Release Date: 15/12/2019 | Issue: 16
The Cloud Security Reading List is a low volume mailing list (once per week) that highlights security-related news focused on the cloud native landscape,
hand curated by Marco Lancini.

This week's articles


The Githubification of InfoSec
This paper from John Lambert shows how a community-based approach of infosec can speed up learning for defenders. The tools are already there: attack knowledge curated in the MITRE ATT&CK framework, detection definitions expressed in Sigma rules, and repeatable analysis written in Jupyter notebooks form a stackable set of practices. If organizations were to contribute and share their unique expertise using these frameworks, and organizations were in this way to build on the expertise of others, defenders in every organization would benefit from the best defense in any organization.


Kubernetes Audit: Making Log Auditing a Viable Practice Again
This blog post from the CNCF examines how audit logs are configured and used in the Kubernetes world, what valuable information they contain, and how they can be utilized to enhance the security of a Kubernetes-based data center.


OPA Summit 2019 Recap
If you are an OPA (Open Policy Agent) user, then you won't want to miss their recap on the OPA happenings at KubeCon 2019. Within the article, many good talks are listed: from how Pinterest uses OPA, to how Chef uses OPA to implement IAM in Chef Automate, and how Goldman Sachs uses OPA to do policy-based provisioning in Kubernetes.


The GitOps Engine
Two of the biggest GitOps projects (Argo CD and Flux CD) are joining forces to create the ultimate GitOps solution. The first step on this journey is the GitOps Engine, which will be responsible for access to Git repositories, Kubernetes resource cache, manifest generation, resources reconciliation, etc.


detect-secrets
An enterprise friendly way of detecting and preventing secrets in code. However, unlike other similar packages that solely focus on finding secrets, this package is designed with the enterprise client in mind: providing a backwards compatible, systematic means of preventing new secrets from entering the code base, detecting if such preventions are explicitly bypassed, and providing a checklist of secrets to roll, and migrate off to a more secure storage.


HashiCorp Vault SSH CA and Sentinel
In this post, Hashicorp shows how to use, audit, and enforce policies on a SSH certificate authority workflow with Vault.


Dynamic Secrets with Terraform and Vault
This blog post is about how you can avoid any static secrets inside your infrastructure as code using Terraform and Vault’s dynamic secrets, and provides an example of Vault-generated dynamic secrets deployed via Terraform.


Announcing omnibot: a Slack proxy and Slack bot framework
Lyft just announced the initial open source release of omnibot: a Slack proxy, and Slack bot framework. Ultimately, omnibot is a Slack-specialized HTTP proxy. You can point all Slack apps at omnibot for event subscriptions, slash commands, and interactive components. omnibot routes those events to configured callbacks, whether the callbacks are within omnibot, or in another backend service.


Security release of Envoy 1.12.2 is now available
EnvoyProxy v1.12.2 has been released to address 3 vulnerabilities: 1 Critical (CVE-2019-18801), and 2 High (CVE-1019-18802, CVE-1019-18838). Update if you are impacted.

From the cloud providers


AWS Icon  How to get specific security information about AWS services
More than 70 AWS services now have a dedicated “security” chapter in their documentation. See the full list!


GCP Icon  Performing forensics on your GKE environment
Google recently published some guidance on how to collect and analyze forensic data in GKE, and how best to investigate and respond to an incident.

Website
Twitter
Buy me a coffee
View this email in your browser Copyright © 2019-present The Cloud Security Reading List.