Word of the Week
Can We Have “Detection as Code”?
One more idea that has been bugging me for years is an idea of “detection as code.” Why is it bugging me and why should anybody else care?
First, is “detection as code” just a glamorous term for what you did when you loaded your Snort rules in cvs in, say, 1999? Well, not exactly.
What I mean by “detection as code” is a more systematic, flexible and comprehensive approach to threat detection that is somewhat inspired by software development (hence the “as code” tag). Just as infrastructure as code (IaC) is not merely about treating your little shell scripts as real software, but about machine-readable definition files and descriptive models for infrastructure.
Why do we need this concept? This is a good question! Historically, from the days of first IDS (1987) to the sad days of “IDS is dead” (2003) and then to today, detection got a bit of a bad reputation. We can debate this, to be sure, but most would probably agree that threat detection never “grew up” to be a systematic discipline, with productive automation and predictable (and predictably good!) results. In fact, some would say that “Your detections aren’t working.” And this is after ~35 years of trying …
Word of the Week Special
“Security Architecture Review Of A Cloud Native Environment”
Due to its massive adoption, cloud computing has become a critical component for every enterprise. A large number of organisations want to migrate to the cloud, however, its security posture is still a blind spot for everyone. Nevertheless, we have seen a big rise in the number of requests to check the security posture of cloud infrastructure deployments.
In this blog post Anand Tiwari will talk about a cloud security assessment that he did for an organisation, which had recently moved their infrastructure from an on-prem to a cloud native solution (AWS). Assessment was carried out in two parts, an architecture review was done and a security gap analysis was performed. The blog will detail how the assessment was conducted and why a cloud security assessment is needed, in addition to a standard application/infrastructure pen-test
Crypto challenge of the week
Book of the month
Designing APIs with Swagger and OpenAPI
A great introduction to the design process of APIs by helping you to understand OpenAPI and Swagger
Software is transforming the way that we live and work. We communicate with friends via social media on smartphones, and use websites to buy what we need and to learn about anything in the world. At work, software helps us organize our businesses, reach customers, and distinguish ourselves from competitors. Unfortunately, it is still challenging to produce high-quality software, and much of the software we do use has bugs and security vulnerabilities. Recent examples of problems caused by buggy software include uncontrollable acceleration in Toyota cars, personal information stolen from Facebook by Cambridge Analytica, and a glitch in Nest smart thermostats left many homes without heat. Just looking at one category of defect, software race conditions, we observe problems ranging from power outages affecting millions of people in the US Northeast in 2003 to deadly radiation overdoses from the Therac-25 radiation therapy machine. Program analysis is all about analysing software code to learn about its properties. Program analyses can find bugs or security vulnerabilities like the ones mentioned above. It can also be used to synthesize test cases for software, and even to automatically patch software. For example, Facebook uses the Getafix tool to automatically produce patches for bugs found by other analysis tools. Finally, program analysis is used in compiler optimizations in order to make programs run faster
Comic of the week
##Some OWASP stuff first