Merge pull request #40 from danielvonwi/v3
adding BeyondCorp, Falco, SonarQube and STRIDE
This commit is contained in:
Bastian
GitHub
1
.gitignore
vendored
1
.gitignore
vendored
@@ -4,3 +4,4 @@ dist
|
|||||||
node_modules
|
node_modules
|
||||||
npm-debug.log
|
npm-debug.log
|
||||||
yarn-error.log
|
yarn-error.log
|
||||||
|
aoe_technology_radar.iml
|
||||||
|
|||||||
12
radar/2019-11-01/beyondcorp.md
Normal file
12
radar/2019-11-01/beyondcorp.md
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
title: "BeyondCorp"
|
||||||
|
ring: trial
|
||||||
|
quadrant: methods-and-patterns
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
BeyondCorp is a Zero Trust framework that evolved at Google.
|
||||||
|
With the surge of cloud technologies and micro services the network perimeter is ever disappearing.
|
||||||
|
This provides challenges for authentication of subjects that used to heavily rely on network segments.
|
||||||
|
With Zero Trust no assumption is made about how far something can be trusted, everything is untrusted by default and authentication and authorisation happens all the time, not just once.
|
||||||
|
While network segments and VPN connections may still have relevance in specific areas AOE is increasingly implementing BeyondCorp in all its components and services with implementing OAuth and OpenID Connect.
|
||||||
11
radar/2019-11-01/falco.md
Normal file
11
radar/2019-11-01/falco.md
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
title: "Falco"
|
||||||
|
ring: assess
|
||||||
|
quadrant: tools
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Falco is an open source project for intrusion and abnormality detection for Cloud Native platforms such as Kubernetes.
|
||||||
|
It detects abnormal application behavior and sends alerts via Slack, Fluentd, NATS, and more.
|
||||||
|
|
||||||
|
We are assessing Falco to add another angle to host based intrusion detection and alerting.
|
||||||
@@ -4,3 +4,6 @@ ring: trial
|
|||||||
quadrant: tools
|
quadrant: tools
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
At AOE, we are using SonarQube to get a historical overview of the code quality in our Projects. With SonarQube, you can get a quick insight into the condition of your code. It analyzes many languages and provides numerous static analysis rules.
|
||||||
|
SonarQube is also being used for Static Application Security Testing (SAST) which scans our code for potential security vulnerabilities and is an essential element of our Secure Software Development Lifecycle.
|
||||||
19
radar/2019-11-01/stride-threat-modeling.md
Normal file
19
radar/2019-11-01/stride-threat-modeling.md
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
title: "STRIDE Threat Modeling"
|
||||||
|
ring: trial
|
||||||
|
quadrant: methods-and-patterns
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
STRIDE is a model of threat groups that helps to identify security threats to any application, component or infrastructure.
|
||||||
|
|
||||||
|
The acronym stands for:
|
||||||
|
|
||||||
|
* Spoofing
|
||||||
|
* Tampering
|
||||||
|
* Repudiation
|
||||||
|
* Information disclosure
|
||||||
|
* Denial of service
|
||||||
|
* Elevation of privilege
|
||||||
|
|
||||||
|
AOE is applying the threat model in collaborative sessions using the [Elevation of Privilege Card Game](https://social.technet.microsoft.com/wiki/contents/articles/285.elevation-of-privilege-the-game.aspx) which helps to spark imagination and makes threats more tangible.
|
||||||
Reference in New Issue
Block a user