|
|
|
|
|
|
by tasssko
1871 days ago
|
|
|
Most of these tips are covered by ISO27001 and other similar certifications and i consider it MVP security. You will need to do more today to stay ahead especially if you manage or protect valuable assets. Some tips that come to mind are; manage ingress traffic to your web property with a web application firewall. Setup machine learning to automate blacklist detection and dynamically update blacklists. Use principle of least privilege and role based access to manage users. Protect root accounts with webauthn avoid using them. Setup conditional access control policies to ensure certain roles have more stringent constraints. Mind your dependencies many future exploits will come from dependencies. Partition your pipelines so environments are isolated. Monitor egress traffic if possible. Use VPNs to connect environments but don’t use VPNs if you don’t know how to monitor them (its a complex abstraction and ipsec can be tricky). Once all these technical considerations are in progress consider the developer onboarding process and application connectivity try to implement context segmentation to avoid creating root service and make sire all activities are logged to a monitored aggregator. Look for suspicious activity that can originate in the source. The list goes on and on and on. |
|
|