Last week's must-read news and stories from the DevSecOps community
Zeno
 
Remarkable posts, stories, tools, tutorials and tips from the DevSecOps community!
🌐 View in your browser   |  ✍️ Publish on FAUN   |  🦄 Become a sponsor
 
 
Patrons
 
namecheap.com namecheap.com
 
Get a .COM for just $6.98
 
 
A mighty domain for a mini price. Get your next big domain at Namecheap !
 
 
faun.dev faun.dev
 
Advertise with FAUN
 
 
Meet developers where they are, not where you want them to be. Fill the form and download our mediakit.
 
 
 
 
 
Hey there,

We would like to know how is your experience with FAUN by now. Is there anything we can do better for you? We truly appreciate every FAUNer's opinion!

🔗 So share your testimonial and support FAUN.

❤️ To thank you, we will link to your website or a social media profile of your choice on faun.dev.
 
 
From FAUNers 🐾
 
faun.dev faun.dev
 
A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters
 
 
Fuzzing is the process or technique of sending multiple requests to a target website within a certain time interval. In other words, it is also similar to brute force. Read more about the tools allowing Fuzzing like wfuzz andFfuf.

By @tutorialboy24
 
 
👉 Create your FAUN Page if it's not done yet and start sharing your blog posts, news, and tools on FAUN Developer Community, collect badges and more!
 
 
Sponsors
 
nordvpn.sjv.io nordvpn.sjv.io
 
Best VPN Deal
 
 
NordVPN 68% Black Friday discount is here!

👉 Access anything online without restrictions
👉 Add extra layers of security to your digital life
👉 Get the best online protection tools along with your NordVPN service.
👉 Get 3 months FREE with the 2-year plan
 
 
 
From the web
 
towardsaws.com towardsaws.com
 
AWS security assessment: what scanners are missing and how threat modeling may help you?
 
 
There are many tools available today that are designed to automate security checks. But some people rely too much on tools, as if conducting an AWS security assessment is the same as formatting the scanner’s output into fancy-looking report.

This blog post focuses on what scanners are missing and why tools cannot fully replace the assessor.
 
 
boostsecurity.io boostsecurity.io
 
SLSA dip — At the Source of the problem!   ✅
 
 
This article is part of a series about the security of the software supply chain. Each article will be analyzing a component of the Supply chain Levels for Software Artifacts (SLSA) model in depth, from the developer’s workstation all the way to the consumer side of the chain.
 
 
medium.com medium.com
 
How to implement DevSecOps in a Kubernetes cluster environment-Github Actions and Azure DevOps
 
 
Using Kube-bench (checks performed to determine Kubernetes is deployed securely) and Kubescape (an open source tool that includes risk analysis, security compliance, RBAC visualizer, and image vulnerabilities scanning) integrated in Github Actions.
 
 
www.mitiga.io www.mitiga.io
 
How Mitiga Found PII in Exposed Amazon RDS Snapshots
 
 
A recent Mitiga Research Team investigation found the well-regarded Amazon Relational Database Service is leaking PII via exposed RDS Snapshots.
 
 
infosec.rodeo infosec.rodeo
 
AWS IAM Roles, a tale of unnecessary complexity
 
 
IAM was designed to manage authentication and authorization in a single AWS account. As adoption of the cloud grew, organizations started to identify the need for using multiple AWS accounts.

Instead of refactoring the architecture, AWS did what AWS does best - it built a new service.
 
 
 
Supporters
 
internxt.com internxt.com
 
70% off on the 2TB Internxt Annual Plan
 
 
✅ Encrypted file storage and sharing
✅ Access your files from any device
✅ Get access to all our services

Discount available until December 5th.
 
 
faun.dev faun.dev
 
Join Humans Behind Code
 
 
👉 If you're a Developer or a maintainer of a widely adopted Open Source project and you think it's worth talking about it and your experiences in building it, join Humans Behind Code and get interviewed and published on faun.dev!
 
 
faun.dev faun.dev
 
Post Developers Jobs for Free on FAUN
 
 
Reach developers where they are not where you want them to be.
Post jobs for free reach thousands of developers.
 
 
 
Quick Hits
 
 
Cloud-native application security provider Apiiro announced that it has raised $100 million in Series B funding. To date, the company has raised $135 million.
 
 
A newly disclosed vulnerability in Microsoft Corp.’s Azure Cosmos DB was found to open the door to an attacker without needing authentication under certain conditions.
 
 
Researchers spotted a new evasive malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak credentials.
 
 
Fall 2022 SOC reports are now available with 154 services in scope. Customers can download the Fall 2022 SOC reports through AWS Artifact in the AWS Management Console. 
 
 
Videos
 
www.youtube.com www.youtube.com
 
Exploiting Github to Mine Crypto   ✅
 
 
 
 
www.youtube.com www.youtube.com
 
97 Things Every Cloud Engineer Should Know
 
 
Migrating to the cloud has become a "sine qua non" these days. The compact articles in 97 Things Every Cloud Engineer Should Know inspect the entirety of cloud computing, including fundamentals, architecture and migration.
 
 
 
Book picks
 
www.amazon.com www.amazon.com
 
Multi-Cloud Strategy for Cloud Architects
 
 
Learn how to adopt and manage public clouds by leveraging BaseOps, FinOps, and DevSecOps.
 
 
 
Tools
 
github.com github.com
 
RaduLupan/aws-secops
 
 
Collection of scripts for perfoming security operations in AWS
 
 
github.com github.com
 
Patrowl/PatrowlHears
 
 
PatrowlHears - Vulnerability Intelligence Center / Exploits
 
 
github.com github.com
 
deepfence/ThreatMapper
 
 
Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.
 
 
github.com github.com
 
deepfence/PacketStreamer
 
 
Distributed tcpdump for cloud native environments
 
 
 
Meme of the week
 
 
 

Zeno #348: Exploiting Github to Mine Crypto
Legend: ✅ = editors' choice / ♻️ = Old but gold / ✨ = sponsored / 🔰 = beginner friendly

You received this email because you are subscribed to FAUN.
🐾 FAUN is a world wide community of developers 👣 We help developers learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.

Important: We are gradually migrating to a new system. If you don't create an account on FAUN (here), you will stop receiving our weekly newsletter.