January - 2023

ReInforce the power of your AWS scanning with Trivy

LEVEL: BEGGINNER As we already know, AWS counts with a useful tool to scan our images for vulnerabilities when we push them to our registry. On this TeraTip we are going to add an extra security layer: we are going to make use of an open-source tool called Trivy. Trivy is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues and targets where it can find those issues. Targets (what Trivy can scan): Container Image Filesystem Git Repo

Keeping our S3 buckets safe in transit and in rest

When using AWS S3, our favorite AWS service for keeping static files, we have two ways of uploading objects, by HTTP or HTTPS, when we (or our applications) store files using the HTTP endpoint of S3, all the traffic that we send to S3 travels unencrypted. If we use HTTP instead of HTTPS all requests and responses can be read by anyone monitoring the session so that any malicious actor can intercept the data. Never share your personal data on a website that doesn’t show the fo

What did AWS Re: Invent bring us in terms of Security?

Re: Invent is the most anticipated event by the AWS community, not only because of the networking and relationships that are based there but also because it is time to learn first-hand what new tools or features AWS will offer us for this new cycle. In the case of security, the announcements have contemplated various tools, let's see what they are about. Amazon Security Lake Allows you to centralize security events automatically from cloud, on-premises, and custom security so