Curious about how ATT&CK maps to sensor logs?
Our Defensive lead @LexOnTheHunt led a @MITREengenuity team to map ATT&CK data sources & data components to events in:
🪵 Auditd
🪵CloudTrail
🪵OSQuery
🪵Sysmon
🪵WinEvtx
🪵ZEEK
Check it out at https://t.co/zg00RxtavN!
Let's dive into the world of DevSecOps on Azure!
Why should you care about DevSecOps? It's because security is no longer an afterthought. In today's digital landscape, it's a critical aspect of every phase of development & deployment. This post will guide you through enhancing your DevSecOps practices. Stay tuned! 🚀
✅ Our journey begins with a crucial concept called 'Threat Modeling'. It involves understanding potential threats in the design phase, helping you to anticipate and mitigate vulnerabilities. Tools like the Microsoft Threat Modeling Tool can be a great help here.
- 🔽 Microsoft Threat Modeling Tool
https://t.co/9P39RXC2EM
- 🔽 Secure DevOps Kit for Azure
https://t.co/X0fX0fgTRl
✅ During the development phase, secure coding practices are adopted and IDE tools and plugins are used for code analysis. Most development involves third-party libraries, which often contain vulnerabilities. By addressing these helps to address security issues early in the lifecycle when they're easier to fix.
- 🔽 OWASP Secure Coding Practices Quick Reference Guide
https://t.co/4ltc0zVSew
- 🔽 SonarLint
https://t.co/nVv3tmar1U
- 🔽 DevSkim
https://t.co/uFiuBKyMlS
- 🔽 pre-commit-hooks
https://t.co/GMqHzMBTRN
- 🔽 Mend Bolt (formerly WhiteSource)
https://t.co/XiudtmgGM9
✅ In the build phase, automated scans are integrated into CI build pipelines. These pipelines enable security practices such as Static Code Analysis, Software Composition Analysis, and secrets scanning.
- 🔽 GitHub Advanced Security
https://t.co/CTEC30ipa3
- 🔽 Microsoft Defender for Cloud DevOps Security
https://t.co/XBqfuKLLXg
- 🔽 Dependabot
https://t.co/JtIHypj0hU
- 🔽 Azure Key Vault
https://t.co/6BQQR9uXFW
- 🔽 Azure Policy
https://t.co/wJ4ogMEiKK
✅ During the deployment phase, continuous deployment (CD) pipelines are established to deploy code to production in a secure and automated manner. This includes control over the access and workflow of the deployment pipeline.
- 🔽 ZAP - penetration testing
https://t.co/jffXGCroIj
- 🔽 Azure DevOps Security and Identity
https://t.co/29cjsXe2Yh
✅ In the operation phase, operation monitoring and security monitoring tasks are performed. Tools like Azure Monitor and Microsoft Sentinel are used to ensure compliance with enterprise security standards.
- 🔽 Azure Monitor
https://t.co/DYTkPm371Q
- 🔽 Microsoft Sentinel
https://t.co/2i66nUuFB0
🔽 Microsoft DevSecOps
https://t.co/io52bAGjtF
🔄 Found this post useful? Repost and share the knowledge! Follow for more insights into the world of #Azure, #CloudComputing, and more. Let's grow together! #devops #cloud #azuredevops #cicd #Security #DevSecOps
We're thrilled to announce the general availability of C# Dev Kit, a #VisualStudio@Code extension that brings an improved editor-first C# development experience to #Linux, #macOS, and Windows.
Learn more here ⤵️ https://t.co/MWCNJfI2a5
Learning PYTHON is so hard,
So, I've built a Complete PYTHON Guide in 24 days.
Includes this book:
→ syntax
→ keywords
→ and functions.
𝐖𝐨𝐫𝐭𝐡 $𝟐𝟗, 𝐛𝐮𝐭 𝐟𝐫𝐞𝐞 𝐭𝐨𝐝𝐚𝐲!
To get it, just:
1. Follow me
2. Like and Repost this post
3. Comment “PY”