Set Out for a Discord Adventure! Check Out Our Roll20 Adventure & D&D Shop Collection
Discord Blog
Set Out for a Discord Adventure! Check Out Our Roll20 Adventure & D&D Shop Collection
ARCHIVED: AWS Security Best Practices
This paper has been archived For the latest Security, Identity and Compliance content, refer to: https://aws.amazon.com/architecture/security-identity-compliance/ AWS ã‚»ã‚ュリティã®ãƒ™ã‚¹ãƒˆ プラクティス 2016 å¹´ 8 月 This paper has been archived For the latest Security, Identity and Compliance content, refer to: https://aws.amazon.com/architecture/security-identity-compliance/ ©2016, Amazon Web Services, Inc. or its a
flAWS
_____ _ ____ __ __ _____ | || | / || |__| |/ ___/ | __|| | | o || | | ( \_ | |_ | |___ | || | | |\__ | | _] | || _ || ` ' |/ \ | | | | || | | \ / \ | |__| |_____||__|__| \_/\_/ \___| Welcome to the flAWS challenge! Brought to you by Scott Piper Through a series of levels you'll learn about common mistakes and gotchas when using Amazon Web Services (AWS). There are no SQL injection, XSS, buffer ove
IAM ã§ã®ã‚»ã‚ュリティã®ãƒ™ã‚¹ãƒˆãƒ—ラクティス - AWS Identity and Access Management
AWS ã®ãƒªã‚½ãƒ¼ã‚¹ã‚’ä¿è·ã™ã‚‹ã«ã¯ã€AWS Identity and Access Management (IAM) を使用ã™ã‚‹éš›ã®ä»¥ä¸‹ã®ãƒ™ã‚¹ãƒˆãƒ—ラクティスã«å¾“ã£ã¦ãã ã•ã„。 人間ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒä¸€æ™‚çš„ãªèªè¨¼æƒ…å ±ã‚’ä½¿ç”¨ã—㦠AWS ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹å ´åˆã« ID プãƒãƒã‚¤ãƒ€ãƒ¼ã¨ã®ãƒ•ã‚§ãƒ‡ãƒ¬ãƒ¼ã‚·ãƒ§ãƒ³ã‚’使用ã™ã‚‹ã“ã¨ã‚’å¿…é ˆã¨ã™ã‚‹ 人間ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¨ã¯ã€åˆ¥å人間 ID ã¨å‘¼ã°ã‚Œã€äººã€ç®¡ç†è€…ã€ãƒ‡ãƒ™ãƒãƒƒãƒ‘ーã€ã‚ªãƒšãƒ¬ãƒ¼ã‚¿ãƒ¼ã€ãŠã‚ˆã³ã‚¢ãƒ—リケーションã®ã‚³ãƒ³ã‚·ãƒ¥ãƒ¼ãƒžãƒ¼ã‚’指ã—ã¾ã™ã€‚人間ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯ AWS ã®ç’°å¢ƒã¨ã‚¢ãƒ—リケーションã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ãŸã‚ã® ID ã‚’æŒã£ã¦ã„ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚組織ã®ãƒ¡ãƒ³ãƒãƒ¼ã§ã‚る人間ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯ã€ãƒ¯ãƒ¼ã‚¯ãƒ•ã‚©ãƒ¼ã‚¹ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ã¨ã‚‚呼ã°ã‚Œã¾ã™ã€‚人間ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã«ã¯ã€ã‚ãªãŸã¨å…±åŒä½œæ¥ã‚’è¡Œã†å¤–部ユーザーやã€ã‚ãªãŸã® AWS ã®ãƒªã‚½ãƒ¼ã‚¹ã‚’æ“作ã™ã‚‹å¤–部ユーザーもå«ã¾ã‚Œã¾ã™ã€‚ã“ã®æ“作ã¯ã€ã‚¦ã‚§ãƒ–ブラウザã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³
About · Container Security Book
Container Security Book âš ï¸ã“ã®æ–‡æ›¸ã¯è£½ä½œä¸ã®ã‚‚ã®ã§ã™ About ã“ã‚Œã‹ã‚‰ Linux コンテナã®ã‚»ã‚ュリティをå¦ã³ãŸã„人ã®ãŸã‚ã®æ–‡æ›¸ã§ã™ã€‚ 普段ã‹ã‚‰ã‚³ãƒ³ãƒ†ãƒŠã‚’扱ã£ã¦ã„ã‚‹ãŒã€ã‚³ãƒ³ãƒ†ãƒŠã®åŸºç¤ŽæŠ€è¡“ã‚„ã‚»ã‚ュリティã«ã¤ã„ã¦ã¯åˆ†ã‹ã‚‰ãªã„ã¨ã„ã†äººãŒã€ãれらをç†è§£ã§ãる足ãŒã‹ã‚Šã«ãªã‚‹ã‚ˆã†ã«æ›¸ã‹ã‚Œã¦ã„ã¾ã™ã€‚ 誤å—脱å—ã‚„é–“é•ã„ãªã©ã‚れ㰠https://github.com/mrtc0/container-security-book ã« Issue ã‚‚ã—ã㯠Pull Request ã‚’ç«‹ã¦ã¦ãã ã•ã„。 ã”æ„見ã€ã”感想ç‰ã¯ Twitter ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚° #container_security ã§ãƒ„イートをãŠé¡˜ã„ã—ã¾ã™ã€‚ License ã“ã®æ›¸ç±ã«è¨˜è¿°ã•ã‚Œã¦ã„ã‚‹ã™ã¹ã¦ã®ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ã¯ MIT ライセンスã¨ã—ã¾ã™ã€‚ ã¾ãŸã€æ–‡ç« 㯠Creative Commons Attribution
[PDF] NIST Special Publication 800-190 Application Container Security Guide
NIST Special Publication 800-190 Application Container Security Guide Murugiah Souppaya John Morello Karen Scarfone This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-190 C O M P U T E R S E C U R I T Y NIST Special Publication 800-190 Application Container Security Guide Murugiah Souppaya Computer Security Division Information Technology Laboratory John Morello
Part 1: Debugging Go in prod using eBPF | Pixie Labs Blog
