Cloud Security · DevSecOps · Security

Misconfigured AWS S3 Buckets on the Rise

If you have been following for any length of time, you know that I have been blogging about Shadow IT and the security risks it poses in terms of both data leakage and outright breaches. Leaving your IT infrastructure in the hands of the uninitiated who just happen to have a procurement card is arguably… Continue reading Misconfigured AWS S3 Buckets on the Rise

DevSecOps · Security

Why SQL Injection is Inexcusable

I found this awesome infographic from Akamai and I wanted to talk about it a bit because while the infographic itself is awesome, what is represents is the terrible truth behind the point I keep making about DevSecOps. More than 148 million SQL injection attacks… Why? Well, in short, because they work but they only… Continue reading Why SQL Injection is Inexcusable

DevSecOps · Security · Soapbox

DevSecOps is Critical

In talking to one of my colleagues and explaining the difference between DevOps and DevSecOps to a colleague, I came across an interesting set of Google search results. When I google for ‘misconfigured AWS S3 bucket data breach’, I get 81,000+ results. 7 million Indian financial records exposed, 128 million US household records exposed, UK… Continue reading DevSecOps is Critical

DevSecOps · Security

Twitter Hack of Obama, Musk, Others Started on Slack

The New York Times is reporting that the recent hack of high profile Twitter accounts started by unauthorized users gaining access to a Slack channel where the credentials to log in to the back end Twitter systems were posted. So Twitter employees are sharing credentials. Its not clear, at that moment anyway, how the malicious… Continue reading Twitter Hack of Obama, Musk, Others Started on Slack