by threatmodeler1 | Aug 12, 2020 | AWS, Cloud security, Cloud Threat Modeling, Compensating Controls, Risk Management, Security
It’s no secret that Amazon Web Services (AWS) helps to run a wide swath of the web’s most popular websites, services, and applications. However, the rise of cloud services has not gone unnoticed by hackers, who have broadened their scope from traditional...
by threatmodeler1 | Jun 23, 2020 | AWS, Cloud security, Cloud Threat Modeling, DevSecOps
While much of the tech world is adopting the private cloud for the added security and scalability, today’s developers typically rely on its public, less secure cousin. The reason is simple: it’s way cheaper. “Private” cloud infrastructure requires providers to assign...
by threatmodeler1 | Feb 18, 2020 | API Security, Cloud security, Cloud Threat Modeling, DevOps, Security
In 2014, Google released Kubernetes, a platform that leverages containerization to run services and applications. Google has since turned Kubernetes into an open source project titled the Cloud Native Computing Foundation. Kubernetes is capable of provisioning and...
by threatmodeler1 | Feb 12, 2020 | API Security, Cloud security, Cloud Threat Modeling, DevOps, Enterprise DevSecOps
Within computer systems engineering, software development lifecycle (SDLC) has been a solid way to create high quality software that meets user requirements. SDLC phases are designed to be agile, iterative and chronological, clearly defined in plan, design, build,...
by threatmodeler1 | Dec 16, 2019 | CISO, Cloud security, Cloud Threat Modeling, Security, Threat Models
The previous installment in our series on the collateral damage, which a data breach can wreak upon individuals, we considered the profound possibilities of a credit card data breach. This article reviews the potential damages that can occur with a social profile...
by threatmodeler1 | Dec 5, 2019 | API Security, AWS, Cloud security, Cloud Threat Modeling, DevSecOps, Security
Amazon S3 is the leading and most efficient file storage service offered in the market. S3 is a simple storage service where you can store any kind of content, e.g. HTML web pages or financial data records. Whatever you store in an S3 bucket is comprised of data. Even...