A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
HackerOne Reveals Top 10 Bug-Bounty Programs (Dark Reading, Jun 29 2020)
Rankings based on total bounties paid, top single bounty paid, time to respond, and more.
Chinese bank requires foreign firm to install app with covert backdoor (Ars Technica, Jun 26 2020)
A multinational tech company gets schooled in the risks of doing business in China.
What is a cyber range and how do you build one on AWS? (AWS Security Blog, Jun 24 2020)
“In this post, we provide advice on how you can build a current cyber range using AWS services.
Conducting security incident simulations is a valuable exercise for organizations. As described in the AWS Security Incident Response Guide, security incident response simulations (SIRS) are useful tools to improve how an organization handles security events. These simulations can be tabletop sessions, individualized labs, or full team exercises conducted using a cyber range.
A cyber range is an isolated virtual environment used by security engineers, researchers, and enthusiasts to practice their craft and experiment with new techniques. Traditionally, these ranges were developed on premises, but on-prem ranges can be expensive to build and maintain (and do not reflect the new realities of cloud architectures).”
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Back to Basics with Cloud Permissions Management (Dark Reading, Jun 23 2020)
By using the AAA permissions management framework for cloud operations, organizations can address authentication, authorization, and auditing.
Deploying the Best of Both Worlds: Data Orchestration for Hybrid Cloud (eWEEK, Jun 26 2020)
The cloud now easily eclipses most on-prem environments in all the major categories: speed, cost, ease of use, maintenance, scalability. But there are barriers to entry, or at least pathways that should be navigated carefully while making the move.
Sony Launches PlayStation Bug Bounty Program on HackerOne (SecurityWeek, Jun 25 2020)
Sony this week announced the launch of a public PlayStation bug bounty program in partnership with hacker-sourced vulnerability hunting platform HackerOne.