New for Amazon CodeGuru Reviewer – Detector Library and Security Detectors for Log-Injection Flaws

Publicada el febrero 15, 2022 por Stack Over Cloud

Amazon CodeGuru Reviewer is a developer tool that detects security vulnerabilities in your code and provides intelligent recommendations to improve code quality. For example, CodeGuru Reviewer introduced Security Detectors for Java and Python code to identify security risks from the top ten Open Web Application Security Project (OWASP) categories and follow security best practices for AWS Read more about New for Amazon CodeGuru Reviewer – Detector Library and Security Detectors for Log-Injection Flaws[…]

Apache Log4j 2 vulnerability CVE-2021-44228

Publicada el diciembre 11, 2021 por Stack Over Cloud

A critical security vulnerability has been identified in the popular “Apache Log4j 2” library. This vulnerability is identified as CVE-2021-44228. Log4j in Jenkins The Jenkins security team has confirmed that Log4j is not used in Jenkins core. Jenkins plugins may be using Log4j. You can identify whether Log4j is included with any plugin by running Read more about Apache Log4j 2 vulnerability CVE-2021-44228[…]

New – Amazon VPC Network Access Analyzer

Publicada el diciembre 2, 2021 por Stack Over Cloud

If you are a member of your organization’s networking, cloud operations, or security teams, you are going to love this new feature. The new Amazon VPC Network Access Analyzer helps you identify network configurations that lead to unintended network access. As you will see in a moment, it will point out ways that you can Read more about New – Amazon VPC Network Access Analyzer[…]

Jenkins project Confluence instance attacked

Publicada el septiembre 5, 2021 por Stack Over Cloud

Earlier this week the Jenkins infrastructure team identified a successful attack against our deprecated Confluence service. We responded immediately by taking the affected server offline while we investigated the potential impact. At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected. Thus far in our Read more about Jenkins project Confluence instance attacked[…]

Security Validator for Jenkins Operator for Kubernetes

Publicada el agosto 24, 2021 por Stack Over Cloud

Background Jenkins custom resources on a Kubernetes cluster are deployed using declarative YAML configuration files; hence some of the plugins declared in these files may contain security warnings. So there is no way for the user to know other than manually checking for each on the site. This project aims to add an extra step Read more about Security Validator for Jenkins Operator for Kubernetes[…]

Multi-Cloud and Hybrid Threat Protection with Sumo Logic Cloud SIEM Powered by AWS

Publicada el julio 16, 2021 por Stack Over Cloud

IT security teams need to have a real-time understanding of what’s happening with their infrastructure and applications. They need to be able to find and correlate data in this continuous flood of information to identify unexpected behaviors or patterns that can lead to a security breach. To simplify and automate this process, many solutions have Read more about Multi-Cloud and Hybrid Threat Protection with Sumo Logic Cloud SIEM Powered by AWS[…]

Easily Manage Security Group Rules with the New Security Group Rule ID

Publicada el julio 7, 2021 por Stack Over Cloud

At AWS, we tirelessly innovate to allow you to focus on your business, not its underlying IT infrastructure. Sometimes we launch a new service or a major capability. Sometimes we focus on details that make your professional life easier. Today, I’m happy to announce one of these small details that makes a difference: VPC security Read more about Easily Manage Security Group Rules with the New Security Group Rule ID[…]

Amazon CodeGuru Reviewer Updates: New Java Detectors and CI/CD Integration with GitHub Actions

Publicada el junio 24, 2021 por Stack Over Cloud

Amazon CodeGuru allows you to automate code reviews and improve code quality, and thanks to the new pricing model announced in April you can get started with a lower and fixed monthly rate based on the size of your repository (up to 90% less expensive). CodeGuru Reviewer helps you detect potential defects and bugs that Read more about Amazon CodeGuru Reviewer Updates: New Java Detectors and CI/CD Integration with GitHub Actions[…]

Four students and their master project in Jenkins security

Publicada el junio 22, 2021 por Stack Over Cloud

Context Jenkins is a CI/CD solution and as such, it is critical that the open source plugins that constitute an integral part of it don’t expose the systems they are used on to any security risks and vulnerabilities. It is in that context that we worked as an audit/code review team to track and report Read more about Four students and their master project in Jenkins security[…]

New – Multi-Factor Authentication with WebAuthn for AWS SSO

Publicada el noviembre 24, 2020 por Stack Over Cloud

Starting today, you can add WebAuthn as a new multi-factor authentication (MFA) to AWS Single Sign-On, in addition to currently supported one-time password (OTP) and Radius authenticators. By adding support for WebAuthn, a W3C specification developed in coordination with FIDO Alliance, you can now authenticate with a wide variety of interoperable authenticators provisioned by your Read more about New – Multi-Factor Authentication with WebAuthn for AWS SSO[…]