https://platformengineering.org logo
Join the conversationJoin Slack
Channels
aws
azure
back-end
building-our-platform-engineering-team
chaos
documentation
envoys
envoyz
events
general
gitops
idp-architectural-design
idp-resources
intros
israel
it-meetups-organizers
jobs
kubernetes
loc-angola
loc-atlanta
loc-bangalore
loc-brazil
loc-canada
loc-dallas
loc-dcmetro
loc-france
loc-germany
loc-india
loc-irvine
loc-japan
loc-korea
loc-norway
loc-poland
loc-russia
loc-singapore
loc-vietnam
metrics
mychannel-
observability
outages
platform-coffee
platform-culture
platform-design
platform-engineering-in-edge-computing
platform-engineering-milan
platform-leadership
platform-stories
platform-tech
platformcon-news
platformk8sathome
platformscript
product_management
product-management
qualityassurance
security
serverless
support
team
terraform
test2
uk
verisure-commonservice-datastax
verisure-commonservice-datastax
Powered by Linen
security
  • c

    Carlos Aguayo

    10/26/2022, 8:26 PM
    Any thoughts here on WAF solutions -- Azure FD/WAF vs CloudFlare vs ???
  • r

    Ryan Alder

    10/26/2022, 8:35 PM
    I'm not a fan of cloudflare because they have to take control of your DNS. We have too many instances where a WAF is acting up and we need to swing DNS over to bypass it. If cloudflare goes down, you can't do that. We currently use EdgeCast CDN/WAF, no complaints, but it's not a super smart WAF.
  • c

    Carlos Aguayo

    10/26/2022, 11:51 PM
    I'm hearing that Sophos offers a good VM option, anyone tried their solution?
  • r

    Ross Hendrickson

    10/27/2022, 12:32 AM
    What is your use case? Scale considerations? regulatory environment etc? Budget?
  • c

    Carlos Aguayo

    10/29/2022, 5:32 PM
    @Ross Hendrickson I can't tell if your question is rhetorical, I know I need to do my own research to assess suitability; I'm just looking for success stories to narrow the list. We have a SaaS offering in Azure with lots of public-facing interfaces that presently use Front Door/Azure WAF. I'm finding it limiting, both for reporting and analysis and for rapid response, so I'm seeing whether there's a better choice that would ease the overhead and pain of incident response. We are a SOC2 compliant and are working towards IEEE-whatever certification soon. We have more money than person-time at the moment, and want the best solution to minimize overhead, both in cost and person time.
    s
    r
    • 3
    • 2
  • t

    Thameez

    01/02/2023, 8:54 AM
    Hey hey Any teleport users here? Running on everything ourselves (i.e not Teleport Cloud), on AWS with the usual HA architecture on ASG EC2 instances. Their upgrade process is abysmal when you are running auth-servers yourself, their suggested process is quite manual: - scale down the auth-server ASGs to one instance, - upgrade the binary, let it finish any migrations, - wait for it startup - no documented health-checks, but I've found some in their code - scale up the Auth ASG, rinse-repeat for all auth severs - then proceed to do the rest on all other components (which may live in different AWS accounts) in a similar fashion The fun part is catering for the ASGs in different accounts (and to ensure that all components are actually updated - but only after the auth servers have completed) ATM my plan is to have a CI pipeline in place which: - runs an ansible playbook which does the scaling, upgrading and waiting on the auth servers - builds a new packer AMI with the new version of teleport (used by all components in all the accounts) - this will ensure that the upgrade persists even after a scaling event - deploy a TF pipeline which uses the new AMI (in every account where teleport components run) Any better ideas?
    f
    s
    • 3
    • 3
  • s

    Sama Carlos Samame

    02/01/2023, 8:31 AM
    Hi! Today we are launching a free open source audit logs to help devs integrate this security feature into their products. Your feedback is much appreciated 🙏 https://www.producthunt.com/posts/open-source-audit-logs-by-boxyhq
  • f

    Federico Maggi

    02/10/2023, 12:11 PM
    Hi there! At Mia-Platform we are protecting our customers using an open source product we launched some time ago; we have been using it in production for more than a year now and it's proving a really nice solution. I honestly believe it can help other products and companies as well, of course any feedback is welcome! 🙂 Check out Rönd: https://github.com/rond-authz/rond
  • g

    Guillaume Montard

    03/07/2023, 11:09 AM
    Hi all! I’m pleased to share a project we’ve been working on for the past 2 years with my team and that we Open Source today, a code security scanning tool (SAST). It allows you to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). Essentially, it provides built-in rules against a common set of security risks and vulnerabilities (OWASP Top 10), here are some practical examples: • Leakage of sensitive data through cookies, internal loggers, third-party logging services, and into analytics environments. • Usage of weak encryption libraries or misusage of encryption algorithms. • Unencrypted incoming and outgoing communication (HTTP, FTP, SMTP) of sensitive information. • Hard-coded secrets and tokens. • And many more! If you are SOC2 or ISO27001, there are good chances you are already using a SAST solution, it could be a good replacement, and hopefully a better one. If you’re not, it might be an opportunity to improve your application’s security. We currently support JavaScript and Ruby stacks, but more will follow. Let us know what you think and how we can improve it! https://github.com/Bearer/bearer
  • r

    Roxanne Burton

    03/08/2023, 6:51 PM
    https://www.linkedin.com/events/rethinkingnetworksecurityinahyb7033792634208808960/comments/
  • g

    Guillaume Montard

    03/29/2023, 2:17 PM
    We (Bearer.com) are hosting a Security Leaders Wine Tasting event in Paris Tuesday 4th of April (near République) 🍷🧸 There are already some great people from Doctolib, Pygment, DataDog or Vestiaire Collective joining us, if you’d like to be part of it, please let me know, we are always happy to make more room!
Powered by Linen
Title
g

Guillaume Montard

03/29/2023, 2:17 PM
We (Bearer.com) are hosting a Security Leaders Wine Tasting event in Paris Tuesday 4th of April (near République) 🍷🧸 There are already some great people from Doctolib, Pygment, DataDog or Vestiaire Collective joining us, if you’d like to be part of it, please let me know, we are always happy to make more room!
View count: 1