A range of posts this week on cloud strategy, AWS, Node.js tools, supply chain security and more.
StackHawk sponsors Devops Weekly
gRPC is the popular choice for building microservices and distributed systems. Ensuring these APIs are secure and protected against vulnerabilities is essential. StackHawk is rolling out a private beta for gRPC API security testing. Register here:
A post on cloud strategy, using a useful model of technology, capability, innovation and business to discuss progression through four stages of adoption.
This next post looks at a useful categorisation of software supply chain attack initiators, and why categorising is useful when considering prevention and reaction.
A new AWS feature which means you can now pass an IAM role to every EC2 instance in your account using AWS Systems Manager. Interesting new threat vector as well.
Good reminder that building on top of highly reliable services doesn’t make your service reliable.
A post on the importance of testing in production, and why other forms of testing are necessary but not sufficient.
A quick preview of upcoming features in the upcoming 1.5 release of the software bill of materials format CycloneDX.
An overview of a set of tools (mapcidr, proxify, simplehttpserver, uncover, notify and cloudlist) intended for offensive security or testing, but more generally useful too, for expanding IP ranges, simple proxies and more..
The new release of Node.js (v19.7.0) comes with the ability to natively build single executables. Interesting.
No is a simple container build tool for Node.js, inspired by Ko for Go.