About this node
This node is intended to be a place for all security related discussions.
Want to manage this node?
If you are passionate about Security, take control of this node and drive the Security community.Send a request
Might be a major thing
Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs [updated]
IAM is great, but debugging policies is sometimes a little bit cumbersome, or time consuming, waiting for Cloudtrail to report the missing details... Here's a great update from AWS!
Move Over JSON – Policy Summaries Make Understanding IAM Policies Easier | AWS Security Blog
Many parts of this great article are not specific to serverless and could also help you approach your security in the cloud.
Thinking Serverless! Addressing Security Issues
If you are concerned about your secret management and haven't yet been able to use Vault or similar, this is really a required read, not so long, a very good and comprehensive landscape view of secrets management options available.
Secrets and LIE-abilities: The State of Modern Secret Management (2017) – On Docker
In web application security, identifying hackers early in the attack process is key to keep applications secure. This article explains the attack surface concept and how developers can protect themselves
When users put your app at risk. The attack surface iceberg - Sqreen Blog