This section tracks the operational side of building reliable services: delivery pipelines, observability, cost-aware infrastructure, and the security guardrails that keep them safe. Expect deep dives into CI/CD hardening, cloud-native patterns, and postmortems that highlight what worked as much as what failed.
Hardening Internal Tools Against XXE
Over the past quarter I have been helping our platform team refactor a configuration service that several delivery pipelines depend on. During that review I spotted an XML External Entity (XXE) injection vector that could have exposed environment variables and IAM credentials to any engineer with access to the internal UI. This post documents how we found the issue, why the existing pipeline tests missed it, and how we closed the gap without blocking deploy velocity. ...