Day 26: Security Automation with GitHub Actions | #CybersecurityAwarenessMonth 2023
Welcome to Day 26 of Cybersecurity Awareness Month! Today, we're delving into the powerful realm of GitHub Actions. It's not just for developers - learn how to leverage it for robust DevSecOps and security automation.
From automatic security checks to continuous testing, discover how GitHub Actions can fortify your workflows. Dive into hands-on courses on AppSecEngineer and amplify your skills in DevSecOps and security automation today!
Ever wondered about the buzz around "as a service" offerings? In this video, we break it down for you. Join us as we dive into the world of storage, database, infrastructure, and more - all delivered as a service by third-party cloud providers.
From the basic storage of files to fully hosted applications, each level offers a different degree of third-party cloud management.
[Free Ebook] Learn how to build a career in Cloud Security, download Cloud Security Careers - https://www.appsecengineer.com/e-books/cloud-security-careers-a-beginners-guide
Start Learning Cloud Security with AppSecEngineer - https://www.appsecengineer.com/cloud-engineer
Gain expertise in AWS Security - https://checkout.appsecengineer.com/aws-security-specialist
Leave us a comment below on what you'd like us to discuss next. We're currently at Black Hat, and we're eager to address your burning questions.
#Saas #FaaS #IaaS #CaaS #Cloudservice #softwatedevelopment #shorts
#appsec #applicationsecurity #infosec #Security #securitytraining #training #handsonlearning #devsecops #Kubernetes #containers #threatmodelling #cloudsecurity #aws #azure #gcp #offensivesecurity #redteam #blueteam #purpleteam #cybersecurity #blackhat #infosectraining #skillgap #upskill #careers #techjobs #defcon #hackersummercamp #CybersecurityEducation
#HandsOnLabs #Certifications #SkillsGap #securityengineer #developer #cloudengineer #secuirtyarchitect #securitychampion #devopsengineer #devops #pentester #TeamTraining #AppSecEngineer #NeverStopLearning
...
https://www.youtube.com/watch?v=XSpK9rjCgxE
I don't need to tell you that Kubernetes is a complicated subsystem. And you need some kind of security or policy management tool that helps you actually automate the kind of workloads and the kind of.
The kind of resources that are deployed in #Kubernetes and that's why you need a policy management tool. Now, one of the things that you could have done in the past is look at a tool like OPA or something like that, which is the Open Policy Agent, which is a really powerful tool. It's not only in the past, you're going to learn, you will know. But the tool that I discovered recently was a tool called #Kyverno.
Policy-Management tools like Kyverno are essential to ensure that workloads running on your company's Kubernetes cluster, be it, EKS, AKS, GKE or Bare-Metal are run as per the company's security policies. With the PodSecurityPolicy object getting deprecated, solutions like OPA and Kyverno are essential for the security of your Kubernetes Cluster
Chapters
0:00 Pre-Start Intro
0:33 Follow AppSecEngineer on Social Media
0:51 The Need for Kubernetes Policy Management
1:58 Kyverno Intro
5:01 Kyverno Demo
10:49 Follow AppSecEngineer on Social Media
----------
#AppSecEngineer is a powerful training platform that delivers amazing hands-on training on AppSec, AWS Security, Cloud Security, Kubernetes, Container Security and Advanced Application Security.
AppSecEngineer is ideal for job seekers, knowledge seekers and companies that want to get their workforce equipped to handle real-world security issues with their newly minted and highly educated AppSec Engineers
Learn more about AWS Security at: https://appsecengineer.com/product/aws-network-security/
Twitter: https://twitter.com/AppSecEngineer
Linkedin: https://www.linkedin.com/company/appsecengineer/
...
https://www.youtube.com/watch?v=8fgrjBnxqi0
Looking to enhance your cybersecurity skills? In this video, we'll take you on a thrilling countdown of the hottest DevSecOps training platforms available right now! From practical hands-on experiences to gamified learning, we've got it all covered. Whether you're an AppSec professional or a security enthusiast, this is the ultimate guide to take your skills to the next level.
