Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.02.14
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec A secure web is here to stay (Google Online Security Blog, Feb 08 2018) Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”. The JavaScript Supply Chain Paradox: SRI, CSP and […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.02.07
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Identify Risk in Open Source Components (WhiteHat Security, Feb 01 2018) An estimated 90 percent of your code is from open source and third-party libraries. How are you verifying that you have the latest version? GitLab Acquires Gemnasium to Advance DevSecOps […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.01.31
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Microsoft issues patch to disable Intel’s buggy Spectre update (SC Magazine, Jan 29 2018) Intel told customers last week not to implement its patches after reports that they prompted computers to reboot spontaneously. How Containers & Serverless Computing Transform Attacker Methodologies […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.01.24
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Mudge & Rating software security Consumer Reports-style (CSO Online, Jan 18 2018) Founded by l0pht hacker and former head of cybersecurity research at DARPA Peiter “Mudge” Zatko, and bankrolled with seed funding from the US Air Force, the Cyber Independent Testing […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.01.17
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Visualizing Meltdown on AWS (AppOptics Blog, Jan 16 2018) One January 3, 2018, the Meltdown and Spectre CPU architecture flaws were announced to the world. Due to early leaks, the announcement was made roughly a week earlier than planned. These bugs […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.01.10
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec The Meltdown/Spectre Bugs for a Non-Technical Audience (Cloudflare, Jan 09 2018) Last week the news of two significant computer bugs was announced. They’ve been dubbed Meltdown and Spectre. Here’s what you need to know. How Cloud Security Managers Should Respond to […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.01.03
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec How AV Software Can Be Turned Into a Tool for Spying (NY Times, Jan 02 2018) Government officials warn that software from Kaspersky Lab could be subverted by Russian intelligence. A security researcher shows how it could be done. The Most […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2017.12.27
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Do COBOL Applications Have a Future? (DevOps Zone, Dec 21 2017) For IT shops reliant on multi-decade back office (COBOL) applications, this concern is very valid. Understanding core logic is fundamental to transforming any business application to support new digital requirements. […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2017.12.20
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Why crypto is much harder than engineers think (Help Net Security, Dec 19 2017) Researchers analyzed the statistical properties of public keys (from a large sample of Estonian public keys). They found that the keys were not truly random, as they […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2017.12.13
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec What I learned from doing 1000 code reviews (Hacker Noon, Dec 11 2017) After reviewing tens of thousands of lines of code, I noticed certain suggestions kept coming up over and over again, here are the top 3. Securing communications between […]