This week's articles
Mapping the Attack Surface from the Inside
Mercari sharing their experiences with creating a system to map the company's attack surface, discussing the difference between internal and external perspectives, as well as the pitfalls of relying on IaC.
#defend
#strategy
Repo Jacking: The Great Source-code Swindle
Snyk's research into Repo Jacking has shown the current measures provided by SCM providers are not always sufficient, and that the implications of abusing the way certain providers handle renaming organizations can result in significant problems for third-party ecosystems that rely upon SCM-hosted artifacts.
#attack
#ci/cd
Azure Run Command Forensics
A forensic analysis of Azure Run Command activities, focusing on how to detect and investigate potential misuse.
#azure
#monitor
|