#defend, #kubernetes

The OWASP Kubernetes Top 10 is aimed at helping security practitioners, system admistrators, and software developers prioroitze risks around the Kubernetes ecosystem. The Top Ten is a prioritized list of these risks backed by data collected from organizations varying in maturity and complexity.

#build, #kubernetes, #vault

A comparison of the native secrets management functionality of Kubernetes to HashiCorp Vault and how it is possible for HashiCorp Nomad to integrate with Vault vs Kubernetes+Vault integration.

#build, #kubernetes

How to restrict access to certain client source IPs for a service deployed to an AKS cluster.

#build, #iac

Learn how to operationalize your infrastructure as code security program with our rollout timeline and guidance for your first ninety days.

#announcement, #ci/cd

GitHub now supports SSH commit verification, so you can sign commits and tags locally using a self-generated SSH public key, which will give others confidence about the origin of a change you have made.

#announcement, #kubernetes

The release of Kubernetes v1.25 marks a major milestone for Kubernetes out-of-the-box pod security controls: Pod Security admission (PSA) graduated to stable, and Pod Security Policy (PSP) has been removed.

Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. It sanitizes your cluster based on what's deployed and not what's sitting on disk.

LazyTrivy lets you scan all your local images at once from the comfort of an OK UI using Trivy.

Scans SBoMs for security vulnerabilities.

A Kubernetes credential (exec) plugin implementing azure authentication.

AWS WAF Fraud Control - Account Takeover Prevention protects your application's login page against credential stuffing attacks, brute force attempts, and other anomalous login activities.

VPC Network Access Analyzer helps you understand potential network paths to and from your resources without having to build automation or manually review security groups, network access control lists (network ACLs), route tables, and Elastic Load Balancing (ELB) configurations.

How to apply resource tags on IAM roles and deploy serverless technologies on AWS to detect unused IAM roles and to require the owner of the IAM role (identified through tags) to take action.

Amazon CloudFront now offers Origin Access Control, a new feature that enables CloudFront customers to easily secure their S3 origins by permitting only designated CloudFront distributions to access their S3 buckets.

Google announced that Virtual Machine Threat Detection (VMTD) in Security Command Center is now generally available for all Google Cloud customers.

Google Cloud Certificate Manager can help users acquire and manage TLS certificates at scale for use with Cloud Load Balancing. Now in general availability, it includes Terraform automation and self-service ACME certificate enrollment.

How to restrict access to individually approved Google APIs using the Organization Policy Service and other network controls.

How Microsoft Defender for Cloud Apps data can help hunt and mitigate the risk of compromised subscriptions.