Habr<p>Три мушкетера из мира DevSecOps. Внедряем инструменты для развития AppSec-процессов</p><p>Привет, Хабр! С вами Максим Коровенков, DevSecOps Lead в Купер.техе. Продолжаем цикл статей про построение DevSecOps с нуля. Это большой гайд from zero to, надеюсь, hero.</p><p><a href="https://habr.com/ru/companies/kuper/articles/890972/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">habr.com/ru/companies/kuper/ar</span><span class="invisible">ticles/890972/</span></a></p><p><a href="https://zhub.link/tags/asoc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>asoc</span></a> <a href="https://zhub.link/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a> <a href="https://zhub.link/tags/appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>appsec</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
9.8Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#ASOC
0 posts · 0 participants · 0 posts today
Habr<p>WAF: интеграция в SOC через SIEM или ASOC? (Часть 2)</p><p>Преимущества интеграции SOC и WAF для мониторинга API Здесь бы хотелось рассказать, как быть с событиями которые показывают аномалии в API и как использовать эти события при интеграции с SIEM-системами. Тут мы с Сергеем попробовали разобрать наиболее частые вариации. Но если у вас есть свои примеры – добро пожаловать в комментарии! Основные полезности, для условной 1-й линии SOC можно распределить на 2 группы: Мониторинг API-активности. SOC может использовать интегрированные в WAF системы обнаружения API для мониторинга активности взаимодействия с API, включая запросы, ответы, аутентификацию и авторизацию. Это позволяет обнаруживать подозрительную или незаконную активность, такую как несанкционированные попытки доступа или использование API для атак. Обнаружение аномалий в API-трафике: Интеграция с системами обнаружения API позволяет SOC анализировать трафик и обнаруживать аномалии, такие как необычные или аномально высокие объемы запросов, необычные паттерны поведения или подозрительные изменения в обработке данных. Подобные ситуации характерны для поведенческих атак, таких как: перебор паролей, перебор идентификаторов сессии, принудительный просмотр ресурсов веб‑приложения (Forced Browsing), подстановка учетных данных. В каких ситуациях это может быть важно. Аномалия в API-трафике, связанная с резким повышение количества запросов к конечным точкам инфраструктуры содержащих аутентификационные данные, например пароли, токены и секретные ключи. На иллюстрации ниже представлено отображение таких эндпоинтов в «ПроAPI Структура» с указанием типов чувствительных данных (токен, пароль и т.д.) и количества хитов/атак.</p><p><a href="https://habr.com/ru/companies/webmonitorx/articles/842138/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">habr.com/ru/companies/webmonit</span><span class="invisible">orx/articles/842138/</span></a></p><p><a href="https://zhub.link/tags/%D0%B8%D0%BD%D1%84%D0%BE%D1%80%D0%BC%D0%B0%D1%86%D0%B8%D0%BE%D0%BD%D0%BD%D0%B0%D1%8F_%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D1%8C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>информационная_безопасность</span></a> <a href="https://zhub.link/tags/%D0%BA%D0%B8%D0%B1%D0%B5%D1%80%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D1%8C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>кибербезопасность</span></a> <a href="https://zhub.link/tags/waf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>waf</span></a> <a href="https://zhub.link/tags/soc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>soc</span></a> <a href="https://zhub.link/tags/siem" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>siem</span></a> <a href="https://zhub.link/tags/asoc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>asoc</span></a> <a href="https://zhub.link/tags/application_security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>application_security</span></a> <a href="https://zhub.link/tags/api" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>api</span></a> <a href="https://zhub.link/tags/web_security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>web_security</span></a> <a href="https://zhub.link/tags/web_application_firewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>web_application_firewall</span></a></p>
