本文の内容は、2024年11月25日に Alejandro Villanueva が投稿したブログ(https://sysdig.com/blog/26-aws-security-best-practices/)を元に日本語に翻訳・再構成した内容となっております。 セキュリティは、 AWS Foundational セキュリティベストプラクティスの基本的な柱です。セキュリティリスクを最小限に抑え、環境を保護するには、サービス別にまとめられた AWS セキュリティベストプラクティスに従うことが不可欠です。この構造化されたアプローチは、潜在的な脆弱性に積極的に対処し、堅牢で安全なクラウドアーキテクチャーを維持するのに役立ちます。 AWS IAM(1) IAMポリシーでは、フルの ” * ” 管理者権限を許可すべきではない (2) IAMユーザーにはIAMポリシーを添付してはならない (3) I
サーバーレスのセキュリティリスク - AWS Lambdaにおける脆弱性攻撃と対策 - GMO Flatt Security Blog
はじめに こんにちは、株式会社Flatt Security セキュリティエンジニアの森岡(@scgajge12)です。 本稿では、AWS Lambda で起こりうる脆弱性攻撃やリスク、セキュリティ対策を解説し、サーバーレスにおけるセキュリティリスクについて紹介します。 はじめに AWS Lambda について サーバーレスにおけるセキュリティリスク AWS Lambda で起こりうる脆弱性攻撃 Lambda での脆弱性攻撃によるリスク 脆弱性攻撃による更なるリスク OS Command Injection XML External Entity (XXE) Insecure Deserialization Server Side Request Forgery (SSRF) Remote Code Execution (RCE) AWS Lambda におけるセキュリティ対策 セキュリティ
はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
GitHub - modelcontextprotocol/servers: Model Context Protocol Servers
Official integrations are maintained by companies building production ready MCP servers for their platforms. 21st.dev Magic - Create crafted UI components inspired by the best 21st.dev design engineers. 2slides - An MCP server that provides tools to convert content into slides/PPT/presentation or generate slides/PPT/presentation with user intention. ActionKit by Paragon - Connect to 130+ SaaS inte
初めに 昨日のアップデートでAWS Lambdaは実行結果の返却値を一括の応答ではなくストリーミングな徐々に応答するようなことが可能となりました。 いざ日本語に直そうとすると微妙に難しいタイトルで実際の公式の翻訳がどうなるか次第では少しタイトルを調整するかもしれません。 これまでの方式ではLambdaの機能としては処理完了まで返却値を返すことができず、そういった機能が必要な場合はWebSocket等別の手段をユーザ側で実装する必要がありました。 今回のアップデートではTransfer-Encoding: chunked形式による返却に対応しHTTP/1.1の仕様の範囲内で徐々に値を返却できるようになりました。 またこの方式は応答サイズの上限が従来の6MBではなく20MBまでの対応となるためより大きなレスポンスを返すことができるようです。 Configuring a Lambda funct
![[アップデート]AWS Lambdaでストリーミングな応答が可能になりました | DevelopersIO](https://cdn-ak-scissors.b.st-hatena.com/image/square/0f56dd8a78cb4581e5d4138697f1d3be133b1f9e/backend=imagemagick;height=288;version=1;width=512/https%3A%2F%2Fdevio2023-media.developers.io%2Fwp-content%2Fuploads%2F2022%2F08%2Faws-lambda.png)
How modern browsers work
Note: For those eager to dive deep into how browsers work, an excellent resource is Browser Engineering by Pavel Panchekha and Chris Harrelson (available at browser.engineering). Please do check it out. This article is an overview of how browsers work. Web developers often treat the browser as a black box that magically transforms HTML, CSS, and JavaScript into interactive web applications. In tru
Just make it scale: An Aurora DSQL storyMay 27, 2025 • 3404 words At re:Invent we announced Aurora DSQL, and since then I’ve had many conversations with builders about what this means for database engineering. What’s particularly interesting isn’t just the technology itself, but the journey that got us here. I’ve been wanting to dive deeper into this story, to share not just the what, but the how
LogLog Games
The article is also available in Chinese. Disclaimer: This post is a very long collection of thoughts and problems I've had over the years, and also addresses some of the arguments I've been repeatedly told. This post expresses my opinion the has been formed over using Rust for gamedev for many thousands of hours over many years, and multiple finished games. This isn't meant to brag or indicate su
AWS Lambda Under the Hood
