Difference between revisions of "Template:ASW131NewsMikeShema"

From Security Weekly Wiki
Jump to navigationJump to search
(Created page with "===Articles===")
 
 
Line 1: Line 1:
 
===Articles===
 
===Articles===
 +
* [https://www.threatmodelingmanifesto.org/ Threat Modeling Manifesto] encourages more practical modeling with principles to make the results meaningful.
 +
* [https://sean.heelan.io/2020/11/18/phd-thesis-greybox-automatic-exploit-generation-for-heap-overflows-in-language-interpreters/ Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters] encourages a hybrid of human and automation approaches to discover and attack [https://seanhn.files.wordpress.com/2020/11/heelan_phd_thesis.pdf flaws in our code].
 +
* [https://www.cncf.io/blog/2020/11/18/announcing-the-cloud-native-security-white-paper/ Announcing the Cloud Native Security White Paper] encourages an understanding of [https://github.com/cncf/sig-security/blob/master/security-whitepaper/CNCF_cloud-native-security-whitepaper-Nov2020.pdf security principles] and how to apply them to each phase of the cloud application lifecycle.
 +
* [https://www.microsoft.com/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs/ Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs], which encourages more trusted boot and secure secret handling to better adhere to [https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf The Seven Properties of Highly Secure Devices].
 +
* [https://devops.com/devsecops-implementation-source-composition-analysis/ DevSecOps Implementation: Source Composition Analysis] encourages a smart evaluation of how to control your software supply chain.
 +
* [https://www.zdnet.com/article/botnets-have-been-silently-mass-scanning-the-internet-for-unsecured-env-files/ Botnets have been silently mass-scanning the internet for unsecured ENV files] encourages better storage of secrets outside of text files.
 +
* [https://www.zdnet.com/article/drupal-sites-vulnerable-to-double-extension-attacks/ Drupal sites vulnerable to double-extension attacks], encouraging us to remember that old vulns are destined for re-invention.

Latest revision as of 23:03, 22 November 2020

Articles