A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
Attack Uses Docker Containers To Hide, Persist, Plant Malware (Threatpost, Jul 27 2017)
Abuse of the Docker API allows remote code execution on targeted system, which enables hackers to escalate and persists thanks to novel attacks called Host Rebinding Attack and Shadow Containers….
How to Secure AWS Deployments with SecureSphere WAF (Imperva Blog, Jul 27 2017)
This post explains the steps needed to deploy a SecureSphere WAF to protect an existing AWS-based web environment. Imperva also provides a quick-start deployment CloudFormation template which could be useful as a reference for automating the deployment process…
Cloud Security Mythbusters – Debunking the Top 5 Cloud Security Myths (Portnox, Jul 27 2017)
Whether you’re a fan of digital transformation or not, there’s no denying that the shift to the cloud is engulfing enterprise IT. …
How to Better Structure AWS S3 Security (Varonis Blog, Jul 26 2017)
If the new IT intern suggests that you install a publicly accessible web server on your core file server – you might suggest that they be fired. If they give up on that, but instead decide to dump the reports issuing from your highly sensitive data warehouse jobs to your webserver – they’d definitely be fired. But things aren’t always so clear in the brave new world of the cloud – where services like Amazon’s……
New: Server-Side Encryption for Amazon Kinesis Streams (AWS Blog, Jul 18 2017)
In this age of smart homes, big data, IoT devices, mobile phones, social networks, chatbots, and game consoles, streaming data scenarios are everywhere. Amazon Kinesis Streams enables you to build custom applications that can capture, process, analyze, and store terabytes of data per hour from thousands of streaming data sources. Since Amazon Kinesis Streams allows […]…
SIGGRAPH 2017: Microsoft Azure enables Secure Rendering with services and certs (Microsoft Azure Blog, Jul 31 2017)
At SIGGRAPH 2017 in Los Angeles, CA this week, Microsoft is demoing the latest in Azure-based rendering services and partner solutions, as well as showcasing a new security guide on safely bursting to the cloud for massive production scale. …
Container security: How Waratek blocks Java exploits (CSO Online Application Security, Jul 31 2017)
In general, container cybersecurity works by creating a virtual machine to host a protected application and then restricting what it can do to reach out of that container. Because of its reliance on virtual machines, containerization only recently became popular because of cloud computing, which also relies heavily on virtualization….
Move the Needle in DevOps with Continuous Testing (Blogs – DevOps.com, Jul 31 2017)
Shift-left testing, risk based testing, early testing and technical debt reduction are all predicted to be some of the most sought-after trends in product development life cycle. All of these can be achieved with continuous testing through DevOps, as it emphasizes quicker transitioning of quality products to production environment at a reduced business risk. …
Vor Security Brings OSS Index to Sonatype (DZone DevOps Zone, Jul 28 2017)
Our data research team is always on the lookout for ways to expand Nexus Lifecycle’s coverage with new sources and feeds of data. A little under a year ago, we stumbled across OSS Index.
Initially, we were intrigued by the coverage into ecosystems we had not yet fully researched. However, as we opened up a dialog and engaged in a formal relationship with Ken Duck, founder and CEO of Vor Security, the company behind OSS Index, it became apparent that this was not just another run-of-the-mill data aggregation feed….
Is the Cloud Moving Too Fast for Security? (Cloud Security Alliance Blog, Jul 28 2017)
As more businesses move to the cloud and as cloud services continue to grow, organizations must establish a unified set of cloud security and governance controls for business-critical SaaS applications and IaaS resources. …
Checkmarx Acquires Codebashing to Redefine Secure Coding Education (DevOps.com, Jul 27 2017)
Checkmarx announced its acquisition of Codebashing, an application security education company that delivers Game-like AppSec Training for Developers….