A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

The Beautiful Law of Demeter (DZone DevOps Zone, Nov 06 2017)
We all know, and I hope that we try, to apply the “rules” of Object Oriented Programming when we code. We want our code to be properly encapsulated, loosely coupled, robust, and reusable, and our application to be more scalable and maintainable. But all of those rules are a bit too abstract to apply them directly, and the decision on how to apply them is often led by our experience and intuition.

Misconfigured Amazon S3 Buckets Expose Users, Companies to Stealthy MitM Attacks (BleepingComputer, Nov 08 2017)
Hackers can exploit exposed Amazon S3 buckets to carry out silent Man-in-the-Middle attacks or other hacks on a company’s customers or internal staff.

New Amazon S3 Encryption & Security Features (AWS News Blog, Nov 06 2017)
AWS added five new encryption and security features to S3: Default Encryption, Permission Checks, Cross-Region Replication ACL Overwrite, Cross-Region Replication with KMS, and a Detailed Inventory Report.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Detecting in-memory attacks with Sysmon and Azure Security Center (Microsoft Azure Blog, Nov 02 2017)
In-memory attacks are on the rise and attracting increasing attention. In this post, Microsoft describes two in-memory attack techniques and show how these can be detected using Sysmon and Azure Security Center.

Is Kubernetes Now Bigger Than Docker? (Container Journal, Nov 08 2017)
Docker made containers famous. That can be easy to forget, however, because Kubernetes has now become the talk of the town—which is a big change from a few years ago, when Docker dominated the conversation.

Build an ultra-secure Microsoft Exchange Server (CSO Online, Nov 02 2017)
Yes, it’s possible to do a Microsoft Exchange Server deployment that is secure enough for all but the most sensitive information. Here’s how to do it.

DNSSEC now available in Cloud DNS (Google Cloud Platform Blog, Nov 07 2017)
Google is adding DNSSEC support (beta) to the fully managed Google Cloud DNS service. Now you and your users can take advantage of the protection provided by DNSSEC without having to maintain it once it’s set up.

Now You Can Monitor DDoS Attack Trends with AWS Shield Advanced (AWS Security Blog, Nov 01 2017)
AWS Shield Advanced has always notified you about DDoS attacks on your applications via the AWS Management Console and API as well as Amazon CloudWatch metrics. Now, they’ve added the global threat environment dashboard to AWS Shield Advanced to allow you to view trends and metrics about DDoS attacks across Amazon CloudFront, Elastic Load Balancing, and Amazon Route 53.

Building a Services and IoT Platform with DevOps, Part 3 (DevOps.com, Nov 06 2017)
Some of the DevOps best practices to adopt during IoT development, enabling faster time to market.

Distil Networks Announces New JavaScript Deployment Option (Distil Networks, Nov 08 2017)
New method completes Distil Anywhere Architecture giving enterprises the ability to block bots via a Secure CDN, in the Data Center, on AWS, their own infrastructure, and/or via JavaScript integration

Kromtech Security Center Releases S3 Inspector for Amazon S3 Users (MacKeeper, Nov 08 2017)
Kromtech Security Center Releases Tool to Identify and Prevent Data Leaks for Amazon S3 Users