Security For Package Maintainers
- Seth Michael Larson tl;dr: Seth discusses the steps he's taken to ensure that the packages he's developed, notably urllib3, are secure. "I hope that some of the knowledge I've gained along the way can help you secure your own packages as well as inspiring some adversarial security-minded thinking."featured in #296
SOC 2 and ISO 27001: Why Both is Better
tl;dr: Managing cybersecurity is rough these days. As a scaling business, you've likely been asked to prove your security posture -- and for good reason. More organizations are getting both SOC 2 and ISO 27001 compliant in order to expand their business potential and alleviate security concerns. Learn how this strategy can benefit your business and why it isn't as hard as it might sound.featured in #294
DevSecOps Maturity Model White Paper
tl;dr: A blueprint for assessing and advancing your organization’s DevSecOps practices to detect vulnerabilities and deliver digital services with more confidence.featured in #293
Top 10 Hacks Of The Past Decade
tl;dr: This tech paper takes a look at 10 of those hacks, and how Teleport could've mitigated the damage. Teleport was designed around best practices, making it more resilient to such types of threats.featured in #290
Take Our State of Startup Security Survey
tl;dr: Are you a manager or decision maker in your organization? We want to hear from you! Take our first annual State of Startup Security Survey and (anonymously) share how your organization prioritizes security, what your scaling looks like, and how you unblock startup challenges.featured in #288
10 Unknown Security Pitfalls For Python
- Dennis Brinkrolf tl;dr: “We chose pitfalls that we believe are less known in the developer community:” (1) All assert statements are ignored when code is optimised. (2) MakeDirs permissions. (3) Absolute path joins, and more.featured in #288
5 Best Practices For Securing SSH In 2022
- Catherine Blake tl;dr: From changing the SSH default options to using a bastion host, this is a good reminder of how to boost the security of your infrastructure.featured in #286
DevSecOps Maturity Model White Paper
tl;dr: A blueprint for assessing and advancing your organization’s DevSecOps practices to detect vulnerabilities and deliver digital services with more confidence.featured in #281
5 Tips for Evaluating SOC 2 Security Monitoring Platforms
tl;dr: If you're needing to get SOC 2 certified, you're likely looking for the fastest and easiest platform to get it done. Let's be honest, it isn't fun (and usually not fast or easy either). It helps to know what to look for in a security monitoring platform so that you can avoid any unexpected hiccups. Here are the top 5 things to pay attention to in your evaluation process.featured in #277
The Internet Is Held Together With Spit & Baling Wire
- Brian Krebs tl;dr: "Collectively, the information voluntarily submitted to the IRRs (Internet Routing Registries) forms a distributed database of Internet routing instructions that helps connect a vast array of individual networks." Brian illustrates how IRRs can be spoofed - by a simple email - to remove or alter routing entries for multiple e-commerce providers, banks and telecommunications companies at the same time.featured in #272