Release Date: 19/01/2020 | Issue: 20
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

This week's articles

What I Learned Watching All 44 AppSec Cali 2019 Talks
@clintgibler watched, analyzed, and summarized every talk from AppSec Cali 2019 and wrote detailed summaries for each one of them. This post is a great source of information covering DevSecOps, scaling security, threat modeling, building a security program, & more. All from one of the best security conferences currently in the industry.

So you're interested in container security but not sure where to get started?
Here's a YouTube playlist of some great talks for you to get up to speed.

Istio as an Example of When Not to Do Microservices
A micro-services approach may be appropriate when the culmination of an application’s architecture has become a bottleneck (as a result of the various people/process/tech factors) for making changes and "going faster", but it is not the only approach.

How to Monitor the Kubernetes API Server
Learning how to monitor the Kubernetes API server is of vital importance when running Kubernetes in production. Monitoring kube-apiserver will let you detect and troubleshoot latency, errors, and validate the service performs as expected. This post covers how you can collect the most important metrics from the kube-apiserver and use them to monitor this service.

Elastic Cloud on Kubernetes (ECK) 1.0 is now generally available
ElasticCloud on Kubernetes (ECK) is now generally available. With ECK, users have a seamless way to deploy, manage, and operate the ElasticStack on Kubernetes.

Announcing General Availability of CloudSploit for GCP
Aqua Security announced the general availability of CloudSploit for Google Cloud Platform (GCP). This release also includes a Center for Internet Security (CIS) benchmark certification for GCP (more on this in the CSP-related section).

Announcing the Kubernetes bug bounty program
The Kubernetes Product Security Committee is launching a new bug bounty program, funded by the CNCF, to reward researchers finding security vulnerabilities in Kubernetes.

From the cloud providers

AWS Icon  Consistent OIDC authentication across multiple EKS clusters using Kube-OIDC-Proxy
Kube-OIDC-Proxy is an open source reverse proxy that enables OIDC authentication to various backends. In the case of EKS, it can be used for OIDC authentication to multiple EKS clusters using the same user identity given by a third party provider. This post will explore how Kube-OIDC-Proxy works, how to deploy it into multiple EKS clusters and how to leverage other open source tooling to provide a seamless authentication experience to end users.

GCP Icon  Exploring container security: Announcing the CIS Google Kubernetes Engine Benchmark
Google released a CIS GKE Benchmark (a subset of the Kubernetes Benchmark) that removes what you're not responsible for and is specific to GKE. For the CIS GKE Benchmark, there's Security Health Analytics, a security product that integrates into Security Command Center and that has built-in checks for several CIS GCP and GKE Benchmark items.

Azure Icon  Introducing Microsoft Application Inspector
Microsoft released an open source code analyzer called Microsoft Application Inspector to identify "interesting" features and metadata, like the use of cryptography, connecting to a remote entity, and the platforms it runs on.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.