Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security (REST/gRPC (JWT, keys, ip white list, OAuth, exploration tools,…
Security
REST/gRPC
JWT
keys
ip white list
OAuth
exploration tools
DDos protection
Updating packages
k8s
upgrade
RBAC
Container security
control images vulnerabilities
manage access
Cluster network policies
emergency deploy
practices
schedule manual procedures
api keys
sending keys by email/slack
storing in wrong places
rotation procedure
Beyondcorp certificates
Code review
check list
automated check with special software
Review typical vulnerabilities
CSRF
MITM
XSS
SQL-Injection
Hard-coded keys
Debug Mode off
Update libraries
learning trands and risks in IT security
Google Cloud Platform
Cloud SQL
granular access rights
cleanup not used service accounts
access logs monitoring
Data security
GDPR and other legal aspects
Continuous risk analysis
Organization Changes
Risk Management
Issues prioritisation
Planning risk mitigation with OKRs
Audit
Monitoring
Setup monitoring software
Access logs
Setup security alerts
used packages with discovered vulnerabilities
Designing Threats Model
Machines
limit access with a password
password rotation
shizuoka server
Web Site / Managers
CSRF
Roles review