DevSecOps Weekly Newsletter, Zeno. Curated DevSecOps news, tutorials, tools and more!
🌐 View in your browser   |  ✍️ Publish on FAUN   |  🦄 Become a sponsor
Allow loading remote contents and showing images to get the best out of this email.
⭐ Patrons
Get a .COM for just $6.98
A mighty domain for a mini price. Get your next big domain at Namecheap !
Advertise with FAUN
Sponsor FAUN and reach developers where they are, not where you want them to be.

Download our mediakit.
Hey there,

We would like to know how is your experience with FAUN by now. Is there anything we can do better for you? We truly appreciate every FAUNer's opinion!

🔗 So share your testimonial and support FAUN.

❤️ To thank you, we will link to your website or a social media profile of your choice on
🐾 From FAUNers
A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters
Fuzzing is the process or technique of sending multiple requests to a target website within a certain time interval. In other words, it is also similar to brute force. Read more about the tools allowing Fuzzing like wfuzz andFfuf.

By @tutorialboy24
👉 Create your FAUN Page if it's not done yet and start sharing your blog posts, news, and tools on FAUN Developer Community, collect badges and more!
⭐ Sponsors
Best VPN Deal
NordVPN 68% Black Friday discount is here!

👉 Access anything online without restrictions
👉 Add extra layers of security to your digital life
👉 Get the best online protection tools along with your NordVPN service.
👉 Get 3 months FREE with the 2-year plan
🔗 From the web
SLSA dip — At the Source of the problem!   ✅
This article is part of a series about the security of the software supply chain. Each article will be analyzing a component of the Supply chain Levels for Software Artifacts (SLSA) model in depth, from the developer’s workstation all the way to the consumer side of the chain.
How Mitiga Found PII in Exposed Amazon RDS Snapshots
A recent Mitiga Research Team investigation found the well-regarded Amazon Relational Database Service is leaking PII via exposed RDS Snapshots.
How to implement DevSecOps in a Kubernetes cluster environment-Github Actions and Azure DevOps
Using Kube-bench (checks performed to determine Kubernetes is deployed securely) and Kubescape (an open source tool that includes risk analysis, security compliance, RBAC visualizer, and image vulnerabilities scanning) integrated in Github Actions.
AWS IAM Roles, a tale of unnecessary complexity
IAM was designed to manage authentication and authorization in a single AWS account. As adoption of the cloud grew, organizations started to identify the need for using multiple AWS accounts.

Instead of refactoring the architecture, AWS did what AWS does best - it built a new service.
AWS security assessment: what scanners are missing and how threat modeling may help you?
There are many tools available today that are designed to automate security checks. But some people rely too much on tools, as if conducting an AWS security assessment is the same as formatting the scanner’s output into fancy-looking report.

This blog post focuses on what scanners are missing and why tools cannot fully replace the assessor.

⭐ Supporters
Post Developers Jobs for Free on FAUN
Reach developers where they are not where you want them to be.
Post jobs for free reach thousands of developers.
Join Humans Behind Code
👉 If you're a Developer or a maintainer of a widely adopted Open Source project and you think it's worth talking about it and your experiences in building it, join Humans Behind Code and get interviewed and published on!
70% off on the 2TB Internxt Annual Plan
✅ Encrypted file storage and sharing
✅ Access your files from any device
✅ Get access to all our services

Discount available until December 5th.
📺 Quick Hits
Cloud-native application security provider Apiiro announced that it has raised $100 million in Series B funding. To date, the company has raised $135 million.
A newly disclosed vulnerability in Microsoft Corp.’s Azure Cosmos DB was found to open the door to an attacker without needing authentication under certain conditions.
Researchers spotted a new evasive malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak credentials.
Fall 2022 SOC reports are now available with 154 services in scope. Customers can download the Fall 2022 SOC reports through AWS Artifact in the AWS Management Console. 
🎦 Videos
Exploiting Github to Mine Crypto   ✅
97 Things Every Cloud Engineer Should Know
Migrating to the cloud has become a "sine qua non" these days. The compact articles in 97 Things Every Cloud Engineer Should Know inspect the entirety of cloud computing, including fundamentals, architecture and migration.

📚 Book picks
Multi-Cloud Strategy for Cloud Architects
Learn how to adopt and manage public clouds by leveraging BaseOps, FinOps, and DevSecOps.
⚙️ Tools
Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.
Collection of scripts for perfoming security operations in AWS
Distributed tcpdump for cloud native environments
PatrowlHears - Vulnerability Intelligence Center / Exploits
👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.
😂 Meme of the week
❤️ Thanks for reading
👋 Keep in touch
Follow us on 🐦Twitter
Follow us on 👥Facebook
Follow us on 💼LinkedIn
Follow us on 📰Reddit

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends!

🙏 Never miss our messages!
To receive our future emails in your inbox, please take a quick second and consider adding our email ( to your contact list. This guide will help you.

ℹ️ Have a question or feedback?
Feel free to reply to this email. We'd love to hear from you!

Zeno #348: Exploiting Github to Mine Crypto
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.
🐾 FAUN is a world wide community of developers 👣 We help developers learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.

Important: We are gradually migrating to a new system. If you don't create an account on FAUN (here), you will stop receiving our weekly newsletter.