csp Archives - My Battles With Technology

Tuning My Content Security Policy

February 18, 2023October 16, 2022 by Scott

In my Getting Started With a Content Security Policy post, I setup a report only CSP policy so that I could try and identify things that could test out a policy before implementing it. It is time to parse through the results and see what needs to be updated in my deployed policy. The original … Read more

Getting Started With a Content Security Policy

February 18, 2023October 2, 2022 by Scott

I recently needed to setup Content Security Policy (CSP) on a website and I couldn’t think of where to get started. The first question that came to mind was what all content do I allow and how do I test everything without having to look through all of the code on the site. This is … Read more

Demystifying AWS Security: A Beginner’s Guide to Key Concepts and Services
Managing firewalls, VLANs, and access control lists might be second nature in a traditional IT setting. But when it comes to AWS, the terminology and tools can seem foreign. This beginner’s guide aims to bridge that gap, translating AWS security concepts into the world of on-premise security you already know. Why AWS Security Matters AWS ... Read more
Hardening Your CI/CD: Terraform, Docker, and Kubernetes Security
As I continue this series on CI/CD pipeline security, it is time to now work on securely building and deploying our application. This post picks up where my Build Secure Python Pipelines: Adding Tests and Hooks in Action post left off. In this post, we’ll continue our pipeline development by adding a container build and ... Read more
Build Secure Python Pipelines: Adding Tests and Hooks in Action
As we continue this series started in my Getting Started with Secure CI/CD: Essential Practices for Beginners post, I’ll be securing my Python code with automated testing and hooks. While some of this information builds on some previous posts I’ve created in the past, I still wanted to incorporate these together in a meaningful way. ... Read more
Cribl Splunk_HEC Datasource: The Ultimate Guide for Kubernetes Log Ingestion
After writing my From Scattered to Splunk: Bringing Order to Your Kubernetes Logs post, a buddy of mine Danny Ansell (oh by the way he does work for Cribl and used to work for Splunk) suggested that I could always import my logs into Cribl as well. I’m madly in love with Splunk and do ... Read more
Getting Started with Secure CI/CD: Essential Practices for Beginners
I think it’s time to focus on a few key practices for beginners to implement secure CI/CD. I’ve been building the idea on the idea of a CI/CD pipeline in a bunch of the below posts: All of these articles are a scattering of topics based upon some of the daily randomness that I’ve faced ... Read more