The YouTube link for this evenings meetup is at https://youtube.com/watch?v=FkRDNSHkpCc

#OWASP #Ottawa #AppSec #CloudSec

If you could dedicate one sprint to working on any security initiative you wanted, what would you choose? #cybersecurity #cloudsec

#AWS CloudTrail #vulnerability: Undocumented API allows CloudTrail bypass:

#CloudSecurity
#CloudSec

https://securitylabs.datadoghq.com/articles/iamadmin-cloudtrail-bypass/

Using #AWS? Check out @Frichette_n@twitter.com's article: "Abusing Misconfigured ECR Resource Policies" for examples of possible misconfigurations and how these can be abused:

#CloudSecurity
#CloudSec

https://hackingthe.cloud/aws/exploitation/Misconfigured_Resource-Based_Policies/misconfigured_ecr_resource_policy/

I'm into #devops #devsecops #cloud #cloudsec #appsec #dnd #karaoke #bjj
I'm new to Mastodon.
Anyone have any follow suggestions for me?

We need to talk about cloud security automation. The room for improvement is huge and the current state is really painful.

If you're running a Large Cloud Infrastructure, I want to hear from you! What are your challenges? Your solutions?

https://ldse.substack.com/p/about-cloud-security-and-automation

#cloudsec #automation #securityautomation

SCMagazine: Switching to the cloud gives organizations more flexibility and greater scalability, but perhaps most importantly is automation's ability to help security teams reduce the mean time to remediate (MTTR) vulnerabilities https://bit.ly/3bujnzU #cybersecurity #cloudsec…

The new version of Modron is out!

Modron is #cloudsec at scale. It reports security and compliance findings for large GCP organisations and contains an auto-populated communication framework allowing to filter, aggregate and throttle notifications!

It was released as open-source on github (https://github.com/nianticlabs/modron) last month and the first series of patch has arrived.

Want to know more about modron? Have a look at our README (https://github.com/nianticlabs/modron/blob/main/README.md) or reach out to me!

#pushonfriday #cloudsecurity #GCP #cloud #securityautomation

Are there any #aws #cloudsec tools that analyze SSO permission sets?

Seems like most only support IAM policies.

Excited to see if Mastodon will become the new place for the #InfoSec #appsec #cloudsec communities. I'm afraid to miss out on anything, so here I am :) 👋

@shellguardians Shift left is pushing on overloaded teams even more information about things they don't necessarily understand or have the time to fix. From the few that actually shift left, most just throw over the fence.

Automation must be smarter than this: https://ldurse.gumroad.com/p/about-cloud-security-and-automation
#cloudsec #securityautomation

Today I’m working on curriculum for #CloudSec I’m helping develop and I need to come up with homework assignments for #linux Shell Scripting for a different class. If you had any fave assignments, I’d love to hear about them! 😀

Today I’m working on curriculum for #CloudSec I’m helping develop and I need to come up with homework assignments for #linux Shell Scripting for a different class. If you had any fave assignments, I’d love to hear about them! 😀