This week's articles
What I Learned Watching All 44 AppSec Cali 2019 Talks
@clintgibler watched, analyzed, and summarized every talk from AppSec Cali 2019 and wrote detailed summaries for each one of them. This post is a great source of information covering DevSecOps, scaling security, threat modeling, building a security program, & more. All from one of the best security conferences currently in the industry.
Istio as an Example of When Not to Do Microservices
A micro-services approach may be appropriate when the culmination of an application’s architecture has become a bottleneck (as a result of the various people/process/tech factors) for making changes and "going faster", but it is not the only approach.
How to Monitor the Kubernetes API Server
Learning how to monitor the Kubernetes API server is of vital importance when running Kubernetes in production. Monitoring kube-apiserver will let you detect and troubleshoot latency, errors, and validate the service performs as expected. This post covers how you can collect the most important metrics from the kube-apiserver and use them to monitor this service.
Announcing General Availability of CloudSploit for GCP
Aqua Security announced the general availability of CloudSploit for Google Cloud Platform (GCP). This release also includes a Center for Internet Security (CIS) benchmark certification for GCP (more on this in the CSP-related section).