? Join us as we explore the leading platforms in the industry, including Practical DevSecOps, Intrinsec Security, Secure Code Warrior, Veracode Security, Avatao, SecureFlag, Security Compass, TryHackMe, Immersive Labs, Hack the Box, and the amazing AppSecEngineer!
? Get ready for in-depth reviews, highlights, and comparisons, and find the perfect training program tailored to your needs. No matter your skill level, we've got something for everyone!
? Don't miss out on the DevSecOps Bundle at $12: https://checkout.appsecengineer.com/devsecops-security-specialist
? #DevSecOps #Cybersecurity #Training #AppSec #LearnToProtect #SecureCoding #GamifiedLearning #HandsOnExperience #TopPlatforms #HackTheBox #AppSecEngineer #ImmersiveLabs #TryHackMe #SecurityCompass #SecureFlag #Avatao #VeracodeSecurity #SecureCodeWarrior #IntrinsecSecurity #PracticalDevSecOps
...
https://www.youtube.com/watch?v=fXdaPDW3Jq8
Find us at: https://www.appsecengineer.com/
Follow us on Twitter: https://twitter.com/AppSecEngineer
Follow us on LinkedIn: https://www.linkedin.com/company/appsecengineer
Growing your career in application security can be tricky, especially if you don't know how to get started.
After the pandemic in 2020 and 2021, how has the tech industry changed, and how does that affect your job prospects?
Aneesh Bhargav from AppSecEngineer answers these questions in this video. First, you need to keep your eye on 4 technology trends in 2022 and beyond:
- Cloud Security
- Kubernetes Security
- API Security
- DevSecOps
Beyond that, you can start doing 3 things right now to boost your chances at landing your AppSec dream job:
- Go beyond your AppSec curriculum (and talk about it online)
- Network and build your social contacts
- Learn to code
With these pro-tips, you should be able to get your AppSec career up and running in no time!
Timestamps:
00:00 - What changed the tech industry in 2022?
01:28 - Cloud security is a BIG deal
02:19 - Learn Kubernetes security
03:02 - Get on the API security bandwagon
03:46 - Become a DevSecOps pro
05:17 - Go beyond your AppSec curriculum
06:28 - Start socialising and build networks
07:47 - Learn to code
09:01 - Become an AppSecEngineer!
...
https://www.youtube.com/watch?v=HYu17VjK95M
Watch the full video here: https://www.youtube.com/watch?v=xsDn_kYrklI
We're absolutely buzzing with excitement to share that we'll be attending BlackHat USA 2023. But that's not all - this time, we've got something special in store for you. We're bringing not one, not two, but FOUR thrilling trainings from the experts at AppSecEngineer.
Here are the links to all are upcoming BlackHat trainings:
DevSecOps Masterclass 2023 Edition - https://www.blackhat.com/us-23/training/schedule/index.html#devsecops-masterclass--edition-30542
DevSecOps Masterclass AppSec Automation Edition - https://www.blackhat.com/us-23/training/schedule/#devsecops-masterclass-appsec-automation-edition-30540
Attacking the Application Supply Chain -
https://www.blackhat.com/us-23/training/schedule/#attacking-the-application-supply-chain--edition-30432
Attacking & Defending Cloud Applications - https://www.blackhat.com/us-23/training/schedule/#attacking-and-defending-aws-azure-and-gcp-cloud-applications-virtual-30591
In this Friday Fireside we had Aneesh Bhargav and Anushika Babu from our team, diving into all the amazing moments we had at BlackHat last year. The unexpected traction at our booth at the Innovation City last year, the incredible trainings we'll be offering this year, the exclusive swag you can get your hands on, and of course, they shared some valuable tips and tricks too!
Stay tuned and get ready to join us on an exciting journey through BlackHat USA 2023!
