Issue 56, 26.2.2021
Researchers identify four causes of "Zoom fatigue" and their simple fixes
"Those video calls are likely tiring you out." tl;dr;
- Excessive amounts of close-up eye contact is highly intense.
- Seeing yourself during video chats constantly in real-time is fatiguing.
- Video chats dramatically reduce our usual mobility.
- The cognitive load is much higher in video chats.
OWASP Top 10 for Web
"Inspired by real-world vulnerabilities and case studies, we have created a series of interactive application security training modules to help developers understand, identify and mitigate security vulnerabilities in their applications."
3 Ways to Mitigate Risk When Using Private Package Feeds
"Microsoft whitepaper on best practices to follow to reduce risks against substitution attacks." (from Cloud Security List)
How to use Docker Security Scan Locally
"Docker and Snyk recently entered into a partnership to provide container vulnerability scanning to official images on Docker Hub. Additionally, Docker has integrated scanning directly into Docker for Desktop clients." (from Cloud Security List)
Introducing GKE Autopilot: a revolution in managed Kubernetes
"Autopilot is a new mode of operation in Google Kubernetes Engine (GKE). Autopilot clusters are pre-configured with an optimized cluster configuration that is ready for production workloads. This streamlined configuration follows GKE best practices and recommendations for cluster and workload setup and security." You can achieve "the same" by manually ticking the right options.
A Practical Guide to Writing Secure Dockerfiles
How to write secure Dockerfiles, and how to automate security checks as codified policies and validate them against the Dockerfiles to identify potential security risks before deploying them into production. (from Cloud Security List)
Tools of the trade
"sKan is a Kubernetes configuration files and resources scanner that enables developers and devops team members to check whether their work is compliant with security & ops best practices." (from Cloud Security List)