Transcript Danilov: We'll talk about AWS Lambda, how it's built, how it works, and why it's so cool. My name is Mike Danilov. I'm a Senior Principal Engineer at AWS Serverless. A decade ago, I joined EC2 networking team, and it was a fantastic ride. Then, five years back, I heard about Lambda. I really liked the simplicity of the idea. We run your code in the cloud, no servers needed, so I joined
The SaaS CTO Security Checklist Redux - Gold Fig — Peace of mind for infrastructure teams
Doing the basics goes a long way in keeping your company and product secure. This third1 edition of the SaaS CTO Security Checklist provides actionable security best practices CTOs (or anyone for that matter) can use to harden their security. This list is far from exhaustive, incomplete by nature since the security you need depends on your company, product, and assets. 🚀 Your employees Accustom e
June 5, 2023 by Dirk Bäumer VS Code for the Web (https://vscode.dev) has been available for some time now and it has always been our goal to support the full edit / compile / debug cycle in the browser. This is relatively easy for languages like JavaScript and TypeScript since browsers ship with a JavaScript execution engine. It is harder for other languages since we must be able to execute (and t
The Unix shell is over 50 years old, but it still defines how programmers use their computers. We type a few words in a terminal, and milliseconds later an ephemeral factory comes online: the Unix pipeline. Data streams through a network of simple programs working concurrently, like robots on the factory floor, executing a computational choreography we composed seconds ago. Its job done, the facto
GitHub Actions on AWS with CDK - NTT docomo Business Engineers' Blog
はじめに こんにちは、イノベーションセンターの福田です。 今回、開発環境改善の取り組みとして GitHub Actions の self-hosted runners を AWS 上に構築しました。 この構築で得られた知見について共有します。 概要 GitHub Actions は GitHub で CI/CD を手軽に実現する機能です。 GitHub が提供している環境を利用して、 CI/CD のジョブを実行できます1。 一方で、ハードウェア等をカスタマイズできないため、例えば容量が大きくより速度の早いストレージを利用したい場合や、より多くのメモリを利用したい場合に対応ができません。 そこで、GitHub Actions には self-hosted runners という機能があり、自身の環境で GitHub Actions の CI/CD ジョブを走らせる環境を用意できます。 今回は
You have to decide if you want to stick with the latest LTS version, or if you go with the latest feature release and upgrade every six months. Both options are okay, but if you’re uncertain, stick with the latest LTS version. The OpenJDK project itself is managed on openjdk.java.net where you can find specifications, source code, and mailing lists, but there are no builds that you can download. Y
AST vs. Bytecode: Interpreters in the Age of Meta-Compilation
233 AST vs. Bytecode: Interpreters in the Age of Meta-Compilation OCTAVE LAROSE, University of Kent, UK SOPHIE KALEBA, University of Kent, UK HUMPHREY BURCHELL, University of Kent, UK STEFAN MARR, University of Kent, UK Thanks to partial evaluation and meta-tracing, it became practical to build language implementations that reach state-of-the-art peak performance by implementing only an interprete
Parsing SQL - Strumenta
The code for this tutorial is on GitHub: parsing-sql SQL is a language to handle data in a relational database. If you worked with data you have probably worked with SQL. In this article we will talk about parsing SQL. It is in the same league of HTML: maybe you never learned it formally but you kind of know how to use it. That is great because if you know SQL, you know how to handle data. However
Prism in 2024
In Ruby 3.3.0, a new standard library was added to CRuby called Prism. Prism is a parser for the Ruby language, exposed as both a C library (optionally usable by CRuby) and a Ruby library (usable as a Ruby gem). The Prism project represents many person-years worth of effort, and is the result of a collaboration between Shopify, CRuby core contributors, other Ruby implementation authors, and Ruby t
