Dapr july 2020 security audit reportIntroduction Scope Test Coverage Identified Vulnerabilities DAP-01-002 WP2: Insufficient context separation leads to RCE (High) DAP-01-003 WP1: HTTP Parameter Pollution through invocation (Low) DAP-01-004 WP1: Sidecar injector API exposes sensitive client certificates (High) DAP-01-005 WP2: Inadequate separation leads to cluster takeover (Critical) DAP-01-006 WP2: Cross-Site Request Forgery into local Dapr purpose of facilitating any future follow-up correspondence. DAP-01-002 WP2: Insufficient context separation leads to RCE (High) While analyzing the cluster configuration in scope, it was found0 码力 | 19 页 | 267.84 KB | 1 年前3- The Future of Cloud Native Applications
with Open Application Model (OAM) and Daprchoosing a platform is that we can maintain the size of our team." —CTO @ Handled Cloud + Edge Separation of concerns Application focused Application focused Container infrastructure Open Application Infrastructure operators can configure their environments to satisfy any unique operating requirements Separation of concerns Application Developer/Architect Traffic Management Canary Blue/Green A/B Auto0 码力 | 51 页 | 2.00 MB | 1 年前3
- OAM, Dapr and Rudr: The future of cloud native applicationsdefined roles for application developers, application operators, and infrastructure operators Separation of concerns Focuses on developers and applications, not on container infrastructure Application VolumeAttach CronJob Deployment ReplicaSet Pod Service Task Worker cron autoscale ingress canary Separation of concerns Allows application developers to focus on their code in a platform-neutral setting0 码力 | 59 页 | 1.65 MB | 1 年前3
共 3 条
- 1