LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Programming Foundations: Secure Coding

Unlock this course with a free trial

Join today to access over 24,700 courses taught by industry experts.

Deployment

Deployment

From the course: Programming Foundations: Secure Coding

Start my 1-month free trial Buy for my team

Deployment

“

- Deployment of code is one of the areas that gets ignored all too often when it comes to developing a secure coding plan. This is an unfortunate oversight as there are many ways to improve the security of your system at this point. One of the weakest points of secure deployments is how you manage the sensitive configuration of the components being deployed. The use of files on the file system or in startup scripts all too often count as secure enough, when in reality they fail. They expose significant attack vectors into your systems or the systems you depend on. There are however very powerful tools and patterns that can be leveraged to improve the secrecy and security of these sensitive data points. Some of the tooling has sophisticated APIs and startup routines that ensure your system will get its config and no one else can. If you're deploying to a containerized framework, you also likely have built-in support for secrets, so at least consider using those. Another step that seems…

Contents