undefined | Better HN

0 pointsbeardedwizard2y ago0 comments

here is a simple example: DDoS is handled on almost every app platform a developer can deploy on, but misconfigured cloud resources (#5 in the newest OWASP top 10) is not described here at all. In fact, the cloud primitives of compute, storage and workloads are not described and instead classic 2000's network security is covered.

0 comments

ZeroSolstice2y ago

The lectures aren't a how-to guide. The items that are explained are to provide reference to the lecture material. For example the apache2 setup could just as easily be nginx, lighttpd on Windows, FreeBSD, Redhat, etc. Its explaining the concept of a DDoS, malware, viruses, spam, cryptography. Cloud primitives? how would that relate to computer and network security instead of being covered in an operating systems course? They are just abstractions of physical hardware properties and would be specific to the implementation you were working on, ie AWS, GCP, Azure, etc. Any specific implementation or security is completely dependent on what the vendor implements and is ephemeral.

The OWASP top 10 is self described as an awareness document[1] it wouldn't be something you teach a college course on.

[1] https://owasp.org/Top10/A00_2021_How_to_use_the_OWASP_Top_10...

j / k navigate · click thread line to collapse

0 pointsbeardedwizard2y ago0 comments

0 comments

ZeroSolstice2y ago

The OWASP top 10 is self described as an awareness document[1] it wouldn't be something you teach a college course on.

[1] https://owasp.org/Top10/A00_2021_How_to_use_the_OWASP_Top_10...

j / k navigate · click thread line to collapse