#appsec #applicationsecurity #infosec #appsecengineer #Security #securitytraining #training #handsonlearning #devsecops #Kubernetes #containers #threatmodelling #cloudsecurity #aws #azure #gcp #offensivesecurity #redteam #blueteam #purpleteam #cybersecurity #blackhat #infosectraining #skillgap #upskill #careers #techjobs
#CybersecurityEducation #PurpleTeam #defcon #hackersummercamp
#HandsOnLabs #Certifications #BounceBack #skillsgap #shorts
#TeamTraining #AppSecEngineer #NeverStopLearning
...
https://www.youtube.com/watch?v=rawchdr8Op0
Do you know how companies manage these SSRF vulnerabilities? Comment below.
Watch this full video https://youtu.be/gkbgeFjK-dI that covers the basics of SSRF, why is it the toughest vulnerability to fix and how to defend the SSRF attacks.
Never stop learning!
#appsecengineer #ssrf #vulnerability #appsec
...
https://www.youtube.com/watch?v=w-RwZFgaOcM
As the biggest provider of cloud services in the world by far, Amazon Web Services (#AWS) is a juggernaut powering the massive and complex applications deployed by entertainment giants, governments, and social networks. Given the sheer volume of user data they handle on a daily basis, it's only logical to assume they're the target of numerous security attacks and threats.
In this episode of Security Engineer Interview Questions, Abhay Bhargav answers the question: "What are the biggest AWS security vulnerabilities?"
Despite having very robust security across its services, most of the security issues that plague AWS-hosted apps tend to stem from the users' end, ie., the people deploying their apps on AWS. Security misconfigurations, access control and privilege issues, and more comprise the majority of security vulnerabilities found on AWS.
Here are some of the most common AWS vulnerabilities out there:
Misconfigured Access Control - #S3 Buckets
Subdomain Takeovers - S3/ #Cloudfront
Vulnerabilities with apps deployed on compute infrastructure
Host and Network hardening flaws
Privilege escalation of credentials from compute services
Watch the video to see a full breakdown of all of these, and ace that job interview!
Content of this video
0:00- Intro
01:08- What is the biggest AWS security vulnerability?
02:56- S3 bucket vulnerabilities
03:40- Subdomain takeovers
04:44- privilege right escalation vulnerability
05:20- Server side request attack forgery demo
14:18- Start access S3
17:21- Like and subscribe
---------
AppSecEngineer is a powerful training platform that delivers amazing hands-on training on AppSec, AWS Security, Cloud Security, Kubernetes, Container Security and Advanced Application Security.
#AppSecEngineer is ideal for jobseekers, knowledge seekers and companies that want to get their workforce equipped to handle real-world security issues with their newly minted and highly educated AppSec Engineers
Learn more about AWS Security at https://appsecengineer.com/aws-cloud-security-courses/
Twitter: https://twitter.com/AppSecEngineer
Linkedin: https://www.linkedin.com/company/appsecengineer/
#AWSsecurity #AWSvunerabilities
...
https://www.youtube.com/watch?v=mjQ2klZ0NQo
Ever wondered about the battle between symmetric and asymmetric encryption?
In this video, we break down the complexities! Discover the strengths and use cases of each - from the speed of symmetric to the heightened security of asymmetric.
Ready to up your security game? Kickstart your year of learning with AppSecEngineer! - https://www.appsecengineer.com/
...
https://www.youtube.com/watch?v=t9sRIyhbmYQ
Join us for an insightful Friday Fireside episode on January 26th with Bandana Kaur, a phenomenal 16-year-old cybersecurity enthusiast who recently achieved her ISC2 CC certification!
In this session, Bandana shares her journey and valuable insights on "Starting Your Security Career in 2024." From exam preparation strategies to essential tips and tricks, discover how to embark on a successful cybersecurity career.
Save the date and get ready to be inspired! Don't miss out on this conversation that could shape your cybersecurity journey.
Subscribe, hit the notification bell, and join us for a fireside chat like no other!
#CybersecurityCareer #ISC2CC
...
https://www.youtube.com/watch?v=kLp92TU61x0