Logo

Testlab

  • Cloud tools

Notes

  • Introduction
    • What?
    • Why?
    • How?
  • The story sofar
    • DevOps
    • TL;DR
    • The infinite loop
    • DevSecOps
    • Shifting left
    • Resources
  • Growing list of challenges
    • Security silos
    • Lack of visibility & prioritisation
    • Stringent processes
    • Promote autonomy of teams
    • Visibility and transparency
    • Understanding and empathy
  • SSDLC methodologies
    • Microsoft’s SDL
    • OWASP’s S-SDLC
    • The Software Assurance Maturity Model (SAMM)
    • Building Security In Maturity Model (BSIMM)
    • Resources
  • Implementing SSDLC
    • Security posture
    • SSDLC processes
  • Risk assessment
    • Types of risk assessments
      • Qualitative risk assessment
      • Quantitative risk assessment
    • Real-world
  • Privacy Impact Assessment (PIA)
    • Privacy data attributes
    • GDPR security requirements
  • Threat modelling
    • Methods
      • STRIDE
      • DREAD
      • PASTA
    • Example threat matrices
    • Example threat matrices
      • DevOps threat matrix (Microsoft)
      • Common threat matrix for CI/CD pipeline (Mercari)
  • Secure coding
    • Secure coding awareness training
    • Tool evaluation
    • Secure compiling
  • Security-testing plan and practices
    • Vulnerability assessment
    • Penetration testing
    • Pros and Cons
      • Vulnerability assessment
      • Penetration testing
    • Secure code review & analysis
    • Code analysis
      • SAST
      • SCA
      • DAST
      • IAST
      • RASP
    • Choosing tools
    • When and where?
  • Security automation
    • Development
    • Web testing in proactive/proxy mode
  • Shared responsibility
    • AWS
    • Azure
    • GCP
  • Securing virtual machines
    • Best practices
  • Securing managed database services
    • Best practices
  • Securing containers
    • Best practices
  • Securing serverless/function as a service
    • Best practices
  • Securing object storage
    • Best practices
  • Securing block storage
    • Best practices
  • Securing file storage
    • Best practices
  • Securing the container storage interface
    • Best practices
  • Securing virtual networking
    • Best practices
  • Securing DNS services
    • Best practices
  • Securing CDN services
    • Best practices
  • Securing VPN services
    • Best practices
  • Securing DDoS protection services
    • Best practices
  • Securing WAF services
    • Best practices
  • Identity management
    • AD
    • AAD
    • Cloud providers
  • Monitoring and auditing

Labs

  • AWS Well-architected Labs: Security
  • Microsoft Azure Well-Architected Framework - Security
  • Google cloud Security Engineer Learning Path
  • CloudAcademy Security Training Library
  • Set up labs for trainings

CI/CD

  • Introduction
    • What?
    • Why?
    • How?
  • Docker
    • Configuration best practices
    • Image best practices
    • Monitoring best practices
    • Resources
  • Code and Git
    • Clean Git
    • Linting
    • Static Application Security Testing (SAST)
    • Dynamic Application Security Testing (DAST)
    • Data security procedures
    • Zero-trust principles
    • Automation
    • Resources
  • Artifacts
    • Supply-chain Levels for Software Artifacts (SLSA)
    • Resources

AWS

  • Introduction
    • What?
    • Why?
    • How?
  • Elastic Compute Cloud (EC2)
    • Authenticating to an instance
      • Best practices
    • Network access to an instance
      • Best practices
    • Instance metadata
    • Serial console connection
      • Best practices
    • Patch management
      • Best practices
    • Backups
      • Best practices
  • RDS for MySQL
    • Configuring IAM
      • Best practices
    • Securing network access
      • Best practices
    • Stored data
      • Best practices
    • Conducting auditing and monitoring
      • Best practices
  • Elastic Container Service (ECS)
    • Configuring IAM
      • Best practices
    • Network access
      • Best practices
    • Conducting auditing and monitoring
      • Best practices
    • Enabling compliance
      • Best practices
  • Elastic Kubernetes Service (EKS)
    • Configuring IAM
      • Best practices
    • Network access
      • Best practices
    • Conducting auditing and monitoring
      • Best practices
    • Enabling compliance
      • Best practices
  • AWS Lambda
    • Configuring IAM
      • Best practices
    • Network access to AWS Lambda
      • Best practices
    • Conducting auditing and monitoring
      • Best practices
    • Conducting compliance, configuration change, and secure coding
      • Best practices
  • Simple Storage Service (S3)
    • Authentication and authorisation
      • Best practices
    • Network access
      • Best practices
    • Auditing and monitoring
      • Best practices
  • Elastic Block Store (EBS)
    • Best practices
  • Elastic File System (EFS)
    • Authentication and authorisation
      • Best practices
    • Network access
      • Best practices
    • Conducting auditing and monitoring
      • Best practices
  • Container Storage Interface (CSI)
    • Best practices
  • Virtual Private Cloud (VPC)
    • Network access
      • Best practices
    • Monitoring
      • Best practices
  • Route 53
    • Best practices
  • CloudFront
    • Best practices
  • Site-to-Site VPN
    • Best practices
  • Client VPN
    • Best practices
  • Shield
    • Best practices
  • AWS WAF
    • Best practices
  • AWS IAM
    • AWS IAM terminology:
    • AWS IAM policy evaluation logic
    • Best practices securing AWS IAM
    • Best practices auditing AWS IAM
  • Directory Service
  • Configuring MFA

