security
Zero trust architecture design principles 1.0 launched.
Minimum Viable Secure Product (MVSP) is a minimum security baseline for enterprise-ready products and services.
January 2, 2024: We’ve updated this post to include the new failover Region feature. April 29, 2021: We’ve updated the order of the commands in Step 1. April 23, 2021: We’ve updated the commands in Steps 1 and 5 and in the “Additional Features” section. Using AWS Secrets Manager, you can more securely retrieve secrets […]
Purple Knight, built by Semperis, is the top Active Directory security assessment tool today. Identify threats and get prioritized guidance.
Turning Outlook into a keylogger via VBA macros
Explore Boundary product documentation, tutorials, and examples.
Open source alternative to Auth0 / Firebase Auth / AWS Cognito - GitHub - supertokens/supertokens-core: Open source alternative to Auth0 / Firebase Auth / AWS Cognito
In this post, I’ll show you how to build a continuous integration and continuous delivery (CI/CD) pipeline using AWS Developer Tools, as well as Aqua Security‘s open source container vulnerability scanner, Trivy. You’ll build two Docker images, one with vulnerabilities and one without, to learn the capabilities of Trivy and how to send all vulnerability […]
August 31, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. In this post, I demonstrate a sample workflow for generating a digital signature within AWS […]
August 31, 2021:AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. Typically, when you protect data in Amazon Simple Storage Service (Amazon S3), you use a combination […]
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™ - authelia/authelia
“What is the easiest way to securely connect tens of thousands of computers, hosted at multiple cloud service providers in dozens of locations around the globe?” If you want our answer, it’s Nebula, but I recommend that you read the rest of this short post before clicking that shiny link. At Slack, we asked ourselves this…
An illustrated guide to explain OAuth and OpenID Connect!
Learn about the problem of sensitive info getting published on version control systems and discover multiple ways to monitor GitHub for secrets.