DevSecOps Weekly Newsletter, Zeno. Curated DevSecOps news, tutorials, tools and more!
🌐 View in your browser   |  ✍️ Publish on FAUN   |  🦄 Become a sponsor
 
Allow loading remote contents and showing images to get the best out of this email.
Zeno
 
 
⭐ Patrons
 
faun.dev faun.dev
 
Advertise with FAUN
 
 
Sponsor FAUN and reach developers where they are, not where you want them to be.

Download our mediakit.
 
 

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

 
👨‍💻👩‍💻 Humans Behind Code
 
faun.dev faun.dev
 
Susa Tünker, Product Manager @ Score: From philosophy to DevOps
 
 
This week in Humans Behind Code, we're happy to have Susa Tünker!

Susa Tünker is the project manager of Score, a developer-centric and platform-agnostic workload specification. It ensures consistent configuration between local and remote environments. And it's open source!

Read the interview to discover more about the Human and the Code!
 
 
👉Are you the developer/founder of an Open Source project? Apply here and get featured on Humans Behind Code.
 
🔗 Stories, Tutorials & Articles
 
www.mitiga.io www.mitiga.io
 
Oops, I Leaked It Again — How Mitiga Found PII in Exposed Amazon RDS Snapshots
 
 
A recent Mitiga Research Team investigation found the well-regarded Amazon Relational Database Service is leaking PII via exposed RDS Snapshots.
 
 
boostsecurity.io boostsecurity.io
 
SLSA dip — At the Source of the problem!   ✅
 
 
This article is part of a series about the security of the software supply chain.

Each article analyzes a component of the Supply chain Levels for Software Artifacts (SLSA) model in depth, from the developer’s workstation all the way to the consumer side of the chain.
 
 
infosec.rodeo infosec.rodeo
 
AWS IAM Roles, a tale of unnecessary complexity
 
 
A highly opinionated blog post according to its writer: AWS is great but their implementation of IAM is unnecessarily complicated.
 
 
towardsaws.com towardsaws.com
 
AWS security assessment: what scanners are missing and how threat modeling may help you?
 
 
There are many tools available today that are designed to automate security checks. But some people rely too much on tools, as if conducting an AWS security assessment is the same as formatting the scanner’s output into fancy-looking report.

This blog post focuses on what scanners are missing and why tools cannot fully replace the assessor.
 
 
medium.com medium.com
 
How to implement DevSecOps in a Kubernetes cluster environment-Github Actions and Azure DevOps
 
 
Using kube-bench, Kubescape and other tools to secure a cluster.
 
 
 
📺 Quick Hits
 
 
AWS fixes 'confused deputy' vulnerability in AppSync after Datadog security researchers discover it.
 
 
Microsoft is rolling out fixes for problems with the Kerberos network authentication protocol on Windows Server after it was broken by November Patch Tuesday updates.
 
 
Malicious hackers are targeting long-discontinued Boa web servers to compromise energy sector organizations, including India's Tata Power. Microsoft says attackers are hacking energy grids by exploiting decades-old software.
 
 
An new Azure service aimed at protecting smaller businesses from the growing threat of distributed denial-of-service (DDoS) attacks is now in public preview, according to a post by Microsoft.
 
 
⭐ Sponsors
 
trezor.io trezor.io
 
The most advanced cryptocurrency hardware wallet
 
 
The Trezor Model T is the most advanced cryptocurrency hardware wallet. Easily store and protect your Bitcoin, passwords, tokens, and keys with confidence.

👉 Touchscreen - 1.54'' Color LCD
👉 USB - C included
👉 Manage coins in Trezor Suite
👉 Bitcoin, Litecoin, Ethereum (+all ERC-20), and more
👉 1456 Coins & Tokens
👉 Unlimited hidden wallets
👉 and more features!
 
 
👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.
 
⭐ Supporters
 
faun.dev faun.dev
 
Post Developers Jobs for Free on FAUN
 
 
FAUN's Job Board offers an exceptional platform to connect with skilled developers, DevOps professionals, and software engineers who are eager to contribute to the success of your organization.

Post your job openings on FAUN's Job Board today and watch your talent pool grow.

Get started now .
 
 
faun.dev faun.dev
 
Join Humans Behind Code
 
 
👉 If you're a Developer or a maintainer of a widely adopted Open Source project and you think it's worth talking about it and your experiences in building it, join Humans Behind Code and get interviewed and published on faun.dev!
 
 
👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.
 
🎦 Videos, Talks & Presentations
 
www.youtube.com www.youtube.com
 
97 Things Every Cloud Engineer Should Know
 
 
Migrating to the cloud has become a "sine qua non" these days. The compact articles in 97 Things Every Cloud Engineer Should Know inspect the entirety of cloud computing, including fundamentals, architecture and migration.

You'll go through security and compliance, operations and reliability and software development. And examine networking, organizational culture, and more.
 
 
 
📚 Book picks
 
www.amazon.com www.amazon.com
 
Multi-Cloud Strategy for Cloud Architects
 
 
Learn how to adopt and manage public clouds by leveraging BaseOps, FinOps, and DevSecOps.

What you will learn:
  • Learn how to choose the right cloud platform via various use cases
  • Understand the concepts associated with multi-cloud, including IaC, SaaS, PaaS, and CaC
  • Use the techniques and tools offered by Azure, AWS, and GCP to integrate security
  • Learn about enterprise architecture, value streams, and well-architected frameworks of Azure, AWS, and GCP
  • Use FinOps to define cost models and create transparency in cloud costs with showback and chargeback
  • Improve security with the DevSecOps maturity model
  • Explore the concepts of AIOps and GreenOps
 
 
 
⚙️ Tools, Apps & Software
 
github.com github.com
 
Patrowl/PatrowlHears
 
 
PatrowlHears - Vulnerability Intelligence Center / Exploits
 
 
github.com github.com
 
deepfence/PacketStreamer
 
 
Distributed tcpdump for cloud native environments
 
 
github.com github.com
 
RaduLupan/aws-secops
 
 
Collection of scripts for perfoming security operations in AWS
 
 
github.com github.com
 
deepfence/ThreatMapper
 
 
Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.
 
 

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

 
🤔 Did you know?
 
 
The DevSecOps market size is projected to reach USD 41.66 billion by 2030, growing at a CAGR of 30.76% from 2022 to 2030.
 
 
😂 Meme of the week
 
 
 
 
❤️ Thanks for reading
 
 
👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends! You can also donate to help us keep this newsletter going.

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

ℹ️ Have a question or feedback?
Feel free to reply to this email. We'd love to hear from you!

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.
 

Zeno #350: SLSA Dip — At the Source of the Problem!
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.
🐾 FAUN is a world wide community of developers 👣 We help developers learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.

Important: We are gradually migrating to a new system. If you don't create an account on FAUN (here), you will stop receiving our weekly newsletter.