AWS is aware of the recently disclosed issues relating to the open-source Apache “Log4j2" utility (CVE-2021-44228 and CVE-2021-45046). Responding to security issues such as this one shows the value of having multiple layers of defensive technologies, which is so important to maintaining the security of our customers’ data and workloads. We've taken this issue very seriously, and our world-class te
The critical vulnerability in Apache’s Log4j Java-based logging utility (CVE-2021-44228) has been called the “most critical vulnerability of the last decade.” Also known as Log4Shell, the flaw has forced the developers of many software products to push out updates or mitigations to customers. And Log4j’s maintainers have published two new versions since the bug was discovered—the second completely
The real 0.5 was the friends we made along the way The long-awaited release of Neovim v0.5.0 finally happened on July 2, 2021. It was worth the wait: With over 4000 commits, it is so big that it broke some of the release tooling. These notes focus on the most user-visible improvements, of which the biggest are: Lua as a first-class scripting and configuration language, Language server protocol (LS
GOMEMLIMIT is a game changer for high-memory applications | Weaviate
IntroRunning out of memory is never fun, but it's incredibly frustrating when you've already taken some precautions and calculated your exact memory needs. "My application requires 4GB of memory. How is it possible I ran out of memory on my 6GB machine!?". As it turns out, this was a real possibility in a garbage collected ("GC") language like Golang. The emphasis is on the word "was" because Go
Wasm core dumps and debugging Rust in Cloudflare Workers
Wasm core dumps and debugging Rust in Cloudflare Workers2023-08-14 A clear sign of maturing for any new programming language or environment is how easy and efficient debugging them is. Programming, like any other complex task, involves various challenges and potential pitfalls. Logic errors, off-by-ones, null pointer dereferences, and memory leaks are some examples of things that can make software
The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation | Datadog Security Labs
emerging threats and vulnerabilities The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation November 1, 2022 emerging vulnerability On November 1, 2022, the OpenSSL Project released a security advisory detailing a high-severity vulnerability in the OpenSSL library. Deployments of OpenSSL from 3.0.0 to 3.0.6 (included) are vulnerable and are fixed in
Node.js 16.x runtime now available in AWS Lambda | Amazon Web Services
AWS Compute Blog Node.js 16.x runtime now available in AWS Lambda This post is written by Dan Fox, Principal Specialist Solutions Architect, Serverless. You can now develop AWS Lambda functions using the Node.js 16 runtime. This version is in active LTS status and considered ready for general use. To use this new version, specify a runtime parameter value of nodejs16.x when creating or updating fu
ClamAV 1.0.0 LTS released
The ClamAV 1.0.0 feature release is now stable and available for download on ClamAV.net or through Docker Hub. ClamAV 1.0.0 includes the following improvements and changes. Major changesSupport for decrypting read-only OLE2-based XLS files that are encrypted with the default password. Use of the default password will now appear in the metadata JSON. GitHub pull request: https://github.com/Cisco-Ta
