Release Date: 19/12/2021 | Issue: 118
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
๐ŸŽ„ Holiday Break ๐ŸŽ„
After this issue, I will probably take a couple weeks off to disconnect and recharge. CloudSecList will return in January!
Sponsor

Penetration testing software
Faraday allows you to automate every phase of your vulnerability management ecosystem. Now it is smoother than ever before. Our software integrates more than 80 scanning tools and automatically deduplicates repeated issues. From an elegant dashboard, tag and prioritize your vulnerabilities with ease. Automate repetitive tasks with agents and pipelines, and integrate security issues with your preferred workflow management tool. Our new version is cloud-based, which means you can get started right now as quickly as vulnerability management will call for you.
Scale your security team with Faraday.

This week's articles


How eBPF will solve Service Mesh - Goodbye Sidecars
How we can build an eBPF-based service mesh in the kernel to replace the complex sidecar model.   #design   #monitor


Cloud Security Remediation Guides
CloudSploit's remediation guides are intended to be an open-source resource for improving cloud security. Many cloud IaaS providers like AWS, Azure, and Google Cloud have a shared responsibility model. They provide the physical and architectural security, along with tools to properly secure the services they offer, but it is up to the user to configure those settings properly.   #aws   #azure   #defend   #gcp


Getting started with runtime security and Falco
How to get started with Falco to overcome the challenges of implementing runtime security for cloud-native workloads.   #explain   #falco


Determining AWS IAM Policies According To Terraform And AWS CLI
The process of granting the least privileges required to execute "aws s3 ls" and "terraform apply" by a CI/CD runner.   #aws   #explain   #iam


Istio OIDC Authentication
How Istio can be configured to manage the OpenID Connect (OIDC) authentication flow for applications running within the mesh to allow both authentication and authorisation decisions to be offloaded to Istio.   #build   #istio


(Typical) journey towards full GitOps
Post describing a typical journey towards GitOps with Flux.   #build


Evadere Classifications
Deep dive into the different types of evasion and bypasses an adversary will use during an attack chain.   #monitor

Sponsor CloudSecList

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
๐Ÿ“จ [email protected] ๐Ÿ“จ

Tools


cf-terraforming
Command line utility to facilitate terraforming your existing Cloudflare resources.


aws-cdk-github-oidc
CDK constructs to use OpenID Connect for authenticating your Github Action workflow with AWS IAM.


cdk-dia
Automated diagrams of CDK provisioned infrastructure.


magtape
MagTape is a Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against a set of defined policies to inform and enforce best practice configurations.

From the cloud providers


#AWS   Using CloudTrail to identify unexpected behaviors in individual workloads
A practical approach that you can use to detect anomalous behaviors within AWS workloads by using behavioral analysis techniques that can be used to augment existing threat detection solutions.


#AWS   Using AWS security services to protect against, detect, and respond to the Log4j vulnerability
Post providing guidance to help customers who are responding to the recently disclosed log4j vulnerability.


#AWS   Modernize your Penetration Testing Architecture on AWS Fargate
How you can use modern cloud technologies to build a scalable penetration testing platform, with no infrastructure to manage.


#GCP   Investigating the usage of GCP Service Accounts
Three GCP services to help you to investigate Google Cloud Service Account usage and mitigate against unintended consequences during key rotation.


#GCP   Continuous Compliance Engineering GCP case studies
Three real GCP controls framework technical examples for regulated FSI Google Cloud customers to help maintain security and compliance postures.


#AZURE   Ratify container supply chain in Kubernetes
Ratify is a container image and artifacts verification framework to approve deployments in Kubernetes. Ratify can use and coordinate any number of custom verifiers based on policy including signatures, SBOMs, and scan results.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini