Merge pull request #40 from danielvonwi/v3

adding BeyondCorp, Falco, SonarQube and STRIDE
2019-12-20 13:11:12 +01:00
parent 3b483bd7fc ac31732234
commit 90f3aa0705
5 changed files with 47 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -3,4 +3,5 @@
 dist
 node_modules
 npm-debug.log
-yarn-error.log
+yarn-error.log
+aoe_technology_radar.iml
--- a/radar/2019-11-01/beyondcorp.md
+++ b/radar/2019-11-01/beyondcorp.md
@@ -0,0 +1,12 @@
+---
+title:      "BeyondCorp"
+ring:       trial
+quadrant:   methods-and-patterns
+
+---
+
+BeyondCorp is a Zero Trust framework that evolved at Google.
+With the surge of cloud technologies and micro services the network perimeter is ever disappearing. 
+This provides challenges for authentication of subjects that used to heavily rely on network segments.
+With Zero Trust no assumption is made about how far something can be trusted, everything is untrusted by default and authentication and authorisation happens all the time, not just once.
+While network segments and VPN connections may still have relevance in specific areas AOE is increasingly implementing BeyondCorp in all its components and services with implementing OAuth and OpenID Connect.
--- a/radar/2019-11-01/falco.md
+++ b/radar/2019-11-01/falco.md
@@ -0,0 +1,11 @@
+---
+title:      "Falco"
+ring:       assess
+quadrant:   tools
+
+---
+
+Falco is an open source project for intrusion and abnormality detection for Cloud Native platforms such as Kubernetes. 
+It detects abnormal application behavior and sends alerts via Slack, Fluentd, NATS, and more.
+
+We are assessing Falco to add another angle to host based intrusion detection and alerting.
--- a/radar/2019-11-01/sonarqube.md
+++ b/radar/2019-11-01/sonarqube.md
@@ -4,3 +4,6 @@ ring:       trial
 quadrant:   tools

 ---
+
+At AOE, we are using SonarQube to get a historical overview of the code quality in our Projects. With SonarQube, you can get a quick insight into the condition of your code. It analyzes many languages and provides numerous static analysis rules.
+SonarQube is also being used for Static Application Security Testing (SAST) which scans our code for potential security vulnerabilities and is an essential element of our Secure Software Development Lifecycle.
--- a/radar/2019-11-01/stride-threat-modeling.md
+++ b/radar/2019-11-01/stride-threat-modeling.md
@@ -0,0 +1,19 @@
+---
+title:      "STRIDE Threat Modeling"
+ring:       trial
+quadrant:   methods-and-patterns
+
+---
+
+STRIDE is a model of threat groups that helps to identify security threats to any application, component or infrastructure.
+
+The acronym stands for:
+
+* Spoofing
+* Tampering
+* Repudiation
+* Information disclosure
+* Denial of service
+* Elevation of privilege
+
+AOE is applying the threat model in collaborative sessions using the [Elevation of Privilege Card Game](https://social.technet.microsoft.com/wiki/contents/articles/285.elevation-of-privilege-the-game.aspx) which helps to spark imagination and makes threats more tangible.