Everything you need to know about Python 3.13 – JIT and GIL went up the hill | drew's dev blog
Everything you need to know about Python 3.13 – JIT and GIL went up the hill All you need to know about the latest Python release including Global Interpreter Lock and Just-in-Time compilation. Table of Contents On 2nd October 2024, the Python core developers and community will release CPython v3.13.0 – and it’s a doozy. (Update: release has now been pushed back to 7th October.) So what makes this
やらなきゃ損!? 円安時代の AWS Graviton2 移行 - BIGLOBE Style | BIGLOBEの「はたらく人」と「トガッた技術」
AWS Fargate コンテナの Graviton2 移行について実例を交えてご紹介します。 こん**は。 新型コロナウイルス感染症は5類感染症に移行となりましたが、読者の皆様はお変わりなくお過ごしでしょうか。お久しぶりの投稿となります、プロダクト技術本部の江角です。 前回執筆させていただきましたGitログの記事では「ほぼフルリモート!」とお伝えしていましたが、近況に変化がありましたので少しお話できれば、と思います。 BIGLOBEは4月より組織改編等もあり、「リアルでの会話、議論を重視したい」という流れのもと、今までは疎らだったオフィスに人が戻って来つつあります。 私が今所属しているグループでは「会議が被る曜日はメンバーで出社を揃えよう」という試みも実施していたりします。 『ほぼフルリモートだと聞いていたのに全然違った!😡』ということが無いよう、あくまで直近のご報告とさせていただきま
A new JavaScript backend was merged into GHC on November 30th, 2022! This means that the next release of GHC will be able to emit code that runs in web browsers without requiring any extra tools, enabling Haskell for both front-end and back-end web applications. In this post, we, the GHC DevX team at IOG, describe the challenges we faced bringing GHCJS to GHC, how we overcame those challenges, and
Warning! This post was written in 2024 and was my first foray into Embedded Rust. Also, the actual ROM will not boot on real hardware because I made a mistake with the entrypoint; the code loads at 0x2000000 which is both within the secure area (which gets erased) and within the first 0x4000 bytes which is invalid. The ARM7 stub included also makes emulators behave poorly. Additionally, most of th
By Jun He, Natallia Dzenisenka, Praneeth Yenugutala, Yingyi Zhang, and Anjali Norwood TL;DRWe are thrilled to announce that the Maestro source code is now open to the public! Please visit the Maestro GitHub repository to get started. If you find it useful, please give us a star. What is MaestroMaestro is a horizontally scalable workflow orchestrator designed to manage large-scale Data/ML workflows
The State of Python 2025: Trends and Survey Insights | The PyCharm Blog
This is a guest post from Michael Kennedy, the founder of Talk Python and a PSF Fellow. Welcome to the highlights, trends, and key actions from the eighth annual Python Developers Survey. This survey is conducted as a collaborative effort between the Python Software Foundation and JetBrains’ PyCharm team. The survey results provide a comprehensive look at Python usage statistics and popularity tre
agent loop ���� �G�� You are Manus, an AI agent created by the Manus team. You excel at the following tasks: 1. Information gathering, fact-checking, and documentation 2. Data processing, analysis, and visualization 3. Writing multi-chapter articles and in-depth research reports 4. Creating websites, applications, and tools 5. Using programming to solve various problems beyond development 6. Vario
Embulk
Latest Versions Stable v0.11.5 Note that v0.11 is not fully compatible with v0.9. Several plugins for v0.9 would not work with v0.11. Take a look at this article for details. Past stable v0.9.25 Recent Articles Looking for long-term maintainers around the Embulk eco-system Shutting down dl.embulk.org Installing Maven-style Embulk plugins 'embulk gem install' may fail in Embulk v0.9: incompatibilit