Habr<p>AppSec-платформа для сотен миллионов строк кода</p><p>Сегодня я хочу рассказать про нашу внутреннюю AppSec-разработку – платформу Security Gate. Начну с предпосылок для ее создания, подробно опишу архитектуру решения и поделюсь открытиями и маленькими неожиданностями, которые ждали нас (и могут ждать любого в рамках построения похожего инструмента). В этой статье мы оставим за рамками то, какое значение имеет UX в построении платформы — об этом можно написать отдельную статью, поскольку этой теме хочется уделить особое внимание.</p><p><a href="https://habr.com/ru/companies/vk/articles/824496/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">habr.com/ru/companies/vk/artic</span><span class="invisible">les/824496/</span></a></p><p><a href="https://zhub.link/tags/appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>appsec</span></a> <a href="https://zhub.link/tags/asoc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>asoc</span></a> <a href="https://zhub.link/tags/application_security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>application_security</span></a> <a href="https://zhub.link/tags/%D1%80%D0%B0%D0%B7%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B0" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>разработка</span></a> <a href="https://zhub.link/tags/%D0%B8%D0%BD%D1%84%D0%BE%D1%80%D0%BC%D0%B0%D1%86%D0%B8%D0%BE%D0%BD%D0%BD%D0%B0%D1%8F_%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D1%8C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>информационная_безопасность</span></a></p>
APECS Germany<p>📢 Event alert: How do ❄️polar scientists 🥼 contribute to decision making and policy? (And how do ECRs get involved in this?)</p><p>We are hosting three events 🗓️ to give you a crash-course overview of this topic as well as the opportunity to talk to some experts directly. You can attend as many or few of the events as you like, all times are in CEST (Berlin time).</p><p><a href="https://apecs-germany.de/lets-talk-polar-policy-and-governance/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">apecs-germany.de/lets-talk-pol</span><span class="invisible">ar-policy-and-governance/</span></a></p><p><a href="https://wisskomm.social/tags/PolarScience" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PolarScience</span></a> <a href="https://wisskomm.social/tags/Antarctica" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Antarctica</span></a> <a href="https://wisskomm.social/tags/Arctic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Arctic</span></a> <a href="https://wisskomm.social/tags/SOOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOOS</span></a> <a href="https://wisskomm.social/tags/CCAMLR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CCAMLR</span></a> <a href="https://wisskomm.social/tags/ASOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ASOC</span></a> <a href="https://wisskomm.social/tags/SCAR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SCAR</span></a> <a href="https://wisskomm.social/tags/AntarcticTreaty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AntarcticTreaty</span></a> <a href="https://wisskomm.social/tags/ArcticCouncil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ArcticCouncil</span></a> <a href="https://wisskomm.social/tags/PolarPolicy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PolarPolicy</span></a></p>
Melinda Marks<p>It's taken me almost a year to write (and edit) my rant about categories and acronyms in cybersecurity. Which acronyms or categories annoy you the most? Security teams don't need more tools, they need efficient ways to mitigate risk and respond quickly to threats or attacks - especially now to keep up with faster development cycles.<br><a href="https://www.techtarget.com/searchsecurity/opinion/Cloud-native-app-security-Ignore-acronyms-solve-problems" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">techtarget.com/searchsecurity/</span><span class="invisible">opinion/Cloud-native-app-security-Ignore-acronyms-solve-problems</span></a><br><a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsecurity</span></a> <a href="https://infosec.exchange/tags/applicationsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>applicationsecurity</span></a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>appsec</span></a> <a href="https://infosec.exchange/tags/cspm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cspm</span></a> <a href="https://infosec.exchange/tags/sast" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sast</span></a> <a href="https://infosec.exchange/tags/dast" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dast</span></a> <a href="https://infosec.exchange/tags/iast" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iast</span></a> <a href="https://infosec.exchange/tags/sca" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sca</span></a> <a href="https://infosec.exchange/tags/sbom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sbom</span></a> <a href="https://infosec.exchange/tags/ciem" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ciem</span></a> <a href="https://infosec.exchange/tags/asoc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>asoc</span></a> <a href="https://infosec.exchange/tags/dspm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dspm</span></a> <a href="https://infosec.exchange/tags/aspm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>aspm</span></a> <a href="https://infosec.exchange/tags/cnapp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cnapp</span></a> <a href="https://infosec.exchange/tags/cdr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cdr</span></a> <a href="https://infosec.exchange/tags/mdr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mdr</span></a> <a