A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
New research: what sets top-performing DevOps teams apart (Google Cloud Blog, Aug 29 2018)
Key takeaway #4: Don’t be too cautious. Failure in software development is a given, and that can lead DevOps teams to deploy new code less frequently while they do more testing and quality checks.
Who owns application security? (Help Net Security, Aug 23 2018)
In theory, one would hope that the CISO was the number one answer by far. In reality, the CISO came in fifth place. The top owners of app security were: the CIO/CTO at 26%, Head of Application Development at 21%, and Business Units tying with “no one” at 18%. Surprisingly, CISOs received only 10% of the responses for the application security risk owner. The only choices lower than CISO were Compliance at 5% and Quality Assurance at 1%.
Data from 316 million real-world attacks in AWS and Azure environments (Help Net Security, Aug 23 2018)
tCell found that XSS, SQL injection, automated threats, file path traversals and command injection were the most common types of security attacks. These differ from the 2017 OWASP Top 10 list of web application threats and security flaws. The main reason for this difference is that tCell protects applications in-production that reside in the AWS, Azure and Google cloud environments.
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.
Lacework Raises New Funds To Help Extend Cloud Security Capabilities (eWEEK, Aug 28 2018)
Lacework raises $24 million in a new round of funding, as the cloud security company looks to grow its technology platform.
VMware acquires CloudHealth Technologies for multi-cloud management (TechCrunch, Aug 27 2018)
CloudHealth provides VMware with a crucial multi-cloud management platform that works across AWS, Microsoft Azure and Google Cloud Platform, giving customers a way to manage cloud cost, usage, security and performance from a single interface.
New – Over-the-Air (OTA) Updates for Amazon FreeRTOS (AWS News Blog, Aug 28 2018)
Amazon FreeRTOS is an operating system for the microcontrollers that power connected devices such as appliances, fitness trackers, industrial sensors, smart utility meters, security systems, and the like. Designed for use in small, low-powered devices, Amazon FreeRTOS extends the FreeRTOS kernel with libraries for communication with cloud services such as AWS IoT Core and with more powerful edge devices that are running AWS Greengrass…
Respond to threats faster with Security Center’s Confidence Score (Microsoft Azure Blog, Aug 22 2018)
The Confidence Score ranges between 1 to 100 and represents the confidence that the alert should be investigated. The higher the score is, the higher the confidence is that this alert indicates true malicious activity.
Embedding Security into the DevOps Toolchain (Dark Reading, Aug 23 2018)
When looking to implement security at the speed of DevOps, one should understand what DevOps teams mean by the “CI/CD pipeline” and what that looks like. (CI refers to continuous integration, and CD refers to continuous delivery.)
An Undiscovered Facebook Bug Made Me Think I Was Hacked (Wired, Aug 24 2018)
The social network erroneously turned extra security protections off—after I had *strengthened* my privacy settings.
Oath Pays Over $1 Million in Bug Bounties (SecurityWeek, Aug 24 2018)
As part of its unified bug bounty program, online publishing giant Oath has paid over $1 million in rewards for verified bugs, the company announced this week.
Bugcrowd announces free training platform (SC Magazine, Aug 27 2018)
Bugcrowd crowdsourcing platform last week launched a free educational platform for security researchers called Bugcrowd University.
Hackers Breach Cryptocurrency Platform Atlas Quantum (SecurityWeek, Aug 28 2018)
The information of over 260,000 users was stolen after hackers managed to compromise the cryptocurrency investment platform Atlas Quantum.
Half of Alexa Top 1 Million sites now use HTTPS (Help Net Security, Aug 29 2018)
Of the one million most visited websites according to Alexa, 51.8% are actively redirecting to HTTPS. To compare: that percentage was at 38.4 only six months ago.
Google created “unnecessary risk” for Fortnite users, claims Epic boss (Naked Security – Sophos, Aug 29 2018)
The nay-sayers were right – releasing the Android version of the mega-successful game Fortnite in a way that bypassed Google’s Play Store was a security risk after all.