#security (2022-02)
Archive: https://archive.sweetops.com/security/
2022-02-15
hi all, I need some general best practice
when I check cloudformation / terraform config for a s3 bucket
I see this:
Check: CKV_AWS_18: “Ensure the S3 bucket has access logging enabled” FAILED for resource: AWS::Bucket.S3Bucket and Check: CKV_AWS_21: “Ensure the S3 bucket has versioning enabled” FAILED for resource: AWS::Bucket.S3Bucket
Both are valid remarks
but I want some best practice when to enable them because both incur costs
That’s largely a business decision, frequently driven by compliance requirements
2022-02-16
2022-02-22
Hi All Our Managed Kubernetes Clusters: Avoiding risky defaults, K8s threat modeling and securing EKS clusters webinar starts in less than an hour, still time to register
Learn how to navigate the creating of a secure by default K8s cluster, avoid risky default settings and permissions, and listen to some live threat modeling of security EKS clusters. Join Lightspin CISO Jonathan Rau and Director of Security Research Gafnit Amiga to discuss hot topics and tips for leveling up your Kubernetes security knowledge. Questions and topics covered include: - Avoiding risky default settings in your Kubernetes clusters - Creating a secure by default Kubernetes cluster - Unique supply chain risks for Kubernetes Bring your questions and notepads to this live webinar!