-
What is Security Chaos Engineering
Security chaos engineering is a subfield of chaos engineering that specifically focuses on testing and improving the security of a system. It involves deliberately introducing security-related failures or disruptions into a system in order to test its resilience and ability to recover from those failures or disruptions. Like traditional chaos engineering, security chaos engineering involves […]
-
OSS Security Tool Highlight: Sigstore Cosign
Sigstore Cosign is an open-source tool for securely storing and sharing cryptographic signatures. It is designed to help organizations and individuals verify the authenticity and integrity of digital documents and other types of files, using cryptographic signatures and public key infrastructure (PKI). https://github.com/sigstore/cosign Cryptographic signatures are a way of using cryptography to verify the authenticity […]
-
Summary of Lyft Security’s Open-Source Cartography
Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database. https://github.com/lyft/cartography The main goal of Cartography is to provide a high-level overview of a software system, highlighting key components, dependencies, and connections. It does this by parsing various types of data sources, such […]
-
Security Architecture Katas
Software security architecture katas are a set of exercises or challenges that help developers and security professionals build and maintain secure software systems. These katas can be used to improve knowledge and skills in key areas such as secure design and development, risk management, and threat modeling. One of the key benefits of software security […]
-
How to create a Security Chaos Engineering Experiment in Python
Security chaos engineering is the practice of intentionally introducing security incidents into a system in order to test and improve its resilience and response to unexpected events. This can help organizations to identify and fix vulnerabilities before they are exploited by attackers. Creating a security chaos engineering experiment in Python involves the following steps: It […]
-
AWS SCE Example Experiment: Elastic Kubernetes Service (EKS) Worker Node
Here is an example security chaos experiment in Python for Amazon Web Services (AWS) Elastic Kubernetes Service (EKS). This experiment simulates a scenario where an EKS worker node becomes unavailable, causing pods running on the node to be terminated. To run this experiment, you will need to have an AWS account and the AWS SDK […]
-
AWS SCE Example Experiment: IAM User Access Keys
Here is an example security chaos experiment in Python for Amazon Web Services (AWS) Identity and Access Management (IAM). This experiment simulates a scenario where an IAM user’s access keys are accidentally deleted, causing the user to lose access to their AWS resources. To run this experiment, you will need to have an AWS account […]
-
AWS SCE Example Experiment: Security Group Rule Deletion
Here is an example security chaos experiment in Python for Amazon Web Services (AWS). This experiment simulates a scenario where a security group rule is accidentally deleted, causing traffic to be blocked to an Amazon Elastic Compute Cloud (EC2) instance. To run this experiment, you will need to have an AWS account and the AWS […]
-
CyberBiz NameGen
https://misadventuresincyberland.com/cyberbizname.html
Misadventures in Cyberland: a blog about fresh approaches to cyber security
