Fraser Scott

icon indicating a website link https://0x10.co icon indicating an email [email protected]

icon location UK

Results 23 comments of Fraser Scott

Look at options for blog posts

Github pages is an interesting idea. I've used it for a number of static sites, but haven't used jekyll yet. That would probably be pretty suitable for a blog.

Look at options for blog posts

Both of those look cool. I guess anything that involves not having to run a server is good, to keep things simple. Do they work with Github pages?

Look at options for blog posts

Great!

Look at options for blog posts

Looks good. Certainly makes sense for getting up and running without having to run infrastructure but still having tons of control.

Look at options for blog posts

Done: https://github.com/owasp-cloud-security/owasp-cloud-security-blog

Look at integrations with threat tools

Took a look at Threat Dragon again, it would be really easy to write a script that parses the saved JSON file and either adds threats based on the name...

IAM - Failed login attempts go un-noticed

I would say the threat in this case applies to IAM, but the mitigation is via CloudTrail and you'd still have to monitor those specific event types.

IAM - Attacker having knowledge of unused passwords can compromise the infrastructure

Related to https://github.com/owasp-cloud-security/owasp-cloud-security/blob/master/aws/iam/aws_iam_threats.yaml#L66 but this is a different threat.

EC2 - Attacker is able to restore a snapshot, thereby recovering all the data that is in the snapshot

See https://github.com/owasp-cloud-security/owasp-cloud-security/pull/111

Create an OWASP mailing list

Dropped an email to [email protected]