | Certified SRE | SAFe4 DevOps Practitioner | Azure 4x Certified | DevOps Institute Trainer | ITSM

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store