Cloud Security · DevSecOps · Security

Misconfigured AWS S3 Buckets Still Rising

I run this search periodically and I watch the climbing numbers of results with alarm. I ran it just now and it returned 143,000 results, up nearly 50% from a year ago. At this point, I believe that its incumbent on AWS to do something to stop spamming my data across the interwebz. The problem… Continue reading Misconfigured AWS S3 Buckets Still Rising

Cloud Security · DevSecOps · Security

Misconfigured AWS S3 Buckets on the Rise

If you have been following for any length of time, you know that I have been blogging about Shadow IT and the security risks it poses in terms of both data leakage and outright breaches. Leaving your IT infrastructure in the hands of the uninitiated who just happen to have a procurement card is arguably… Continue reading Misconfigured AWS S3 Buckets on the Rise

DevSecOps · Security

Why SQL Injection is Inexcusable

I found this awesome infographic from Akamai and I wanted to talk about it a bit because while the infographic itself is awesome, what is represents is the terrible truth behind the point I keep making about DevSecOps. More than 148 million SQL injection attacks… Why? Well, in short, because they work but they only… Continue reading Why SQL Injection is Inexcusable

DevSecOps · Security · Soapbox

DevSecOps is Critical

In talking to one of my colleagues and explaining the difference between DevOps and DevSecOps to a colleague, I came across an interesting set of Google search results. When I google for ‘misconfigured AWS S3 bucket data breach’, I get 81,000+ results. 7 million Indian financial records exposed, 128 million US household records exposed, UK… Continue reading DevSecOps is Critical

DevSecOps · Security

Twitter Hack of Obama, Musk, Others Started on Slack

The New York Times is reporting that the recent hack of high profile Twitter accounts started by unauthorized users gaining access to a Slack channel where the credentials to log in to the back end Twitter systems were posted. So Twitter employees are sharing credentials. Its not clear, at that moment anyway, how the malicious… Continue reading Twitter Hack of Obama, Musk, Others Started on Slack