Archive

NewsletterNewsletter
[tl;dr sec] #152 - Infra as Code Security, Linux Distro for Supply Chain Security, CI/CD Security

[tl;dr sec] #152 - Infra as Code Security, Linux Distro for Supply Chain Security, CI/CD Security

Detailed IaC security guide with ~90 references, new Linux with default security measures for the software supply chain, securing and attacking SCM and CI systems.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #151 - Why Security Products Fail, Pentesting.Cloud, CVE North Stars

[tl;dr sec] #151 - Why Security Products Fail, Pentesting.Cloud, CVE North Stars

Why security products can be ineffective, cloud pen testing exercises, review CVEs to learn vulnerability discovery.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #150 - How to Start an AppSec Program with the OWASP Top 10, Leadership in Cybersecurity, Magic GitHub API Proxy

[tl;dr sec] #150 - How to Start an AppSec Program with the OWASP Top 10, Leadership in Cybersecurity, Magic GitHub API Proxy

Building an effective and scalable AppSec program by leaning into secure defaults, leadership tips, proxy that enables least privilege use of GitHub API tokens.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #149 - Incident Response in AWS, CISA's Supply Chain Security Guidance, Recon

[tl;dr sec] #149 - Incident Response in AWS, CISA's Supply Chain Security Guidance, Recon

How to prep for and handle an incident in AWS well, detailed PDF guide by NSA and CISA on software supply chain security, various OSINT and recon tools.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #148 - OWASP Kubernetes Top 10, GraphQL Batching Attacks, Abusing Debugging in Electron Apps

[tl;dr sec] #148 - OWASP Kubernetes Top 10, GraphQL Batching Attacks, Abusing Debugging in Electron Apps

Top 10 Kubernetes ecosystem risks to consider, more effective GraphQL brute forcing woth Turbo Intruder, running arbitrary JavaScript in Electron apps.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #147 - Twitter Whistleblower, CI/CD Security, How to Think About Endpoint Security

[tl;dr sec] #147 - Twitter Whistleblower, CI/CD Security, How to Think About Endpoint Security

Mudge's accusations of Twitter's security posture, identity management risks in GitHub orgs, comparing 6 CI providers and examining GH workflows at scale, Ryan McGeehan offers valuable context on how to think of Mudge's Twitter endpoint comments and thinking about endpoint security at your company.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #146 - CI/CD Security, Lightweight Approach to Secure SDLC, End-to-End Threat Detection Rule Testing

[tl;dr sec] #146 - CI/CD Security, Lightweight Approach to Secure SDLC, End-to-End Threat Detection Rule Testing

Lessons learned compromising real world CI/CD pipelines, how to implement a lightweight SSDLC, new framework to ensure your threat detection rules work, from logging to processing pipeline to alerting.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #145 - Defending Against Phishing, iOS Privacy, DEF CON Advice

[tl;dr sec] #145 - Defending Against Phishing, iOS Privacy, DEF CON Advice

Cloudflare's write-up on a sophisticated phishing campaign, examining Meta apps' privacy implications and iOS16's Lockdown Mode, be yourself and find your tribe at DEF CON

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #144 - Hacker Summer Camp, Building ProdSec from Scratch, IAM-Deescalate

[tl;dr sec] #144 - Hacker Summer Camp, Building ProdSec from Scratch, IAM-Deescalate

How to stay healthy and get the most out of Vegas this year, how to build a ProdSec program from scratch, tool to mitigate privilege escalation risks in AWS.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #143 - Career Advice, SBOM, Attack Surface Monitoring

[tl;dr sec] #143 - Career Advice, SBOM, Attack Surface Monitoring

How to get into AppSec, getting a raise, and other career advice, SBOM tools, how to build your own ASM with ProjectDiscovery tools

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #142 - OAuth Security, Cryptocurrency, Being Able to Speak Business

[tl;dr sec] #142 - OAuth Security, Cryptocurrency, Being Able to Speak Business

OAuth bugs that lead to single-click account takeovers, crypto wallet exploits and Ethereum smart contract best practices, the importance of being able to communicate in business metrics and outcomes.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #141 - CIS Supply Chain Security Guide, Static Analysis on Binaries, Machine Learning

[tl;dr sec] #141 - CIS Supply Chain Security Guide, Static Analysis on Binaries, Machine Learning

New CIS software supply chain security whitepaper and tool, finding vulnerabilities in binaries using static analysis, impressive ML tools and attacking ML systems.

Clint Gibler
Clint Gibler
FirstBack
910111213141516
Next Last