Category: devops

Learn Cybersecurity for FREE

SecDevOps: Protecting Terraform state file

Terraform is one of the most used tools to deploy Infrastructure as a Service or IaaS for short, but we have to manage it in a secure way. Some developers add the terraform state file terraform.tfstate into the repository to share it among developers easily, which turns out to be a very bad idea as…
Read more

Docker trick: How to stop and remove all current containers

For some system maintenance: Or to delete everything that is not being used:

How to deploy Docker images on Google Cloud Run

We can easily run dockerized apps on Google Cloud using still beta Google Cloud Run. One thing to keep in mind is to specify $PORT variable inside our Dockerfile, by default Cloud Run always uses PORT 8080, but for portability reasons we will specify it as a variable: So we can deploy and run the…
Read more

Simple and vulnerable NodeJS app prone to Cross-Site Scripting (XSS) deployment with Google Cloud App Engine

I wrote a little script in node.js for a hands-on lab to test Cross-Site Scriptings (XSS). You can download it from my github: https://github.com/defensahacker/nodexss To deploy in Google Cloud App Engine: To start the project from a local system: Now visit the vulnerable website: