× Want to read this newsletter every week?! × 👋  Join FAUN
 
DevSecOps Weekly Newsletter, Zeno. Curated DevSecOps news, tutorials, tools and more!
🌐 View in your browser   |  ✍️ Publish on FAUN   |  🦄 Become a sponsor
 
Last week's must-read news and stories from the DevSecOps community
Zeno
 
 
 
 
Hey there,

We would like to know how is your experience with FAUN by now. Is there anything we can do better for you? We truly appreciate every FAUNer's opinion!

🔗 So share your testimonial and support FAUN.

❤️ To thank you, we will link to your website or a social media profile of your choice on faun.dev.
 
 
⭐ Patrons
 
namecheap.com namecheap.com
 
Get a .COM for just $6.98
 
 
A mighty domain for a mini price. Get your next big domain at Namecheap !
 
 
faun.dev faun.dev
 
Advertise with FAUN
 
 
Sponsor FAUN and reach developers where they are, not where you want them to be.

Download our mediakit.
 
 

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

 
🐾 From FAUNers
 
faun.dev faun.dev
 
A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters
 
 
Fuzzing is the process or technique of sending multiple requests to a target website within a certain time interval. In other words, it is also similar to brute force. Read more about the tools allowing Fuzzing like wfuzz andFfuf.

By @tutorialboy24
 
 
👉 Create your FAUN Page if it's not done yet and start sharing your blog posts, news, and tools on FAUN Developer Community, collect badges and more!
 
 
⭐ Sponsors
 
nordvpn.sjv.io nordvpn.sjv.io
 
Best VPN Deal
 
 
NordVPN 68% Black Friday discount is here!

👉 Access anything online without restrictions
👉 Add extra layers of security to your digital life
👉 Get the best online protection tools along with your NordVPN service.
👉 Get 3 months FREE with the 2-year plan
 
 
👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.
 
🔗 From the web
 
towardsaws.com towardsaws.com
 
AWS security assessment: what scanners are missing and how threat modeling may help you?
 
 
There are many tools available today that are designed to automate security checks. But some people rely too much on tools, as if conducting an AWS security assessment is the same as formatting the scanner’s output into fancy-looking report.

This blog post focuses on what scanners are missing and why tools cannot fully replace the assessor.
 
 
boostsecurity.io boostsecurity.io
 
SLSA dip — At the Source of the problem!   ✅
 
 
This article is part of a series about the security of the software supply chain. Each article will be analyzing a component of the Supply chain Levels for Software Artifacts (SLSA) model in depth, from the developer’s workstation all the way to the consumer side of the chain.
 
 
medium.com medium.com
 
How to implement DevSecOps in a Kubernetes cluster environment-Github Actions and Azure DevOps
 
 
Using Kube-bench (checks performed to determine Kubernetes is deployed securely) and Kubescape (an open source tool that includes risk analysis, security compliance, RBAC visualizer, and image vulnerabilities scanning) integrated in Github Actions.
 
 
www.mitiga.io www.mitiga.io
 
How Mitiga Found PII in Exposed Amazon RDS Snapshots
 
 
A recent Mitiga Research Team investigation found the well-regarded Amazon Relational Database Service is leaking PII via exposed RDS Snapshots.
 
 
infosec.rodeo infosec.rodeo
 
AWS IAM Roles, a tale of unnecessary complexity
 
 
IAM was designed to manage authentication and authorization in a single AWS account. As adoption of the cloud grew, organizations started to identify the need for using multiple AWS accounts.

Instead of refactoring the architecture, AWS did what AWS does best - it built a new service.
 
 

 
⭐ Supporters
 
internxt.com internxt.com
 
70% off on the 2TB Internxt Annual Plan
 
 
✅ Encrypted file storage and sharing
✅ Access your files from any device
✅ Get access to all our services

Discount available until December 5th.
 
 
faun.dev faun.dev
 
Join Humans Behind Code
 
 
👉 If you're a Developer or a maintainer of a widely adopted Open Source project and you think it's worth talking about it and your experiences in building it, join Humans Behind Code and get interviewed and published on faun.dev!
 
 
faun.dev faun.dev
 
Post Developers Jobs for Free on FAUN
 
 
FAUN's Job Board offers an exceptional platform to connect with skilled developers, DevOps professionals, and software engineers who are eager to contribute to the success of your organization.

Post your job openings on FAUN's Job Board today and watch your talent pool grow.

Get started now .
 
 
👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.
 
📺 Quick Hits
 
 
Researchers spotted a new evasive malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak credentials.
 
 
Fall 2022 SOC reports are now available with 154 services in scope. Customers can download the Fall 2022 SOC reports through AWS Artifact in the AWS Management Console. 
 
 
Cloud-native application security provider Apiiro announced that it has raised $100 million in Series B funding. To date, the company has raised $135 million.
 
 
A newly disclosed vulnerability in Microsoft Corp.’s Azure Cosmos DB was found to open the door to an attacker without needing authentication under certain conditions.
 
 
🎦 Videos
 
www.youtube.com www.youtube.com
 
Exploiting Github to Mine Crypto   ✅
 
 
 
 
www.youtube.com www.youtube.com
 
97 Things Every Cloud Engineer Should Know
 
 
Migrating to the cloud has become a "sine qua non" these days. The compact articles in 97 Things Every Cloud Engineer Should Know inspect the entirety of cloud computing, including fundamentals, architecture and migration.
 
 

 
📚 Book picks
 
www.amazon.com www.amazon.com
 
Multi-Cloud Strategy for Cloud Architects
 
 
Learn how to adopt and manage public clouds by leveraging BaseOps, FinOps, and DevSecOps.
 
 
 
⚙️ Tools
 
github.com github.com
 
RaduLupan/aws-secops
 
 
Collection of scripts for perfoming security operations in AWS
 
 
github.com github.com
 
Patrowl/PatrowlHears
 
 
PatrowlHears - Vulnerability Intelligence Center / Exploits
 
 
github.com github.com
 
deepfence/ThreatMapper
 
 
Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.
 
 
github.com github.com
 
deepfence/PacketStreamer
 
 
Distributed tcpdump for cloud native environments
 
 
👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.
 
😂 Meme of the week
 
 
 
 
❤️ Thanks for reading
 
 
👉 Never miss an issue
Join FAUN Developer Community and subscribe to our newsletter here.

👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could share it with your friends! You can also donate to help us keep this newsletter going.

ℹ️ Have a question or feedback?
Feel free to reach out to us at community@faun.dev. We'd love to hear from you!

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.