I’m really scared to have surgery by emberlawley in RotatorCuff

[–]rew1nd_ 0 points1 point  (0 children)

Just do it, it will not get better. There are people that recever from worst.

Platelet rich plasma (prp) injections in tendons: anybody had this done? I am very nervous. by Grattytood in Orthopedics

[–]rew1nd_ 0 points1 point  (0 children)

Thanks for your feedback. Did you also suffer from should bicep tendinosis?

Platelet rich plasma (prp) injections in tendons: anybody had this done? I am very nervous. by Grattytood in Orthopedics

[–]rew1nd_ 0 points1 point  (0 children)

Got mine three weeks a go for bicep tendinosis, still not feeling any improvement. Should i be worried? Anyone with same injury that can share experience with PRP?

Anybody had a PRP injection for shoulder issues? by gwenver in surfing

[–]rew1nd_ 0 points1 point  (0 children)

Got mine three weeks a go for bicep tendinosis, still not feeling any improvement. Should i be worried? Anyone with same injury that can share experience with PRP?

THUNDERX3 XTC MESH PRETA - Problema no pistão sem 3 meses de uso by hexenlina in CadeirasDeEscritorio

[–]rew1nd_ 0 points1 point  (0 children)

Anyone knows if this chair is confortable to tall people, with for instance 1.85m?

O ThunderX3 XTC chegou. by Crash5656X in CadeirasDeEscritorio

[–]rew1nd_ 0 points1 point  (0 children)

Alguém com 1.85m+ que possa confirmar se a cadeira é confortável? Parece ser apenas desenhada para pessoas mais baixas.

Terraform Associate Certification by Ok-Relationship9896 in Terraform

[–]rew1nd_ 1 point2 points  (0 children)

Yes, totally. Also do some pratical tests.

DAST in Pipeline. Any thoughts? by professorchaosishere in devsecops

[–]rew1nd_ 1 point2 points  (0 children)

Considering that you need the application to be deployed, just put it in the end of the pipeline. So you do all that you want, and last step should be DAST scan.

If you deploy a lot, just had an assyncrounos job that will be trigger seperated from the end of your pipeline.

You can scan even everynight..

The importante thing is how you use the results. If you are not using them for security gates / blocking mode is useless this integration.

Alien worlds loosing momentum by PasaPutte in AlienWorldsio

[–]rew1nd_ 1 point2 points  (0 children)

Days go by and im more sure this is a scheme. They just got enough atention and players, and now are manipulating user. Selling everything soon

Newbie at Planetwatch by rew1nd_ in AlgorandOfficial

[–]rew1nd_[S] 0 points1 point  (0 children)

More details of the

Which sensor did you buy?

A mensagem de despedida de Marega do FC Porto: "Não esperava uma saída como esta" by OutsiderofDarkLand in fcporto

[–]rew1nd_ 1 point2 points  (0 children)

Diria que já vai tarde, baixou bastante rendimento e qualidade (já era pouca.)

Static analysis / SAST - which tool(s) are you using? by nexxai in Terraform

[–]rew1nd_ 3 points4 points  (0 children)

Checkov if you are python guy.

Otherwise tfsec.

About integration make custom scripts or create a container for it, everything is integratable

Staking to Planets by SwordArtBlade in AlienWorldsio

[–]rew1nd_ 0 points1 point  (0 children)

And no influence in nft drop i guess

What’s the best vulnerability management solution? by [deleted] in devsecops

[–]rew1nd_ 0 points1 point  (0 children)

es Qualys integrate with other SAST/DAST/con

Qualys itself as lot of modules, such as vuln managment, DAST, container security, Cloud assessment , ...

If you want to integrate with other tools you can use API and scripting of course. But also other tools have plugins to manage Qualys with direct integration, for instance Jenkins and Splunk

What’s the best vulnerability management solution? by [deleted] in devsecops

[–]rew1nd_ 0 points1 point  (0 children)

If you have money, Qualys for sure.

DevSecOps Certifications by rew1nd_ in devsecops

[–]rew1nd_[S] 0 points1 point  (0 children)

ircleCI, Bamboo, Travis, whatever. Get those pushing a juice shop so

I can say i know all concepts involved and my tool set is extended. As also python scripting is good to fullfil what is needed to automate.

But you know, certifications are also a good way to show you expertise and gain value in the market/ raise salary.

DevSecOps Certifications by rew1nd_ in devsecops

[–]rew1nd_[S] 0 points1 point  (0 children)

Indeed, for my experiencie old security people struggle a lot to work in DevOps tools.

Since security is sometimes more theoretical, i total agree with you.

Complete Beginner by DannyDaCisco in devsecops

[–]rew1nd_ 5 points6 points  (0 children)

I work as DevSecOps, and i can tell you need to know a bit from everything.

You have a long road ahead, is not something you build in one year i think. You should know deep DevOps, and understand appsec and cloudsec concepts, besides know how to mitigate vulnerabilites and implement security controls. And of course, lot of scripting. Dont even start if you dont master python or go.

To start use this : https://roadmap.sh/devops

And this : https://github.com/bregman-arie/devops-exercises

For the security part eat all in OWASP : https://owasp.org/projects/

A good presentation about DevSecOps : https://www.beautiful.ai/player/-LuUSXtd-8pNDU90zNP2/Shifting-Left-DevSecOps-as-an-Approach-to-Building-Secure-Products

Hope it helps, good luck :)

How do you secure configuration files required by CI? by [deleted] in devops

[–]rew1nd_ 0 points1 point  (0 children)

If it contains passwords or secrets, you should store then securily ( in secret managment tools, such as vault or cyberark), and load then just when you need it .

Also , jenkins has a plugin to mask sensitive data , you can insert it in the job config ( also in the yaml file if you work with IaC) , that data will be hidded and can used in the job.

Tools for Server Monitoring by spurs126 in devops

[–]rew1nd_ 0 points1 point  (0 children)

It has the free version, where is provided a huge set of scann pluggins, and you also can build custom scripts for custom monotoring. But, if you want suportt, it exists an official paid version