I maintain a few Free / Open Source Software (FOSS) projects, most of which are hosted on GitHub under my GitHub.com/wesley-dean account. Here are the highlights:

1. upload-sarif-to-defectdojo now has cleaner documentation, better git branch detection, error messages, improved dry-run functionality, nicer missing SARIF file detection, and dependency detection and reporting.
2. aws_ssh_authentication_helper now has better documentation, far better dependency checking, safer username checking, much cleaner local group management, support for much wider distribution support (RHEL, Ubuntu, Alpine / Busybox), and improved documentation (security implications, installation support with user_data, etc.)
3. publish_image has been renamed (it was publish_container). The documentation is now better, there were a bunch of edge cases for less-used registries, improved detection of missing Dockerfiles, quick ending (with success) when there were no credentials or a Dockerfile found in the repo (should be safer for use in template repos), and cleaned up some some AWS account functionality.

How Can Security Incident Essentials Help Mitigate Major Breaches

A departure from my MegaLinter articles on Flexion's blog, this is an exploration of security incident essentials and how they can help manage the impact of major breaches.

Background

Mikrotik produces a variety of exceptional networking products including routers, switches, access points, and much more. Many of their devices run an operating system known as RouterOS. RouterOS provides a variety of interfaces, including a terminal, a web interface, API access, and more. That said, RouterOS devices, regardless of the foundation upon which they're built, don't provide a true shell -- you can't get a Bash shell, nor can you install arbitrary applications. Therefore, if we're going to use outside tools like Let's Encrypt or certbot, then we need to run them on a general-purpose system (e.g., Linux).

I use, enjoy, and advocate for Mikrotik devices running RouterOS. I'm reminded of my experiences of working with Cisco hardware -- the good parts, not the anxiety-ridden, late-night service calls to get our 6513s back online. Mikrotik gives me the configurability and stability of enterprise-grade hardware at prices that are closer to consumer-grade hardware.

In my home network, I use all Mikrotik networking equipment. It's rock-solid stable and performs extremely well.

One of my challenges, however, was configuring SSL / TLS on the web interface. Sure, RouterOS provides functionality to generate certificates and even to self-sign them. That's cool. What I really wanted was for the devices to use certificates signed by certificate signing authorities that my browser would trust out of the box.

Read More