# Application Deployment and Security

Exam topics covered:
4.1 Diagnose a CI/CD pipeline failure (such as missing dependency, incompatible versions of components, and failed tests)  

4.2 Integrate an application into a prebuilt CD environment leveraging Docker and Kubernetes

4.3 Describe the benefits of continuous testing and static code analysis in a CI pipeline

4.4 Utilize Docker to containerize an application

4.5 Describe the tenets of the "12-factor app"

4.6 Describe an effective logging strategy for an application

4.7 Explain data privacy concerns related to storage and transmission of data

4.8 Identify the secret storage approach relevant to a given scenario

4.9 Configure application specific SSL certificates

4.10 Implement mitigation strategies for OWASP threats (such as XSS, CSRF, and SQL injection)

4.11 Describe how end-to-end encryption principles apply to APIs

## Storing Secrets

Common Strategies:
1. Use an interactive prompt to request secret information at run time

2. Store secrets in environment variables on the machine and import them at run time

3. Use OS-specific key storage such as MacOS Keyring

4. Encrypted vault files such as Hashicorp Vault.  




## Mitigating OWASP Threats

Common threats:
1. SQL Injection - attacker attempts to exploit the server by injecting code into fields while doing an HTTP PUT or POST. If the fields do not have good input validation protection, this can result in allowing the attacker to run unauthorized commands against the database

Mitigation: Implement strong input validation and use an ORM since it will not pass arbitrary commands to the database. 

2. Cross-site Scripting (XSS) - The attacker plants malicious code on a legitimate web site. The client browser will execute the code when they access the site.  This will allow the attacker to access all sessions that the browser has open.

Mitigation:  Escape the input such that even if there is code, it is represented as a string. Also validate and sanitize the user input. 

3. CSRF (Cross-Site Request Forgery) - Attack where a malicious web site accesses a site in a separate browser or browser tab.  Ex. When posting to a blog site, the post requests accesses a banking site open in another tab. 

Mitigation: Add hashes to web forms, and use the HTTP Referer to ensure requests are coming from the original site and not cross-site. The `flask-WTF` module can be used to add CSRF support to a Flask web site.  

```
from flask_wtf.csrf import CSRFProtect

csrf = CSRFProtect(app)

app.secret_key = os.urandom(24)
```
The HTML template also needs to be updated to include the CSRF token.
Example:
```
<form action"" method= "post">
  <input type="hidden" name="csrf_token" value={{ csrf_token() }}"/>
```




## The 12-Factor App

https://12factor.net

1. Codebase - always tracked in version control system such as Git. Many deploys (running instances of the app).  Ex. Prod, Staging, Dev, QA, etc. 

2. Dependencies - explicitly declare and isolate dependencies.  Never rely on existence of system-wide packages.  Ex. Use Python pip in a virtual environment. 

3. Config - Separate config from code. 

4. Backing Services - treat backing services such as databases, messaging/queuing systems, SMTP, or caching as attached resources.  The app shouldn't care if a database is local or across the network, how the database connection is made should be stored in the config. 

5. Build, Release, Run - separate build and run stages.  Build creates the executable and packages the code with all dependencies.  The release stage takes the build and combines it with the current config.  The run stage executes the app.  Releases should be versioned and are immutable. Any change requires a new build and subsequent release. 

6. Processes - should be stateless and share-nothing.  Data that needs to persist must be stored in a database.  

7. Port binding - the app is completely self-contained, including any necessary services to expose the app.  For example,  the web server is built into and deployed alongside the app. 

8. Concurrency - scale out via the process model.  

9. Disposability - processes can be started or stopped at a moment's notice.  Minimize startup time and shut down gracefully. 

10. Dev/prod parity.  Keep development, staging, and production as similar as possible.  Small time between deploys having developers who are also the deployers lends to this. 

11. Logs.  Each process should write its event stream to stdout. The stream can be sent to a file and watched in realtime using tail -f.  

12. Admin processes. Run one-off admin processes in the identical environment as the rest of the app.  Admin code must ship with application code. 



## SSL Certificates

- protects transit data flows using trusted certificates
- provides Confidentiality and Integrity
- Confidentiality means that the data cannot be read while it is in transit
- Integrity means that the data cannot be modified while in transit
- SSL has been obsoleted by TLS

Authentication Process

1. Client sends request to server on TCP 443
2. Server provides its certificate that contains its public key and some metadata
3. Client checks that the certificate provided by the server is a valid signed certificate against a trusted Certificate Authority
4. Client responds with data that is encrypted using the servers public key (sometimes called the premaster key)
5. Both devices compute the symmetric key and this is used to encrypt data in both directions

To generate a self-signed certificate for an application, the openssl command can be used:

```
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 \
- subj "/C=US/ST=North Carolina/L=RTP/O=Cisco/CN=demo.cisco.com" \
-keyout key.pem -out cert.pem
```

The certificate and key can then be added as a tuple to the ssl_context argument of the app.run() method of Flask.

```
sslctx = ("cert.pem, "key.pem")

app.run(host="0.0.0.0", debut=True, ssl_context=sslctx)
```
