Cloud Security, DevOps, AppSec – The Week’s Best News – 2017.12.06
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec A Closer Look: OWASP Top 10 2017 – AppSec Risks (Checkmarx, Dec 06 2017) Open Web Application Security Project (OWASP) is an organization filled with security experts from around the world who provide information about applications and the risks posed, in […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2017.11.29
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec The Future of SecOps: Regaining Balance (Securosis Blog, Nov 27 2017) Instead of having “expensive staff focused on rote and tedious functions,” the “valuable, constrained, and usually highly skilled humans [should be] doing what humans are good at, such as: -identifying […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2017.11.22
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Final Version of 2017 OWASP Top 10 Released (SecurityWeek, Nov 21 2017) The final version of the 2017 OWASP Top 10 was released on Monday. Cross-site request forgery (CSRF) has been removed from the OWASP Top 10 as modern development frameworks […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2017.11.15
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Thwarting the Tactics of the Equifax Attackers (Cloudflare Blog, Nov 13 2017) We are now 3 months on from one of the biggest, most significant data breaches in history, but has it redefined people’s awareness on security? The answer to that […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2017.11.08
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec The Beautiful Law of Demeter (DZone DevOps Zone, Nov 06 2017) We all know, and I hope that we try, to apply the “rules” of Object Oriented Programming when we code. We want our code to be properly encapsulated, loosely coupled, […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2017.11.01
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Using Machine Learning to Connect the Dots in Container Security (Container Journal, Oct 31 2017) There is often an inverse relationship in which the more powerful, useful or convenient a technology is for the end user, the larger the risk it […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2017.10.25
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Is security on the verge of a fuzzing breakthrough? (Naked Security – Sophos, Oct 18 2017) Smart, efficient fuzzing could give every developer the opportunity to find bugs efficiently, during development The Full List of the Security, Compliance, and Identity Sessions, […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2017.10.18
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec What You Should Know About the ‘KRACK’ WiFi Security Weakness (Krebs on Security, Oct 16 2017) Researchers this week published information about a newfound, serious weakness in WPA2 — the security standard that protects all modern Wi-Fi networks. What follows is […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2017.10.11
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec How to Automatically Revert and Receive Notifications About Changes to Your Amazon VPC Security Groups (AWS Security Blog, Oct 11 2017) An AWS example of a responsive control, which you can use to automatically respond to a detected security event by […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2017.10.04
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec HP Shared ArcSight Source Code with Russians (Schneier on Security, Oct 04 2017) Reuters is reporting that HP Enterprise gave the Russians a copy of the ArcSight source code. The article highlights that ArcSight is used by the Pentagon to protect […]