Welcome to this month's edition of the Security Roundup! Last month, we discussed API Security. This month, I'd like to take a look at cloud security, concentrating mostly on securing Amazon's AWS platform, and Docker's container environments. Hopefully, these resources can help increase your cloud security knowledge and put your CISO on cloud nine.
And, as a quick side note, if you're interested in writing for DZone, but don't have a topic in mind, come check out our Bounty Board, where you can win prizes for providing great content!
DZone: Defending Cloud City From the Empire
3 Steps to Becoming an AWS Security Specialist by Stuart Scott. AWS is one the biggest and best when it comes to cloud platforms. Read on to learn how to become an expert at securing AWS, by looking into the security services offered by AWS itself, as well as learning a little bit more about general cybersecurity techniques such as encryption.
Introduction to Docker Secrets by Dennis Bell. We introduce Docker secrets, which offer a secure way to store sensitive info such as username, passwords, and even files. Check out this article for great code snippets and explanations of Docker security, and keep your big blue whale friend safe and sound!
Essential (and Free) Security Tools for Docker by Jim Bird. In this post, we look at some of the best freely available Docker security solutions and explain what problem each of them helps to solve. These tools allow you to check for Trojan Horses, analyze dependencies for vulnerabilities, analyze your Docker images, and more. Check it out!
AWS Shared Responsibility Model: Cloud Security by Stuart Scott. AWS security best practices begin with the AWS Shared Responsibility Model that dictates which security controls are AWS's responsibility and which are yours. So if you're on the AWS cloud, check out this great resource for determining what security actions you should be taking.
3 Cloud Configuration Miskates to Avoid by David Brown. Network and cloud security are quickly becoming two of the most important branches of the security field due to the proliferation of the cloud. Learn how to keep your cloud safe through logging, authentication, and network configuration.
Cloudy With a Chance of Security
Docker Security Docs. Interested in learning more about security for Docker? Pull up to the Docker Docs dock, and check out this great resource from the security team at Docker.
AWS Cloud Security Developer Docs. As Amazon continues to overshadow the rest of the players in the cloud game, learning how to secure your AWS environments is only growing in importance. Check out the docs from AWS's team, but try not to look at gift horse in the mouth, or it might kick you so hard you'll be launched into the clouds.
Docker Security Tools: Audit and Vulnerability Assessment by Toni de la Fuente. Another great look at some tools that can help to your protect your Docker environments from vulnerabilities and malicious intrusion.
DZone Publications on Cloud Security
Getting Started With Docker Refcard: The Defacto Open-Source Container Solution by Christoper M. Judd. In what seems like an instant, Docker has become the benchmark for organizations to automate infrastructure, isolate applications, maintain consistency, and improve resource utilizations. In this Refcard, learn how to run a container, explore several useful commands, and discover how to create local Docker machines.
DZone's Guide to Proactive Security: Apps, Environments, and Messaging featuring articles by Boaz Shunami, Jeff Williams, Katie Strzempka, Chris Lamb, James Wickett, Ivan Dwyer, and Tom Smith. With the rise of high-profile ransomware and DDoS attacks comes a greater need than ever for powerful application security. The 2017 Guide to Proactive Security discusses the actions that experts are taking to combat the growing list of threats, and what developers can do to be proactive in securing their apps and processes.
Find Your Next Great Security Gig!
You'll work within the team to design, develop, deploy and operate security technologies and solve challenges around events, alerts, monitoring, intrusion detection, vulnerability detection and tracking, file integrity monitoring and other similar technologies and challenges at cloud scale. We automate and love challenges. The ideal candidate will have at least two years' experience in a technical security role.
The ideal candidate will be able to perform application and penetration tests on different platforms and technologies, conduct source code review to identify software program vulnerabilities and malicious embedded code, simulate real-time cyber-attacks using red team/blue team exercises, assist in continuously enhancing the existing penetration testing methodologies, and more!