データベースのER図を最新の状態に保ちつつ、いつでも閲覧できるようにした - SO Technologies 開発者ブログ
こんにちは、CTO室の丸山です。相変わらず某CTOからの無茶振りを捌いております。 今回は、今開発しているSaaSサービスのER図を、なるべく手をかけずに最新状態に保ちながら、いつでも閲覧できるようにするために実践したことをご紹介できればと思います。 前提環境 今回ご紹介する方法は以下の環境下で実現しています。 インフラ: GCP データベース: PostgreSQL データベースのスキーマ管理: sql-migrate CI/CD: Github Actions モチベーション 開発・データ分析を行う上で、データベースのスキーマ構造を俯瞰的に把握するための手段としてER図を書いているのですが、これを最新の状態に保ち続けるのは割と面倒であると常々感じていました。 そこで、Schemaspyを使用してデータベースのスキーマ構造からER図を生成するようにしたものの、以下のような手順をスキーマ構
Announcing Amazon CodeCatalyst, a Unified Software Development Service (Preview) | Amazon Web Services
AWS News Blog Announcing Amazon CodeCatalyst, a Unified Software Development Service (Preview) Today, we announced the preview release of Amazon CodeCatalyst. A unified software development and delivery service, Amazon CodeCatalyst enables software development teams to quickly and easily plan, develop, collaborate on, build, and deliver applications on AWS, reducing friction throughout the develop
Introduction to Go 1.19 The latest Go release, version 1.19, arrives five months after Go 1.18. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. Changes to the language There is only one small change to the language, a
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
正式リリースになった AWS SAM CLI の Terraform サポート機能を試す - kakakakakku blog
2023年9月5日に AWS SAM CLI の Terraform サポート機能が GA (正式リリース)になった👏 Amazon API Gateway や AWS Lambda 関数などサーバーレス関連のコンポーネントは Terraform で統一的に管理しつつも,AWS SAM CLI の開発支援機能(sam local invoke コマンドや sam local start-api コマンドでローカルデバッグ)は使いたい❗️という場面はあって非常に便利な組み合わせだと思う. aws.amazon.com 実際にどういう開発体験なのかを確認するために AWS ブログに載っていたサンプルを試してみる \( 'ω')/ aws.amazon.com 検証環境 今回は macOS 上で SAM CLI 1.97.0(最新)と Terraform 1.5.7(最新)を使う. $ sam
Build and Deploy Docker Images to AWS using EC2 Image Builder | Amazon Web Services
AWS DevOps & Developer Productivity Blog Build and Deploy Docker Images to AWS using EC2 Image Builder The NFL, an AWS Professional Services partner, is collaborating with NFL’s Player Health and Safety team to build the Digital Athlete Program. The Digital Athlete Program is working to drive progress in the prevention, diagnosis, and treatment of injuries; enhance medical protocols; and further i
OCI準拠のコンテナイメージとして提供するオフラインナレッジポータル (RHOKP) - 赤帽エンジニアブログ
Red Hatの小島です。 オフライン環境でもRed Hatの様々なナレッジを参照できるようにするためのオフラインナレッジポータル(Red Hat Offline Knowledge Portal. 通称RHOKP)の提供が、2025年5月に開始されました。 www.redhat.com RHOKPによってオフライン環境でナレッジが参照しやすくなるだけでなく、Red Hatの製品ドキュメントやナレッジベースなどに記載されている設定ファイルや実行コマンドのコピペをオフライン環境にあるシステム上でも実行しやすくなっています。オフラインの開発環境などで、ナレッジに記載されている設定ファイルや実行コマンドなどを色々試したいときに便利です。 本記事ではRHOKPの利用方法や、RHOKPのコンテナを例にしてPodmanのQuadletによるsystemdとの連携方法をご紹介します。 Red Hat O
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
本番環境で採用すべき26のAWSセキュリティベストプラクティス
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
[アップデート]AWS Lambdaでストリーミングな応答が可能になりました | DevelopersIO
Just make it scale: An Aurora DSQL story
Run WebAssemblies in VS Code for the Web
A Shell for the Container Age: Introducing Dagger Shell | Dagger
Which Version of JDK Should I Use?
Update for Apache Log4j2 Issue (CVE-2021-44228)
Inside the code: How the Log4Shell exploit works
Neovim News #11 - The Christmas Issue
JavaScript backend merged into GHC | IOG Engineering
Advent of Code on the Nintendo DS
Maestro: Netflix’s Workflow Orchestrator
Manus tools and prompts
Go 1.19 Release Notes - The Go Programming Language
0.10.0 Release Notes ⚡ The Zig Programming Language