I focus on avoiding lateral movement instead (e.g. no secrets that allow accessing other machines), but that's really not too hard. And making secrets easily rotatable / system easily rebuildable.
Depends what your attack model is. Personally I consider all of my deployments to be single-user only, aka. if you somehow manage to exploit enough of it to have code exec as user1 the whole damn thing can probably be thrown away anyway.
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.