Release Date: 20/02/2022 | Issue: 125
CloudSecList is a weekly newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand curated by Marco Lancini.
Sponsor

Cloud Security Autopilot
Securing the cloud isn't easy, regardless of your team's size. It's not enough to just detect issues - they need to be investigated, context of environment understood, and then fixed.
Imagine if you could secure your cloud automatically. ARGOS finds, investigates and fixes cloud vulnerabilities - automatically, with safe rollback. We automated the most common security checks, so you don't have to.
Visualise exploitable issues with context - view the entire kill chain. Say good-bye to tedious and soul-sucking analysis - connect your cloud environment in minutes with a free 14-day trial.

This week's articles


imdsv2_wall_of_shame
#aws, #defend
List of vendors that do not allow IMDSv2 enforcement.


Managing Network Policies for namespaces isolation on a multi-tenant Kubernetes cluster
#defend, #kubernetes
How to leverage the Hierarchical Namespace Controller (HNC) to ensure tenant isolation in a multi-tenant Kubernetes cluster.


sigstore, the local way
#containers, #develop, #supply-chain
How to build the sigstore stack (cosign, rekor, fulcio) on your machine and use it to sign and verify container signatures without ever leaving localhost.


Open Policy Agent 101: A Beginner's Guide
#explain, #opa
Best practices for starting your OPA journey.


Secure Azure Cosmos DB access by using Azure Managed Identities
#azure, #defend, #iam
How to use Azure RBAC to connect to Cosmos DB and increase the security of your application by using Azure Managed Identities.


10 ways of gaining control over Azure function Apps
#attack, #azure
Some techniques for taking over Azure Function Apps.

Tools


serverless-registry-proxy
Serverless reverse proxy for exposing container registries (GCR, Docker Hub, Artifact Registry etc) on custom domains.


vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose.


ghostbuster
Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts. You can also refer to the companion blog post.


IAM Legend
AWS IAM actions autocomplete, documentation and wildcard resolution for Visual Studio Code.

Sponsor CloudSecList

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
📨 [email protected] 📨

From the cloud providers


AWS Icon  AWS Security Fundamentals (Second Edition)
Learn fundamental AWS cloud security concepts, including AWS access control, data encryption methods, and how network access to your AWS infrastructure can be secured.


AWS Icon  Top 2021 AWS Security service launches security professionals should review
An overview of some of the most important 2021 AWS Security launches that security professionals should be aware of.


AWS Icon  How to secure API Gateway HTTP endpoints with JWT authorizer
Step-by-step guidance for setting up JWT authorizers using Amazon Cognito as the identity provider, configuring HTTP APIs to use JWT authorizers, and examples to test the entire setup.


AWS Icon  How to Audit and Report S3 Prefix Level Access Using S3 Access Analyzer
You can use Access Analyzer for S3 to identify S3 buckets within your zone of trust (Account or Organization) that are shared with external identities.


GCP Icon  Here's what to know about changes to kubectl authentication coming in GKE v1.25
Starting with GKE v1.25, you will need to download and use a new kubectl plugin called "gke-gcloud-auth-plugin" to authenticate to GKE.


GCP Icon  Control access to microservices with gRPC and Traffic Director
Traffic Director now supports client authorization for proxyless gRPC services, so you can centrally control gRPC microservice access.


GCP Icon  Protecting from DNS exfiltration in GCP
Use Cloud DNS in GCP to protect against DNS exfiltration threats.


Azure Icon  Now available: CIS benchmarks for Kubernetes
AKS now meets CIS benchmark standards for Kubernetes.

Thanks for reading!

If you found this newsletter useful and interesting, and know other people who would too, I'd really appreciate if you could forward it to them 📨

If you have questions, comments, or feedback, just reply to this email or let me know on Twitter @lancinimarco!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share
Website
Twitter
View this email in your browser © 2019-present, CloudSecList by Marco Lancini.