This week's articles
Security Overview of AWS Fargate
#aws, #containers, #defend
Amazon's own security overview of Fargate, which is helpful for new adopters and deepens understanding of Fargate for current users.
Where's my stuff on GCP?
#explain, #gcp
In 2018 GCP released a feature called Cloud Asset Inventory. It allows one to search for all your resources globally: "$ gcloud asset search-all-resources".
The OPA AWS CloudFormation Hook
#aws, #opa
Learn more about AWS CloudFormation Hook and how Open Policy Agent may be used for CloudFormation policy enforcement.
RBAC Explained with Examples
#explain, #iam, #kubernetes
Kubernetes RBAC tutorial with two examples, using ServiceAccounts and openssl to create separate contexts for users.
Abusing Azure Container Registry Tasks
#attack, #azure
How one Azure service supporting DevOps can start in a very solid "secure by default" state, but then quickly descend into a very dangerous configured state.
Your Favorite Software Repositories, Now Working Together
#announcement, #supply-chain
OpenSSF announced the creation of the Securing Software Repositories Working Group, a community collaboration with a focus on the maintainers of software repositories, software registries, and tools (like package managers) that rely on them, at various levels including system, language, plugin, extensions and container systems.
|
|
Tools
warpgate
Smart SSH bastion that works with any SSH client.
curiefense
Curiefense is a new application security platform, which protects sites, services, and APIs. It extends Envoy proxy to defend against a variety of threats, including SQL and command injection, cross site scripting (XSS), account takeovers (ATOs), application-layer DDoS, remote file inclusion (RFI), API abuse, and more.
bubblewrap
A container runtime tool aimed at providing unprivileged sandboxes.
|
|
Sponsor
Is manual evidence collection weighing your engineering team down? Level up your game and save 200+ hours with Drata's automated continuous compliance solution for SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, CCPA. Drata connects to your techstack with 60+ integrations, including AWS, GitHub, GCP, & more to automate the compliance process. Kickstart your compliance journey by requesting a demo and get 10% off๐
|
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐ If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|