This is the first in a series of posts describing how we can debug applications in production using eBPF, without recompilation/redeployment. This post describes how to use gobpf and uprobes to build a function argument tracer for Go applications. This technique is also extendable to other compiled languages such as C++, Rust, etc. The next sets of posts in this series will discuss using eBPF for
PCI Security Standards Council
Locate approved devices and payment solutions for use at the point of sale, and point-to-point encryption solutions to protect cardholder data.
Bell Labs and CSP Threads
Introduction This page is a slice of the history of concurrent programming, focusing on one particular lineage of Hoare's language of communicating sequential processes (CSP) [1] [1a]. Concurrent programming in this style is interesting for reasons not of efficiency but of clarity. That is, it is a widespread mistake to think only of concurrent programming as a means to increase performance, e.g.,
Sampling v. tracing
Perf is probably the most widely used general purpose performance debugging tool on Linux. There are multiple contenders for the #2 spot, and, like perf, they're sampling profilers. Sampling profilers are great. They tend to be easy-to-use and low-overhead compared to most alternatives. However, there are large classes of performance problems sampling profilers can't debug effectively, and those p
Mission Control: A History of the Urban Dashboard
Mission Control Center, Houston, 1965. [NASA]We know what rocket science looks like in the movies: a windowless bunker filled with blinking consoles, swivel chairs, and shirt-sleeved men in headsets nonchalantly relaying updates from “Houston†to outer space. Lately, that vision of Mission Control has taken over City Hall. NASA meets Copacabana, proclaimed the New York Times, hailing Rio de Janeir
Building a high performance JSON parser
JSON is important, damn near everything that we do as programmers or operators involves JSON at some point. JSON decoding is expensive, if your product talks JSON then performance of marshalling data in and out of JSON is important. This is a talk about designing an efficient replacement for encoding/json.Decoder.
bliki: CQRS
CQRS stands for Command Query Responsibility Segregation. It's a pattern that I first heard described by Greg Young. At its heart is the notion that you can use a different model to update information than the model you use to read information. For some situations, this separation can be valuable, but beware that for most systems CQRS adds risky complexity. The mainstream approach people use for i
Event Sourcing
Capture all changes to an application state as a sequence of events. This is part of the Further Enterprise Application Architecture development writing that I was doing in the mid 2000’s. Sadly too many other things have claimed my attention since, so I haven’t had time to work on them further, nor do I see much time in the foreseeable future. As such this material is very much in draft form and
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
クラウドセã‚ュリティガイドライン活用ガイドブック(METI/経済産æ¥çœï¼‰
What is DevOps? Research and Solutions  | Google Cloud
An Introduction to Residuality Theory: Software Design Heuristics for Complex Systems
https://www.cs.ru.nl/bachelors-theses/2020/Joren_Vrancken___4593847___A_Methodology_for_Penetration_Testing_Docker_Systems.pdf
The Tail at Scale
https://docs.broadcom.com/doc/microservice-architecture-aligning-principles-practices-and-culture
{{#tags}}- {{label}}
{{/tags}}