href="https://infosec.exchange/tags/itdr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itdr</span></a> <a href="https://infosec.exchange/tags/ndr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ndr</span></a> <a href="https://infosec.exchange/tags/mdr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mdr</span></a> <a href="https://infosec.exchange/tags/xdr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>xdr</span></a> <a href="https://infosec.exchange/tags/edr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>edr</span></a> <a href="https://infosec.exchange/tags/cnapp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cnapp</span></a> <a href="https://infosec.exchange/tags/wapp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>wapp</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/ciso" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ciso</span></a> <a href="https://infosec.exchange/tags/cso" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cso</span></a></p>
Melinda Marks<p>Looking forward to moderating this panel at <a href="https://infosec.exchange/tags/AppSecCon23" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSecCon23</span></a> on Alphabet Soup: addressing the acronyms in cybersecurity including <a href="https://infosec.exchange/tags/ASOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ASOC</span></a>, <a href="https://infosec.exchange/tags/ASPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ASPM</span></a>, <a href="https://infosec.exchange/tags/RBVM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RBVM</span></a>, <a href="https://infosec.exchange/tags/UVM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UVM</span></a></p><p><a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsecurity</span></a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>appsec</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/purplebook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>purplebook</span></a></p><p><a href="https://infosec.exchange/tags/AppSecCon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSecCon</span></a></p><p><a href="https://infosec.exchange/tags/JourneyToAppSecMaturity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JourneyToAppSecMaturity</span></a></p>
Olaf Eisen<p>Statement of @AntarcticaSouth <a href="https://fediscience.org/tags/ASOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ASOC</span></a> on the <a href="https://fediscience.org/tags/Helsinki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Helsinki</span></a> Declaration on Climate Change for Antarctica adopted by @AntarcticTreaty <br>"The Antarctic Treaty Consultative meeting <a href="https://fediscience.org/tags/ATCM45" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ATCM45</span></a> ended this week with outcomes that do not reflect the magnitude of the <a href="https://fediscience.org/tags/climate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>climate</span></a> and <a href="https://fediscience.org/tags/biodiversity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>biodiversity</span></a> crises currently facing the region. ..." @iccenet <span class="h-card"><a href="https://mstdn.social/@Wwf" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Wwf</span></a></span> <br><span class="h-card"><a href="https://mas.to/@umwelthilfe" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>umwelthilfe</span></a></span> </p><p><a href="https://www.asoc.org/media-releases/atcm-2023-closing-press-release" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">asoc.org/media-releases/atcm-2</span><span class="invisible">023-closing-press-release</span></a></p>
https://purl.org/rzr#<p><a href="https://purl.org/rzr/playlist#" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">purl.org/rzr/playlist#</span><span class="invisible"></span></a> <a href="https://mastodon.social/tags/LEE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LEE</span></a> my playlist of related videos : <a href="https://mastodon.social/tags/ASoC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ASoC</span></a>: Supporting <a href="https://mastodon.social/tags/Audio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Audio</span></a> on an <a href="https://mastodon.social/tags/Embedded" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Embedded</span></a> Board <a href="https://mastodon.social/tags/LiveEmbedded" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LiveEmbedded</span></a> vent 2020</p>
heise online (inoffiziell)Es klingt nach Star Wars, doch tatsächlich hat die Sicherheit im Weltraum für Wirtschaft, Staat und Gesellschaft enorme Bedeutung gewonnen.<br><a href="https://www.heise.de/news/Bundeswehr-stellt-Weltraumoperationszentrum-in-Dienst-4906457.html" rel="nofollow noopener noreferrer" target="_blank">Bundeswehr stellt Weltraumoperationszentrum in Dienst</a><br>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload