Interview Bank
  • Interview Bank
  • Web
    • Persistent Connection and Non Persistent
    • CDN
    • Code Review
    • JWT
      • JWT vs Session Based Authentication
      • JWT Challenge
      • JWE
      • JWS
    • Content Security Policy (CSP)
    • Same-origin Policy (SOP)
    • Cross-Origin Resource Sharing (CORS)
      • Exploiting CORS
    • HTTP Strict Transport Security (HSTS)
    • SQL Injection (SQLi)
    • Password Encryption in Login APIs
    • API Security
      • API Principles
    • Simple bypass PHP
    • Server-side Template Injection (SSTI)
    • Javascript Object and Inheritance
    • HTTP/2
    • Cookie vs Local vs session Storage
    • XML External Entity (XXE)
    • What happened when enter domain name in browser
    • Prototype Pollution - Part 1
    • Prototype Pollution - Part 2
    • Nginx vs Apache
  • OT Security
    • Securing Operational Technology: Understanding OT Security
  • Quantum Computing
    • Quantum Computing: Unveiling the Cryptographic Paradigm Shift
    • Quantum Obfuscation: Shielding Code in the Quantum Era
  • DevSecOps
    • Continuous Integration/Continuous Deployment Pipeline Security
    • Chaos Engineering Overview
      • Security Chaos Engineering
    • Mysql VS redis
    • Kubernetes (k8s)
    • How MySQL executes query
    • REDIS
    • Difference between cache and buffer
  • Windows
    • Pentesting Active Directory - Active Directory 101
    • Pentesting Active Directory - Kerberos (Part 1)
    • Pentesting Active Directory - Kerberos (Part 2)
    • AD vs Kerberos vs LDAP
    • Active Directory Certificate Services Part 1
    • Unconstrained Delegation
    • AS-REP Roasting
    • NTLM Relay via SMB
    • LLMRN
    • Windows lateral movement
    • Constrained Delegation
    • Resource-Based Constrained Delegation
    • IFEO (lmage File Execution Options) Hijacking
  • UNIX
    • Setuid
  • Large Language Models (LLMs)
    • Tokens
    • LangChain
    • Integration and Security
  • Android
    • Keystore
  • Red team development
    • Secure C2 Infrastructure
    • P Invoke in c#
    • D Invoke
    • ExitProcess vs ExitThread
  • Blue Team
    • Indicators of Compromise
    • Methods to prevent Email domain spoofing
    • Windows Prefetching
  • CVE
    • XZ Outbreak CVE-2024-3094
    • Log4J Vulnerability (CVE-2021-44228)
    • SolarWinds Hack (CVE-2020-10148)
    • PHP CGI RCE (CVE-2024-4577)
    • Windows Recall
  • Software Architecture
    • Microservices
    • KVM
  • Docker
    • Overview
    • Daemon Socket
    • Tips to reduce docker size
  • Blockchain
    • Overview
    • Smart Contract
  • Business Acumen
    • Market Research Reports and Perception
    • Understanding Acquisitions
    • Cybersecurity as a Business Strategy
  • Cyber Teams
    • Introduction to Purple Teaming
  • Malware
    • Dynamic Sandbox Limitations
Powered by GitBook
On this page
  • Principle of Chaos Engieering
  • Practising Chaos
  • Benefits
  • Challenges
  • Tools
  • Interview Questions
  • Author
  • References
  1. DevSecOps

Chaos Engineering Overview

Principle of Chaos Engieering

Discipline of experimenting on system to build confidence in system's capability to withstand turbulent conditions in production.

Modern large-scale software systems are complex with many components and services functioning in a distributed system. Interactiosn between services can cause unpredictable outcomes that affect production environments.

Weaknesses in system need to be tested for improper fallback settings, unavailable services, outages from traffic overload, cascading failures from single point of failure and many more. Rigorous testing will measure stability of complex system in production deployment and areas to improve and deal with potential chaos.

Practising Chaos

  1. Define 'steady state' of measurable output of system indicating normal behaviour

  2. Hypothesise steady state in control and experiment group

  3. Introduce vairables of real world events like service failure, network overloading etc.

  4. Disprove hypothesis by viewing difference in steady state between control and experiment group

The more difficult it is to disrupt the steady state, there are more confidence in the system's resilience.

Benefits

  • Improved system resilience and reliability

  • Reduce revenue loss

  • Develop in-depth understanding of system

  • Improve failure recovery

Challenges

  • Risk of outages

  • Resource limitation

  • Requirement of robust monitoring systems

Tools

Interview Questions

  • How would you test for resilience in a system?

  • What is the difference between fault tolerance and resiliency?

  • What are the differences between load testing and chaos engineering?

Author

References

PreviousContinuous Integration/Continuous Deployment Pipeline SecurityNextSecurity Chaos Engineering

Last updated 1 year ago

🍞

Zheng Jie
Principle of Chaos Engieering
Splunk - Chaos Engineering
LogoGitHub - Netflix/chaosmonkey: Chaos Monkey is a resiliency tool that helps applications tolerate random instance failures.GitHub
LogoGremlin: Proactively improve reliabilitygremlininc
LogoLitmusChaos - Open Source Chaos Engineering PlatformLitmusChaos
LogoA Powerful Chaos Engineering Platform for Kubernetes | Chaos Mesh