Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.03.25
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Every presidential campaign website has suspicious 3rd-party code (SC Media, Mar 25 2020) An analysis of 11 presidential campaign websites performed last September and again in December found multiple instances of potentially risky third-party code, unwanted code execution and unauthorized data […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.03.18
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Intel Security Gap Hard to Exploit Without Physical Data Center Access (IT Pro, Mar 12 2020) Security researchers say the flaw is “unfixable,” but attackers would need to get inside your data center to use it. The DevOps Sweet Spot: Inserting […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.03.11
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec The DevOps Sweet Spot: Inserting Security at Pull Requests (Part 1) (DevOps, Mar 11 2020) While it’s true that security scans may be automatically started, they still finish in siloed processes that don’t keep up with the pace of releases. We […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.03.04
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Let’s Encrypt will revoke 3m+ TLS/SSL certificates (Help Net Security, Mar 04 2020) Starting with 20:00 UTC (3:00pm US EST), today (March 4), the non-profit certificate authority Let’s Encrypt will begin it’s effort to revoke a little over 3 million TLS/SSL […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.02.26
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec All About SASE: What It Is, Why It’s Here, How to Use It (Dark Reading, Feb 22 2020) Secure Access Service Edge is a new name for a known and growing architecture designed to strengthen security in cloud environments. Google Cloud […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.02.19
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Your Cloud Journeys is Unique, but Not Unknown (Securosis Blog, Feb 18 2020) “This is the first post in a new series, our “Network Operations and Security Professionals’ Guide to Managing Public Cloud Journeys”, which we will release as a white […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.02.12
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Facebook’s Bug Bounty Caught a Data-Stealing Spree (Wired, Feb 07 2020) A few months ago, the company disclosed that apps were siphoning data from up to 9.5 million of its users. It only found out thanks to a bug bounty submission…In […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.02.05
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec How industries are evolving their DevOps & security (Help Net Security, Jan 30 2020) There’s significant variation in DevOps maturation and security integration across the financial services, government, retail, telecom, and technology industries, according to Puppet’s report based on nearly 3,000 […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.01.29
NSA Offers Guidance on Mitigating Cloud Flaws (Dark Reading, Jan 23 2020) A new document separates cloud vulnerabilities into four classes and offers mitigations to help businesses protect cloud resources. Mozilla has banned nearly 200 malicious Firefox add-ons over the last two weeks (ZDNet, Jan 27 2020) Mozilla’s security staff is cracking down on malicious […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.01.22
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec What You Need to Know: AWS Monitoring, Logging, & Alerting (DisruptOps, Jan 19 2020) “The inspiration for this post is actually a series of misunderstandings I had myself on how things worked, despite years of aws security experience and testing. Largely […]