I’m a huge fan of the Cloud Custodian tool. If you hear the name for the first time - it’s an open-source rules engine for cloud security, cost optimization, and governance.

GitHub’s Dependabot feature allows you to detect and fix vulnerabilities in code dependencies for all your repositories (public and private). Despite being a handy tool in securing software supply chain, it’s missing a very important feature.

Removing secrets from git repo is straightforward. With help of BFG Cleaner and privileges to force push the modified history, it’s a piece of cake.

I believed this until I found I was partially wrong - removing something from git history doesn’t remove them from git repository’s history.

If you listen to anyone discussing AWS security, you probably heard about Amazon GuardDuty. It’s an intelligent “threat detection” service from AWS. It’s similar to an IDS system because it detects issues but doesn’t prevent them.

CloudQuery and Steampipe have very similar functionalities. The actual difference is with the way they work and the problems they solve. This blog post compares both the tools and helps you answer the question: What should I use - CloudQuery or Steampipe?

AWS WAF might be your first layer of defense for attacks on websites hosted on AWS. While WAF does its best at blocking web attacks, it doesn’t stop web abuses - like bot attacks involving API abuse. For example, submitting comments on pages, credential spraying, OTP bruteforce/resend, etc.