This week's articles
AWS Well-Architected Security Labs
If you are looking for learning resources in AWS, look no more. This repository contains documentation and code in the format of hands-on labs to help you learn, measure, and build using architectural best practices. The labs are categorised into levels, where 100 is introductory, 200/300 is intermediate and 400 is advanced.
Applying Policy Throughout The Application Lifecycle with Open Policy Agent
This talk introduces OPA
, and then looks at applying Open Policy Agent tools throughout the application lifecycle. Practical examples include writing unit tests for Kubernetes configuration, defining a CI pipeline in code and testing that using OPA, gating deployments to the cluster using Gatekeeper, and auditing the cluster for security best practices.
Binary Authorization in Kubernetes
Video from Aysylu's talk on Binary Authorization in Kubernetes with Liron Levin at KubeCon San Diego 2019. The talk starts with an introduction to the concept of binary authorization and Kritis, an open-source solution for enforcing deploy-time security policies that ensures only trusted container images are deployed on Kubernetes. Then, it continues with a live demo of Kritis and Grafeas. Slides
are also available.
kube-scan: A free risk assessment tool for Kubernetes Workloads
is a security risk assessment tool that instantly tells you the security posture of your Kubernetes clusters. It runs as a pod inside your cluster, and it scans all your manifest files, analyses security settings and gives you a security score for your workloads through a Web UI. For each workload, it produces an explanation of the risk factors, what settings remediate or aggravate risks, and what the potential consequences are.
Time for announcements! fwd:cloudsec is a new, not-for-profit, traveling conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and generally the types of things cloud practitioners want to know, but that don't fit neatly into a vendor conference schedule. We're looking for talks from any practitioner who is responsible for securing a cloud service.