Warm & Fuzzy – ASW #92

Apps must protect the data they collect. How can DevOps teams apply effective controls like strong authentication and authorization? How do cloud services help or hinder encrypting data? Envelope encryption uses multiple keys to protect data. It's a scalable pattern for protecting data and is nicely documented for AWS, Azure, and GCP. Be warned that each provider uses slightly different terminology for the same principle components. Kubernetes also supports this pattern. Data is also an attack vector that apps must protect themselves against. How relevant is the security recommendation of "use input validation" for modern apps? How can apps that rely on user-generated content or microservice architectures handle data securely?

PoC Exploits Published For Microsoft Crypto Bug disclosed by NSA, Pratt & Whitney Expects GTF Engine Software Update on A220 Jet in Spring, Building a more private web: A path towards making third party cookies obsolete and making the User-Agent less revealing about the user, Introducing Microsoft Application Inspector, Vulnerability management requires good people and patching skills and DevSecOps: 10 Best Practices to Embed Security into DevOps are more like 10 verbs related to DevOps responsibilities.