IaC Security Refcard Learn Cloud DevOps best practices that are essential to securing your infrastructure as code in this DZone Refcard. Inside, you’ll see what makes some IaC practices more secure than others and find out how you can address security issues across the development lifecycle. The experts at DZone also cover:
The industry movement towards SBOMs needs material interventions to be usable at scale for exceedingly basic use cases. This post hopes to begins a discussion at the industry level that brings us closer to our desired state and to challenge the notion of what that desired state even is.
A long-standing request from the Kubernetes community has been to have a programmatic way for end users to keep track of Kubernetes security issues (CVEs). Accompanying the release of Kubernetes v1.25, such feed is now an alpha feature.
This guide outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer's workflow. This paper is split into two parts: a solution-agonistic set of practices and a maturity model-based implementation guide.
Secureworks researchers analyzed how the protocols used by Pass-Through Authentication (PTA) could be exploited. The result? A compromised PTA agent certificate gives threat actors persistent and undetectable access to a target organization.
CloudFox helps you gain situational awareness in unfamiliar cloud environments. It's an open source command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. You can also refer to the companion blog post.
Constellation is a Kubernetes engine that aims to provide the best possible data security. It wraps your K8s cluster into a single confidential context that is shielded from the underlying cloud infrastructure. Everything inside is always encrypted, including at runtime in memory.
Force CloudFormation to generate a tree view for any stack.
Cloud Security "Alert Fatigue": How to avoid it and prioritize what matters. It's near impossible to address the volume of potential sources for security alerts or findings. Everything from cloud threats, runtime events, compliance violations, pipeline or registry vulnerabilities - the list goes on. Where should you focus resources? Read this blog from Sysdig to learn how you can prioritize security alerts and focus on the ones that really matter.
SNS is launching a public preview of message data protection, a new set of capabilities for Amazon SNS Standard Topics that leverage pattern matching, machine learning models, and data protection policies to help security and engineering teams facilitate real-time data protection in their applications that use Amazon SNS to exchange high volumes of data.
How to set up an Amazon Elastic Kubernetes Service (Amazon EKS) cluster such that the applications hosted on the cluster can have their outbound internet access restricted to a set of hostnames provided by the Server Name Indication (SNI) in the allow list in the AWS Network Firewall rules.
Encrypting managed disks with cross-tenant customer-managed keys (CMK) enables you to encrypt managed disks with cross-tenant customer-managed keys using Azure Key Vault hosted in a different Azure Active Directory (AD) tenant.
Thanks for reading!
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