My DevOps Story
I am Om Narayan graduate student at NYU majoring in Computer Science. I took this course to learn and practice DevOps software engineering culture by developing a project by exercising this culture. I hope to get acquainted with various tools used and their working which streamlines the operation of projects. I am curious to know about its evolution and reason behind it global acceptance in a diverse organization and. Its recently gained popularity has piqued my interest know how and why it has outscored and outperformed various traditional practices.
Moreover, I believe to expertise this practice by the end of this course which can make me professionally competent to stand out of crowd when I got out to a real-world.
This week work was to get acquainted with the tools like Docker used in Development and Testing purpose. I got a hands-on experience by installing Docker, running docker images inside a container and then building code inside it locally.
Week4 was more geared towards understanding the web-application from a security standpoint. We analyzed various upstream and downstream system and how they are connected and how they communicate. This helped in analyzing various attack surfaces of the system which was used to create threat-model.
We worked mostly to discover a way to attack the system. We went through various resources to gather information about tools which can help to automate the vulnerability discovery and a way to attack the system.
This week I worked on static code analysis of the application source code to check for vulnerability in source code. we will be updating team for the found vulnerability if any. This will help to mitigate vulnerability and potential attacks in early stage of development process.
This week work was mostly geared towards setting up envrionment for security testing of the web application. We were able to set up the ZMAP and point it to the web application.
This week we tested the vulnerability on the djanjo web application. We used automated tools ZAP which provided a comprehesnive report for potential vulnerability. This report will help developers to fix security bugs in the code.
This week we initiated the process of Network Penetration Testing to find the vulnerability. We are in reconnaissance phase for this week which essentially is building information about the Target in Scope.
This week is the second phase of Network Penetration Testing which is scanning to find any vulnerable port and services. We are also analyzing the network infrastructure of the system to find the topology and existence of NIDS/HIDS and firewalls. Our Next week target is to exploit any vulnerability if it is found.
We performed the scanning the application server to find any vulnerable port and services. We found mostly benign and legitimate services running on the server. We also checked for the presence or absence of firewall and we found there was one.
We perfomed scanning on the web server. We did not find any vulnerability, server is running only the required services. We also conluded that there are firewalls placed and the servers are secured.
This week task was to perfom analysis of various attack vectors in cloud envionment. We checked the configuration parameter of cloud infrastrcture hosting the static web application, sql server instance on cloud. We will be doing security testing on the cloud for the next week.
I spent more time this week in updating book review since. We had few findings during our security testing of clud and we communicated that to concerned team. I also went through some of the certification which should be completed for a cloud based security engineer.