security
How to mitigate OWASP vulnerabilities while staying in the flow | The GitHu
https://github.blog/2022-11-04-how-to-mitigate-owasp-vulnerabilities-while-staying-in-the-flow/
Explore how GitHub Advanced Security can help address several of the OWASP Top 10 vulnerabilities
Added 1 month ago
Free: Dastardly from Burp Suite | Blog - PortSwigger
https://portswigger.net/blog/free-dastardly-from-burp-suite
Introducing Dastardly - a free, lightweight web application security scanner for your CI/CD pipeline, from the makers of Burp Suite. Secure web development ain't easy Ensuring your code is written sec
Added 1 month ago
Launch HN: Idemeum (YC S21) – Passwordless access to apps and infrastructur
https://news.ycombinator.com/item?id=33346183
Added 1 month ago
Libre Tools from the National Cybersecurity Competence Center of Luxembourg
https://opensource.nc3.lu
Added 1 month ago
Vulhub: Pre-Built Vulnerable Environments Based on Docker-Compose
https://news.ycombinator.com/item?id=32963636
Added 1 month ago
aurae-runtime/aurae: Distributed systems runtime daemon written in Rust.
https://github.com/aurae-runtime/aurae
Distributed systems runtime daemon written in Rust. - aurae-runtime/aurae
Added 1 month ago
GitHub Actions Security Best Practices [cheat sheet included]
https://blog.gitguardian.com/github-actions-security-cheat-sheet/
Learn how to secure your GitHub Actions with these best practices! From controlling credentials to using specific action version tags, this cheat sheet will help you protect against supply-chain attacks. Don't let a malicious actor inject code into your repository - read now!
Added 1 month ago
Thread by @bettersafetynet on Thread Reader App – Thread Reader App
https://threadreaderapp.com/thread/1496496087741480960.html
@bettersafetynet: I've had 3 calls so far today (it's not even 10) about defending against Russian cyber ops I'm tired of having the same call... so... here's what I've told everyone. This is the playbook you...…
Added 1 month ago
https://github.com/awslabs/aws-cloudsaga
https://github.com/awslabs/aws-cloudsaga
AWS CloudSaga - Simulate security events in AWS. Contribute to awslabs/aws-cloudsaga development by creating an account on GitHub.
Added 1 month ago
https://aws.amazon.com/blogs/security/how-to-build-a-multi-region-aws-security-hub-analytic-pipeline/?sc_channel=sm&sc_campaign=AWSSecurity_Blog&sc_publisher=TWITTER&sc_country=Security&sc_geo=GLOBAL&sc_outcome=awareness&trk=AWSSecurity_Blog_TWITTER&s=09
https://aws.amazon.com/blogs/security/how-to-build-a-multi-region-aws-security-hub-analytic-pipeline/?sc_channel=sm&sc_campaign=AWSSecurity_Blog&sc_publisher=TWITTER&sc_country=Security&sc_geo=GLOBAL&sc_outcome=awareness&trk=AWSSecurity_Blog_TWITTER&s=09
AWS Security Hub is a service that gives you aggregated visibility into your security and compliance posture across multiple Amazon Web Services (AWS) accounts. By joining Security Hub with Amazon QuickSight—a scalable, serverless, embeddable, machine learning-powered business intelligence (BI) service built for the cloud—your senior leaders and decision-makers can use dashboards to empower data-driven decisions […]
Added 1 month ago
Continuous Security: The Next Evolution of CI/CD - DevOps.com
https://devops.com/continuous-security-the-next-evolution-of-ci-cd/
With end-to-end integration into the SDLC, continuous security supports CI/CD to improve productivity, speed time-to-market and reduce risks.
Added 1 month ago
prowler-cloud/prowler
https://github.com/prowler-cloud/prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more - prowler-cloud/prowler
Added 1 month ago
SSH Bastion Host Best Practices
https://goteleport.com/blog/security-hardening-ssh-bastion-best-practices/
Added 1 month ago
Federate Kubernetes with AWS IAM using OIDC · reecetech
https://reece.tech/posts/oidc-k8s-to-aws/
Added 1 month ago
Container security best practices: Ultimate guide - Sysdig
https://sysdig.com/blog/container-security-best-practices/
Sticking to container security best practices is critical for successfully delivering secure software.
Added 1 month ago
Headscale: Open-source implementation of the Tailscale control server
https://news.ycombinator.com/item?id=28572013
Added 1 month ago
https://www.ncsc.gov.uk/blog-post/zero-trust-1-0?s=09
https://www.ncsc.gov.uk/blog-post/zero-trust-1-0?s=09
Zero trust architecture design principles 1.0 launched.
Added 1 month ago
Minimum Viable Secure Product
https://mvsp.dev/mvsp.en/index.html
Minimum Viable Secure Product (MVSP) is a minimum security baseline for enterprise-ready products and services.
Added 1 month ago
Added 1 month ago
GPG-Tui a Terminal User Interface for GnuPG
https://orhun.dev/blog/introducing-gpg-tui/
Added 1 month ago
https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/?sc_channel=sm&sc_campaign=AWSSecurity_Encryption&sc_publisher=TWITTER&sc_country=Security&sc_geo=GLOBAL&sc_outcome=awareness&trk=AWSSecurity_Blog_TWITTER&linkId=119175714&s=09
https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/?sc_channel=sm&sc_campaign=AWSSecurity_Encryption&sc_publisher=TWITTER&sc_country=Security&sc_geo=GLOBAL&sc_outcome=awareness&trk=AWSSecurity_Blog_TWITTER&linkId=119175714&s=09
January 2, 2024: We’ve updated this post to include the new failover Region feature. April 29, 2021: We’ve updated the order of the commands in Step 1. April 23, 2021: We’ve updated the commands in Steps 1 and 5 and in the “Additional Features” section. Using AWS Secrets Manager, you can more securely retrieve secrets […]
Added 1 month ago
https://isc.sans.edu/forums/diary/Quick+and+dirty+Python+masscan/27384/?s=09
https://isc.sans.edu/forums/diary/Quick+and+dirty+Python+masscan/27384/?s=09
Added 1 month ago