A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
Defense in depth using AWS Managed Rules for AWS WAF (part 1) (AWS Blog, Sep 02 2020)
The post is in two parts. This first part describes AWS Managed Rules for AWS WAF and how it can be used to provide defense in depth. The second part shows how to apply AWS Managed Rules for WAF.
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2) (AWS Blog, Sep 02 2020)
“In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications.”
Oracle loses $10B JEDI cloud contract appeal yet again (TechCrunch, Sep 03 2020)
It’s worth noting that for all its complaints that the deal favored Amazon, Microsoft actually won the bid. Even with that determination, the deal remains tied up in litigation as Amazon has filed multiple complaints, alleging that the president interfered with the deal and that they should have won on merit.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Introducing the AWS Best Practices for Security, Identity, & Compliance Webpage and Customer Polling Feature (AWS Security Blog, Sep 04 2020)
The AWS Security team has made it easier for you to find information and guidance on best practices for your cloud architecture. We’re pleased to share the Best Practices for Security, Identity, & Compliance webpage of the new AWS Architecture Center. Here you’ll find top recommendations for security design principles, workshops, and educational materials, and you can browse our full catalog of self-service content including blogs, whitepapers, videos, trainings, reference implementations, and more.
Google Cloud Expands Confidential Computing Lineup (Dark Reading, Sep 08 2020)
Google plans to build out its Confidential Computing portfolio with the launch of Confidential GKE Nodes for Kubernetes workloads.
Developer Security Firm Snyk Raises $200 Million at $2.6 Billion Valuation (SecurityWeek, Sep 09 2020)
Boston-based developer security company Snyk on Wednesday announced that it has raised $200 million in a Series D funding round, valuing the firm at more than $2.6 billion.
Shifting Left With DevSecOps: ESG Report Exposes Difficulties (DevOps, Sep 09 2020)
A recent report asks the tough questions about DevSecOps adoption, and the results are surprising In a world of increasing development velocity, companies are placing more responsibility on developers to enact quick deployments. Naturally, security is “shifting left” as well. Theoretically, DevSecOps sounds great, but it opens up many questions.
Webmaster Portal Leaks 63 Million Records (Infosecurity Magazine, Sep 08 2020)
Digital Point snafu raises prospect of domain hijacking
Researcher Details Google Maps Vulnerability That Earned Him $10,000 (SecurityWeek, Sep 09 2020)
A researcher has disclosed the details of a cross-site scripting (XSS) vulnerability in Google Maps that earned him $10,000.
Tesla Can Tell If You Hacked Your Car (VICE, Sep 09 2020)
Third-party sellers are trying to help drivers circumvent software paywalls Tesla uses to limit vehicle hardware.