Written by Geovana & Guisso
Curiosity of the month#
On July 12, 1985, a significant event in information security occurred, the “Private Sector Bust”. The FBI, Secret Service, and local authorities executed seven search warrants in New Jersey, targeting Bulletin Board System (BBS) operators for alleged “complicity in computer theft”. Targets included sysops of Private Sector and NJ Hack Shack BBS, and users known by pseudonyms such as Store Manager, Beowulf, and The Vampire. This event, one of the first legal efforts against cybercrime, highlighted the evolving regulatory environment around cybersecurity.
Erosion of Trust: Unmasking Supply Chain Vulnerabilities in the Terraform Registry#
The publication “Erosion of Trust: Unmasking Supply Chain Vulnerabilities in the Terraform Registry” reveals vulnerabilities in the Terraform Registry supply chain. It highlights the exploitation of malicious packages, the risk of resource compromise, and the importance of preventive measures, such as verifying the integrity and authenticity of modules.
A Medium Dive into Web Application Authentication#
Through this study, you will learn about authentication in web applications, including methods such as session-based, token-based, and multi-factor authentication. Common challenges and best practices are addressed, such as secure passwords, protection against brute force attacks, and adoption of modern flows like OAuth and OpenID Connect. The article offers valuable insights for developers and security professionals interested in improving authentication in web applications.
API Authentication in Depth#
This guide covers API authentication, exploring different authentication methods, including access tokens, OAuth, key-based authentication, and providing practical implementation examples. The guide also discusses recommended practices to ensure API authentication security. A complete reading is recommended for a comprehensive understanding of the subject.
Application Security Through the Lens of Developer Experience#
The text addresses the importance of integrating application security into the development process. The author argues that by prioritizing DevEx and providing adequate tools and resources, it’s possible to create more secure applications and reduce security breach risks. Best practices are also mentioned, such as security training for developers, collaboration between development and security teams, and the need to adopt a proactive rather than reactive approach.
Pentests: What are the differences between Audit/Compliance Tests, Automated Tests, and Pentests#
The article explores the distinctions between audit/compliance tests, automated tests, and pentests, highlighting how each of them addresses specific aspects of system and network security. It emphasizes the importance of combining these approaches to obtain a comprehensive security assessment. The reading is useful for understanding the different testing techniques and their proper application.
Good Practices for Supply Chain Cybersecurity#
The report presents an overview of supply chain cybersecurity practices adopted by essential and important organizations in the EU. It is based on the results of a study conducted by ENISA in 2022, which analyzed cybersecurity investments made by EU organizations.
Stronger Supply Chain Security Coming to Argo#
The article addresses the importance of supply chain security and highlights the concept of SLSA (Supply Chain Levels for Software Artifacts) as a crucial approach to ensuring security in the software development and distribution process. The Argo project is mentioned as a platform that adopts SLSA to strengthen supply chain security. By implementing SLSA, Argo contributes to ensuring the integrity and reliability of software artifacts throughout the supply chain.
GlobotechCast - Safe Internet, do you know how to protect yourself?#
In this episode, Rodrigo Nejm from Safernet Brasil, Vinicius Brasileiro, Information Security Manager at Globo, and Anselmo Caparica, reporter from Globo SP, teach how to protect yourself from internet traps and take care of family security with enlightening tips.