Infrastructure_as_Code_Patterns_and_Practices_With_examples_in_Python.pdf
12.8 MB
#testing
What should you learn to become a Quality Engineer? What languages should you pick up, what tools should you master, what skills should you practice? If someone was interested in this career, where would you tell them to start—what’s critical, what’s nice-to-have, and what is yesterday’s technology that is no longer relevant?
https://medium.com/slalom-build/quality-engineer-learning-roadmap-fddfcb77409e
What should you learn to become a Quality Engineer? What languages should you pick up, what tools should you master, what skills should you practice? If someone was interested in this career, where would you tell them to start—what’s critical, what’s nice-to-have, and what is yesterday’s technology that is no longer relevant?
https://medium.com/slalom-build/quality-engineer-learning-roadmap-fddfcb77409e
Medium
Quality Engineer Learning Roadmap
A beginner’s guide to the skills, tools, and technologies you need for a career as a Quality Engineer or SDET
👏1
#conference
EngX Community Day 2022 starting soon:
https://www.linkedin.com/events/engxcommunityday20226985509719029252096
Register and watch here:
https://wearecommunity.io/events/engx-community-day-2022
EngX Community Day 2022 starting soon:
https://www.linkedin.com/events/engxcommunityday20226985509719029252096
Register and watch here:
https://wearecommunity.io/events/engx-community-day-2022
Linkedin
EngX Community Day 2022 | LinkedIn
Hey EngXers!
Engineering Excellence (EngX) is your superpower!
EngX Community is organizing the second annual EngX Day Conference 2022, so you could get unique knowledge and broaden your awareness of engineering practices of latest trends, hands-on educational…
Engineering Excellence (EngX) is your superpower!
EngX Community is organizing the second annual EngX Day Conference 2022, so you could get unique knowledge and broaden your awareness of engineering practices of latest trends, hands-on educational…
Forwarded from Два огнеметчика и собака
- So, can you switch your logs to just go to stdout instead of file?
- Yeah, sure. So, orchestrator will pick them up?
- Right.
- And redirect them where?
- File.
- Yeah, sure. So, orchestrator will pick them up?
- Right.
- And redirect them where?
- File.
🔥1
Zero-Trust-K8s.pdf
599.7 KB
How the Zero Trust model improves the #security posture of #k8s infrastructure and prevents security incidents from damaging organization.
Find out:
* The key concepts and principles of the Zero Trust security model
* How Zero Trust improves the security posture
* The technical requirements for Zero Trust in Kubernetes
* How to apply Zero Trust best practices in Kubernetes environment
Find out:
* The key concepts and principles of the Zero Trust security model
* How Zero Trust improves the security posture
* The technical requirements for Zero Trust in Kubernetes
* How to apply Zero Trust best practices in Kubernetes environment
#security
Q: I am looking for some benchmarking/overview/comparison for SAST Tools to help to the customer with the selection. Maybe somebody has something like that? It must not be fancy. Even your personal opinion is appreciated here.
Right now I am preferring to have 2x tools witched in the pipeline one after the other:
* SonarQube/SonarCloud
* Snyk
Thanks a lot for every hint in advance!
A1: Personally I prefer SonarQube for it's easiness of use and configuration and plethora of plugins.
But SNYK would add you also DAST capabilities - so, maybe it should be your tool of a choice, as it effectively replaces 2 tools
A2: As a good starting point I'll recommend to read the following pages:
1. https://owasp.org/www-project-benchmark/
2. https://owasp.org/www-community/Source_Code_Analysis_Tools
3. https://www.nist.gov/itl/ssd/software-quality-group/samate/static-analysis-tool-exposition-sate
4. https://www.gartner.com/reviews/market/application-security-testing
Q: I am looking for some benchmarking/overview/comparison for SAST Tools to help to the customer with the selection. Maybe somebody has something like that? It must not be fancy. Even your personal opinion is appreciated here.
Right now I am preferring to have 2x tools witched in the pipeline one after the other:
* SonarQube/SonarCloud
* Snyk
Thanks a lot for every hint in advance!
A1: Personally I prefer SonarQube for it's easiness of use and configuration and plethora of plugins.
But SNYK would add you also DAST capabilities - so, maybe it should be your tool of a choice, as it effectively replaces 2 tools
A2: As a good starting point I'll recommend to read the following pages:
1. https://owasp.org/www-project-benchmark/
2. https://owasp.org/www-community/Source_Code_Analysis_Tools
3. https://www.nist.gov/itl/ssd/software-quality-group/samate/static-analysis-tool-exposition-sate
4. https://www.gartner.com/reviews/market/application-security-testing
owasp.org
OWASP Benchmark | OWASP Foundation
The OWASP Benchmark Project contains language specific test suites designed to evaluate the accuracy, coverage, and speed of automated software vulnerability detection tools.
👍1