Train your Security Champions in AWS security, DevSecOps, Kubernetes and more: https://www.appsecengineer.com/security-champions [Free ebook] Ultimate Guide to Building Security Champions: https://www.appsecengineer.com/e-books/the-ultimate-guide-to-building-security-champions Find us at: https://www.appsecengineer.com/ Twitter: https://twitter.com/AppSecEngineer LinkedIn: https://www.linkedin.com/company/appsecengineer #appsec #cybersecurity #softwaredevelopment #AppSecEngineer #devsecops ... https://www.youtube.com/watch?v=3cVExmoK5KQ

In this episode of "Last Week in AppSec" we look at - Facebook's Outage. It's always DNS. When it isn't, its BGP - Apache Web Server 0day - AWS's new Cloud Control API - SpiceDB with Google's Zanzibar #AppSec #FacebookOutage #AppSecEngineer ... https://www.youtube.com/watch?v=9yJEpLxWUd4

In this exclusive snippet of the AppSecEngineer Podcast featuring guest Mark Willis from Bluescape, Mark talks about how he approaches hiring new talent for a small company. Watch the full video here: https://www.youtube.com/watch?v=GJ_PVglEJvQ&t=242s Without the brand name or financial resources to hire the 'best of the best', how can small companies find and hire new talent and maintain a high standard of security competency? According to Mark, it's not about looking for people who have the best skills or the most experience (most of them will already be hired somewhere else), but you should be after candidates that can show they have the potential and willingness to learn and grow as professionals. ---------------- AppSecEngineer is a powerful training platform that delivers amazing hands-on training on AppSec, AWS Security, Cloud Security, Kubernetes, Container Security and Advanced Application Security. #AppSecEngineer​ is ideal for jobseekers, knowledge seekers and companies that want to get their workforce equipped to handle real-world security issues with their newly minted and highly educated AppSec Engineers Learn more about us at: https://appsecengineer.com Twitter: https://twitter.com/AppSecEngineer​ Linkedin: https://www.linkedin.com/company/appsecengineer/ ... https://www.youtube.com/watch?v=TAi5HpX8aWk

When it comes to storing secrets securely on any platform, there’s usually one go-to solution: #dataencryption. It’s incredibly hard to decrypt data that’s been encrypted without key. Sounds good, right? So...what’s the catch? Well, the encryption key. That’s the catch. Encryption keys are stored in plaintext format, so if someone with not-so-nice intentions gets their hands on it, there’s really nothing to stop them from decrypting your data and accessing it. To solve this, engineers use what’s called Envelope Encryption. What this newfangled technique does is use a ‘master key’ to encrypt the data key which encrypts the data itself. But you might be wondering: “If I encrypt my data key with a master key, how will I protect my master key?” Well, that’s what this video’s about! Our instructor Nithin Jois will be showing you how to first perform #envelopeencryption, and then use AWS Key Management Service to store and manage your master keys securely. If you’re into AWS security, don’t miss this one! Content of this video 0:00- Intro 2:12- Generate a symmetric key 2:55- What is envelope key? 4:16- Decrypt the data 9:09- Rotate the CMK 12:43- Like and subscribe to the channel ---------- AppSecEngineer is a powerful training platform that delivers amazing hands-on training on AppSec, AWS Security, Cloud Security, Kubernetes, Container Security and Advanced Application Security. AppSecEngineer​ is ideal for job seekers, knowledge seekers and companies that want to get their workforce equipped to handle real-world security issues with their newly minted and highly educated AppSec Engineers. #KMS #AppSecEngineer Learn more about AWS Security at: https://appsecengineer.com/product/aws-secrets/ Twitter: https://twitter.com/AppSecEngineer​ Linkedin: https://www.linkedin.com/company/appsecengineer/ ... https://www.youtube.com/watch?v=XZp3YrCcx5w