Azure

  • Introduction
    • What?
    • Why?
    • How?
  • Virtual Machines
    • Authenticating to a VM
      • Best practices
    • Network access to a VM
      • Best practices
    • Serial console connection
      • Best practices
    • Patch management
      • Best practices
    • Backups
      • Best practices
  • Database for MySQL
    • Configuring IAM
      • Best practices
    • Network access to a managed MySQL
      • Best practices
    • Stored data
      • Best practices
    • Conducting auditing and monitoring
      • Best practices
  • Container Instances (ACI)
    • Configuring IAM for ACI
      • Best practices
    • Conducting auditing and monitoring
      • Best practices
    • Enabling compliance
      • Best practices
  • Kubernetes Service (AKS)
    • Configuring IAM
      • Best practices
    • Network access
      • Best practices
    • Conducting auditing and monitoring
      • Best practices
    • Enabling compliance
      • Best practices
  • Functions
    • Configuring IAM
      • Best practices
    • Data and network access
      • Best practices
    • Conducting auditing and monitoring
      • Best practices
    • Conducting compliance, configuration change, and secure coding
      • Best practices
  • Blob storage
    • Authentication and authorisation
      • Best practices
    • Network access
      • Best practices
    • Auditing and monitoring
      • Best practices
  • Managed disks
    • Best practices
  • Files
    • Authentication and authorisation
      • Best practices
    • Network access
      • Best practices
    • Auditing and monitoring
      • Best practices
  • Container Storage Interface (CSI)
    • Best practices
  • Virtual Network (VNet)
    • Network access
      • Best practices
    • Monitoring
      • Best practices
  • Managed DNS
    • Best practices
  • Content delivery network (CDN)
    • Best practices
  • Site-to-Site VPN
    • Best practices
  • Point-to-Site VPN
    • Best practices
  • DDoS Protection
    • Best practices
  • WAF
    • Best practices
  • Azure AD
    • Azure AD terminology
    • Best practices securing Azure AD
    • Best practices auditing Azure AD

GCP

  • Introduction
    • What?
    • Why?
    • How?
  • Compute Engine (GCE) and VM instances
    • Authenticating to a VM instance
      • Best practices
    • Network access to a VM instance
      • Best practices
    • Serial console connection
      • Best practices
    • Patch management
      • Best practices
  • SQL for MySQL
    • Configuring IAM
      • Best practices
    • Network access
      • Best practices
    • Stored data
      • Best practices
    • Conducting auditing and monitoring
      • Best practices
  • Kubernetes Engine (GKE)
    • Configuring IAM
      • Best practices
    • Network access
      • Best practices
    • Conducting auditing and monitoring
      • Best practices
    • Enabling compliance
      • Best practices
  • Functions
    • Configuring IAM
      • Best practices
    • Data and network access
      • Best practices
    • Conducting auditing and monitoring
      • Best practices
  • Storage
    • Authentication and authorisation
      • Best practices
    • Network access
      • Best practices
    • Auditing and monitoring
      • Best practices
  • Persistent Disk
    • Best practices
  • Filestore
    • Authentication and authorisation
      • Best practices
    • Network access
      • Best practices
  • Container Storage Interface (CSI)
    • Best practices
  • Virtual Private Cloud (VPC)
    • Network access
      • Best practices
    • Monitoring
      • Best practices
  • Managed DNS
    • Best practices
  • Content delivery network (CDN)
    • Best practices
  • Managed VPN
    • Best practices
  • Armor
    • Best practices
  • Google Cloud IAM
    • Google Cloud IAM terminology
    • GCP policy evaluation
    • Best practices securing cloud IAM
    • Best practices auditing cloud IAM
DevSecOps
  • Ty Myrddin Home
  • Unseen University
  • Improbability Blog
  • About
  • Contact

Introduction

What?

Securing GCP services.

Why?

To be able to support the desperate better.

How?

  • Compute Engine (GCE) and VM instances

  • SQL for MySQL

  • Kubernetes Engine (GKE)

  • Functions

  • Storage

  • Permanent Disk

  • Filestore

  • Container Storage Interface (CSI)

  • Virtual Private Cloud (VPC)

  • Managed DNS

  • Content delivery network (CDN)

  • Managed VPN

  • Google Cloud IAM

Previous Next
Unseen University, 2024, with a forest garden fostered by /ut7.