I will be listing down my articles about K8s best practices here, so we will have one stop place to access all as I write more in future.

More to follow :)…

I will be writing few articles on Micro Services. However I would like to highlight few points on why we needed Micro Services and bit of history about it.

In order to truly understand where did the micro services come from, we must first understand what was before them and why it did not work.

Micro Services are a result of problems with two architecture paradigms.

  1. Monolith
  2. SOA (Service Oriented Architecture)


Standalone Monolith ;)

This is the original architecture. The ancestor of all other architectures we have today. Monolith is not necessary a bad thing. Some scenarios are best suited for monolith architecture…

Here we talk about the production stage in the software security and why it is such an important phase.

You might wonder why do we have this phase at all as system is already in production.

The goal of the production phase is to make sure the system is still secure even in production. Its not enough that the system is secure when it went live but it should continue to be secure.

We should continue to be vigilant and look for new security related threats and potential attacks.

System security is an on-going process that never ends. The system…

This is such an important phase in secure software development. We have to make sure that the system is really as secure as required. In other words, the goal of the testing stage is to make sure the system is really secure.

The system can be secured by architecture and of course we follow secure coding practices. But we have to make sure what we ended up is really secure.

There are two types of testing that are security related and must be performed to ensure the system is secure.

  1. Penetration Testing
  2. Load Testing

Penetration Testing

This is special type of testing…

This is the process of the integrating security and privacy considerations into the development life-cycle. Everyone who is involve in the actual development will be participated in this process.

What is SDLC?

SDLC stands for secure development life-cycle. Sometimes its called SDL. We should not confuse this with Software Development Lifecycle. That is completely different one.

SDLC is methodology developed by Microsoft in 2002. It integrates security and privacy throughout all phases of the development process. Lets understand the origin of SDLC.

Year 2000

The internet was booming. Windows 2000 is released. Windows XP Beta released. One of the main design goals of the Windows…

This is about we make sure we know what is going on with our application.

Also we should get notification when something suspicious happens. Also we can collect data for future analysis of the system’s behavior.

Why we need it?

This is great way for detecting attacks or suspicious activities or any similar. Logging and monitoring provides holistic view on the system. It can warn us against,

  1. Data leak
  2. Data loss
  3. Data inconsistency
  4. Disruption of Service

Note that logging and monitoring do not protect against threats but warn us against threats. …

What it is?

This is about making sure the data is protected as much as possible. Note that this is about protecting data. Most of the case there is nothing called 100% secure data. We should always try our best but can not assume we are fully protected.

Why do we need data security?

It is important to understand that data is the heart of the system. It is quite rare hackers wants to steal software code especially in this open source era. They want to steal the data or tamper them.

In this topic, we protect against,

  1. Data Leak
  2. Data loss
  3. Data inconsistency

How do we implement data security?

Basically we have two methods?


What it is?

It is about the process and steps to make sure that the application’s code is secure.

We need to educate developers on the importance of secure coding.

We usually want to educate developers on the importance of secure coding. Developers often hate to do that as being a developer, dealing with security is somewhat troublesome. Individually its unrewarding and most of the times hold developers back on the race to the deadline.

It is important to educate developers on how to do it and why we need to do it.

Adapt secure coding practices

Over the time the dev team and the organization is generally will become familiar with the threats and secure coding. They…

with authorization we basically allow or deny the things from performing an action or accessing data

What exactly is authorization? It is an answer to the question “what you can do?” What this actually means is assigning privileges to things. When we say things, it can be human, computer, software or anything else that should have privileges.

Lets look at some examples to make it clear.

We might grant privileges with authorization to someone so he/she can read data from database but we deny him/her from deleting data from the database.

We might allow app to access the add service request but we might deny access to read all service requests.

As you can see with…

Ishan Liyanage

Passionate Technical Lead, Senior Software Developer and free and open source software advocate

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store