Share this postWeekly DevSecOps Updates - Issue #6www.secureallsoftware.comCopy linkFacebookEmailNoteOtherWeekly DevSecOps Updates - Issue #6Andreas TiefenthalerNov 29, 2018Share this postWeekly DevSecOps Updates - Issue #6www.secureallsoftware.comCopy linkFacebookEmailNoteOtherShareLinksRead up on the details about the event-stream incident on the npm blog. Find out how a malicious NPM package made its way into many projects as a hidden dependency.The power of AWS IAM is tremendous. It can make or break a cloud infra’s security posture. Securing resources across several teams, projects, and environments is much easier with this IAM permissions checklist.Many companies gather way too much personal data. Some even trade the data and make money out of it. But what is the damage when the data gets breached?This is an Open Source version of 'Security Training for Engineers', PagerDuty's internal employee technical security training. It is open to all PagerDuty employees as part of their continuous security training program.Passwords are not the best way to protect accounts. What are the ways of improving their security, and how do they work?Tools and TechThe OWASP community released the first draft of top 10 security issues for serverless projects. If you are working with this new exciting technology you should take a look.Performs automated audits using public facing APIs of cloud providers and alerts on insecure configurations. Use this to complement your terraform automation.Watch & ListenLast, but not least, check out this webinar with the node-security working group. They cover many aspects of development, DevOps and security for the modern age.