Practical Security for Agile and DevOps, Mark S. Merkow, 2022
Practical Security for Agile and DevOpsis a collection of best practices and effective implementation recommendations that are proven to work. The text leaves the boring details of software security theory out of the discussion as much as possible to concentrate on practical applied software security that is useful to professionals. It is as much a book for students’ own benefit as it is for the benefit of their academic careers and organizations.
#book #SecDevOps
Practical Security for Agile and DevOpsis a collection of best practices and effective implementation recommendations that are proven to work. The text leaves the boring details of software security theory out of the discussion as much as possible to concentrate on practical applied software security that is useful to professionals. It is as much a book for students’ own benefit as it is for the benefit of their academic careers and organizations.
#book #SecDevOps
👍5
Practical Security for Agile and DevOps.pdf
10.9 MB
Practical Security for Agile and DevOps, Mark S. Merkow, 2022
👍4
👍4
Simplified Implementation of the Microsoft SDL.pdf
598.3 KB
Simplified Implementation of the Microsoft SDL, Updated November 4, 2010
👍4
Кто каким образом защищает sensitive information в корпоративных репозитариях (GitLab, etc) и системах контроля версий (Git, etc)?
Anonymous Poll
11%
Git crypt (тул)
10%
Git secret (плагин)
3%
Mozilla SOPS (тул)
19%
KMS (любой от free Vault до Cloud KMS)
12%
Все лежит plain text и норм :):)
38%
Я не SecOps, это не моя тема, я не в курсе
7%
Свой вариант (пиши в чат)
🤔9👍1
AllEng - Всем, кто учится
Учебные пособия и тематические ссылки для школьников, студентов и всех, занимающихся самообразованием.
Главная страница
Зеркало + Зеркало 2
Предыдущий пост с подборкой
#education #useful
Учебные пособия и тематические ссылки для школьников, студентов и всех, занимающихся самообразованием.
Главная страница
Зеркало + Зеркало 2
Предыдущий пост с подборкой
#education #useful
👍10❤3
Первыми сломались те, кто верил, что скоро все закончится.
Потом – те, кто не верил, что это когда-то закончится.
Выжили те, кто сфокусировался на своих делах, без ожиданий того, что ещё может случиться.
(с) Виктор Франкл, Австрийский психотерапевт, выживший в нацистском лагере
Топите за свои цели что бы не происходило вокруг! Ваша жизнь - ваша ответственность! Возможности всюду! Всем отличной недели!🤝
#info #great
Потом – те, кто не верил, что это когда-то закончится.
Выжили те, кто сфокусировался на своих делах, без ожиданий того, что ещё может случиться.
(с) Виктор Франкл, Австрийский психотерапевт, выживший в нацистском лагере
Топите за свои цели что бы не происходило вокруг! Ваша жизнь - ваша ответственность! Возможности всюду! Всем отличной недели!🤝
#info #great
👍16❤7
IPv6 Attacks (Active Directory)
DNS Attack or DNS Spoofing its an attack that try to spoof the DNS traffic to allows an attacker to gather very important information about the network. If IPv6 is turned on the attacker can even spoof the DNS traffic for a Domain Admin and with certain tools, create an user with exclusive privileges.
Sometimes a bad practice is to store the password in the field of "denoscription", that kind of issues allows to an attacker to break into the network in an easier way.
#pentest #windows
DNS Attack or DNS Spoofing its an attack that try to spoof the DNS traffic to allows an attacker to gather very important information about the network. If IPv6 is turned on the attacker can even spoof the DNS traffic for a Domain Admin and with certain tools, create an user with exclusive privileges.
Sometimes a bad practice is to store the password in the field of "denoscription", that kind of issues allows to an attacker to break into the network in an easier way.
#pentest #windows
🔥4👍1
Inside the Mind of a Hacker: 2023 Edition
Bugcrowd, one of the world's largest crowdsourced security platforms managing many bug bounty and vulnerability disclosure programs, analyzed 1000 survey responses from hackers on it's platform. These responses, combined with millions of proprietary data points on vulnerabilities collected across thousands of programs, were used to create this year's "Inside the Mind of a Hacker" report. Interesting stats include:
➡️ 5% of hackers are under 18, and only 10% over the age of 35
➡️ 93% of hackers are fluent in at least two languages
➡️ India and Bangladesh are the top 2 countries where hackers live
➡️ 96% are male
➡️ 77% of hackers report working in IT or cybersecurity
➡️ 75% of hackers identify non-financial factors as their main motivators
➡️ 91% of hackers expect AI to amplify the value of their work
➡️ 72% of hackers doubt AI will ever match their human creativity
Download report
#useful
Bugcrowd, one of the world's largest crowdsourced security platforms managing many bug bounty and vulnerability disclosure programs, analyzed 1000 survey responses from hackers on it's platform. These responses, combined with millions of proprietary data points on vulnerabilities collected across thousands of programs, were used to create this year's "Inside the Mind of a Hacker" report. Interesting stats include:
➡️ 5% of hackers are under 18, and only 10% over the age of 35
➡️ 93% of hackers are fluent in at least two languages
➡️ India and Bangladesh are the top 2 countries where hackers live
➡️ 96% are male
➡️ 77% of hackers report working in IT or cybersecurity
➡️ 75% of hackers identify non-financial factors as their main motivators
➡️ 91% of hackers expect AI to amplify the value of their work
➡️ 72% of hackers doubt AI will ever match their human creativity
Download report
#useful
🤔3👍1