This week's articles
Integrating threat modeling with DevOps
#strategy
Reflections on how it is possible to adopt threat modeling more effectively and efficiently, integrating it with modern DevOps methodologies and tools, and focusing on the value provided to all the various actors involved with the Software Development Lifecycle.
threatmodel-for-azure-storage
#azure, #defend
A library of all the attack scenarios on Azure Storage, and how to mitigate them following a risk-based approach.
Restricting cluster-admin Permissions
#defend, #iam, #kubernetes
The cluster-admin ClusterRole gives the user access and permission to do all operations on all resources in the cluster. What if we need to block an action performed by cluster admins? We can't do it with RBAC, it only allows for adding of permissions, not taking them away.
|
|
Tools
nomulus
Top-level domain name registry service on Google App Engine.
secrets-patterns-db
An open-source database for detecting secrets, API keys, passwords, tokens, and more.
|
|
Sponsor
Automating your security compliance with Vanta helps you get audit-ready fast. Now, we also have an exclusive program where we'll work closely with a small number of companies to help you get your SOC 2 Type I in just 10 days. A SOC 2 Type I can help you close more deals, hit your revenue targets, and start laying a foundation of security best practices. Due to the white glove support, spots in this program are extremely limited. Complete the form to learn more and see if you qualify.
|
|
|
From the cloud providers
Rapid Vulnerability Detection overview
Rapid Vulnerability Detection, a built-in service of Security Command Center Premium, is a zero-configuration network and web application scanner that actively scans public endpoints to detect vulnerabilities that have a high likelihood of being exploited, such as weak credentials, incomplete software installations, and exposed administrator user interfaces.
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌 If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|