One of the many challenges when building an application is ensuring that it's secure. Whether you're storing hashed passwords, sanitizing user inputs, or even just constantly updating package dependencies to the latest and greatest, the effort to attain a secure application is never-ending. And even though containerization has made it easier to ship better software faster, there are still plenty of considerations to take when securing your infrastructure as well.

In my last post, I talked about the evolution of infrastructure as code and its role in modern software development. To recap, let's take a quick look back at what an IaC process establishes: in a nutshell, IaC is a methodology that enables you to manage your servers and deploy your applications purely through code. Through some configuration language saved to a file, you define the resources and packages that servers need.

Infrastructure management has come a long way. (Mostly) gone are the days of manual configurations and deployments, when using SSH in a “for” loop was a perfectly reasonable way to execute server changes. Automation is a way of life. Configuration management tools like Chef, Puppet, and Ansible — once on the bleeding edge — are now used by most enterprises.