4 min
IT Ops
Google Cloud DataFlow – A Game Changer?
So the biggest revolution in database and analytics technology – namely the
distributed batch processing technique known as MapReduce (and the associated
Hadoop-centric ecosystem that has built up around it) is a legacy technology
for one Silicon
Valley player. Last week Google announced the arrival of Google Cloud Dataflow –
a new service for cloud-based big data analytics that, Google says, supersedes
MapReduce.[
While various VCs and
1 min
Gartner calls for rebalancing security budgets: invest more in detection vs. prevention
In his talk last week at the 2014 Gartner Security and Risk Management Summit,
Gartner Analyst Neil McDonald said that when targeted attacks are considered,
traditional technologies like firewalls, intrusion detection and prevention
systems (IDS/IPS) and anti-malware tools fail in detection. That is because it's
hard to use them to detect attacks that nobody has seen before, hence have no
known signature.
Based on Gartner's security infrastructure model, McDonald points out that
companies are s
1 min
Incident Response
Top 3 Takeaways from the "Need for Speed: 5 Tips to Accelerate Incident Investigation Time" Webcast
In a thorough and detailed webcast earlier this week, we heard from michael
belton and Lital Asher - Dotan
on the increasingly urgent
subject, “Need for Speed: 5 Tips to Accelerate Incident Investigation Time
”. Meticulous and successful plans for efficient incident response can make or
break an organization after a
2 min
Scanning time machine: Reporting on a historical scan
In network security, the questions are urgent. Are we protected against malware?
Do we have protocols in place to prevent a hacker from breaking in?
Sometimes, however, you need to look back in time and see what the status was in
the past.
If you have been tracking a vulnerability and it finally goes away, you might
want to check the information in a past scan and compare it to changes in your
environment.
Another reason you might want to report on a historical scan is an audit. If you
are re
3 min
IT Ops
Smart Integration Testing with Dropwizard, Flyway and Retrofit
It’s widely understood that increasing the scope and complexity of a piece of
software almost always dramatically increases the effort required to verify it.
Verification typically entails testing the behavior of the new feature, plus
ensuring no existing functionality has been adversely affected.
Because this kind of testing can quickly become painful for even the simplest of
components, and because at Logentries
3 min
IT Ops
Why You Should Analyze Your Logs When Load Testing
We recently hosted awebinar about running load tests
(with BlazeMeter ) and then analyzing the log data
generated on the application under test (with Logentries
). We had a great response and I wanted to share a few more thoughts about why
load and stress testing your applications is an important step in understanding
how your systems will behave in production when incr
1 min
IT Ops
How to Run JMeter Tests for 500k Users & Analyze Log Data Results
Logentries recently co-hosted a webinar with BlazeMeter
on advanced JMeter testing for 500,000+ users. The webinar had almost 1,000
registrants, and focused on helping users understand what’s happening on
their systems during load testing; identify any warnings or exceptions being
thrown; and how to use log data to analyze performance under this load level.
In this webinar, Logentries co-founder Trevor Parsons and BlazeMeter DevOps Team
Leader Refael Botbol covered how
3 min
IT Ops
Correlating Logs and Server Metrics...Finally!
Server resource usage information is a key data point that is critical for any
Operations/DevOps team. I like to think of server resource usage information as
analogous to the dashboard of your car — it can tell you if you are running out
of gas or if something is overheating your system. Similarly, if you keep a
record of your server metrics you can also use them to investigate and debug
issues in your systems, understand performance trends as well as use in capacity
planning over time.
4 min
IT Ops
Debugging Rails with Logs
This article was written by Jack Kinsella, a Logentries customer based in
Berlin. Jack owns Oxbridge Notes and co-founded Bolivian Express. Below Jack has
shared an excerpt from his writings on A Comprehensive Guide to Debugging Rails.
Seasoned Rails pros will have interpreting logs down second nature, but I’ll
outline the important realizations I had as a beginner for the sake of the
version of me out there who is new to Rails development. Whenever you visit a
page/fill a form/do an Ajax reque
4 min
Exploits
You have no SQL inj--... sorry, NoSQL injections in your application
Everyone knows about SQL injections. They are classic, first widely publicized
by Rain Forest Puppy, and still widely prevalent today (hint: don't interpolate
query string params with SQL).
But who cares? SQL injections are so ten years ago. I want to talk about a
vulnerability I hadn't run into before that I recently had a lot of fun
exploiting. It was a NoSQL injection.
The PHP application was using MongoDB, and MongoDB has a great feature
2 min
Microsoft
Patch Tuesday, June 2014
Patch Tuesday, June 2014 delivers seven advisories, of them, two critical, five
important – one of which is the seldom seen “tampering” type.
The remarkable item in this month's advisories is MS14-035, the Internet
Explorer patch affecting all supported versions. That in itself is not unique,
we see one of these almost every month, but this time the patch addresses 59
CVEs, that is 59 distinct vulnerabilities in one patch! Microsoft asserts that
while two of the vulnerabilities (CVE-2014-1770
2 min
Kali-lujah! Nexpose now supports Kali Linux
2017 Update: Our Kali support in Nexpose was deprecated some time ago. For
information on supported operating systems and all things Nexpose, see our help
site or reach out to your CSM.
Pen testers and Kali Linux lovers, get your Nexpose on!
Now you can install Nexpose on the same platform you use for everything else! As
of the Nexpose 5.9.13 release, Kali Linux is now an officially supported
operating system. You can now install Nexpose on Kali Linux 64-b
2 min
IT Ops
Collecting and Analyzing Logs from Your Java Application
le_java is one of several libraries that allow you to send log data directly to
your Logentries account from your application. le_java supports both the log4j
and logback logging libraries in java, and can be configured to work with
either – in just a few steps! (Check out:
github.com/logentries/le_java/blob/master/README.md
for our complete
tutorial.)
Once you have your application send
1 min
Metasploit
Top 3 Takeaways from "7 Ways to Make Your Penetration Tests More Productive" Webcast
Earlier this week we heard from ckirsch
, Senior Product Marketing Manager
for Metasploit at Rapid7, on the pressure penetration testers are facing. (Hint:
it's a lot!). With the increase in high profile breaches and their costs, more
and more emphasis is being put on the pen tester and security in general. Read
on if you'd like to get the top takeaways from this week's webcast so that you
aren't left in the dark about, "7 Ways to Make Your Penetratio
2 min
Joining the Rapid7 Team!
If I was asked to pick one word that encompasses the reason I decided to join
Rapid7 as a Security Consultant and Researcher it would be community. After
seeing two of my colleagues, Trey Ford and Nick Percoco, join the ranks of
Rapid7 over the last several months I knew that something special was happening,
and curiosity being what it is, I started to do some research into what Rapid7
was about. Sure, there are all the wonderful technology they provide and the
range of security products they o