Archive

NewsletterNewsletter
[tl;dr sec] #129 - Maximizing Bug ROI, Tamper-proof GitHub Builds, Being Vulnerable

[tl;dr sec] #129 - Maximizing Bug ROI, Tamper-proof GitHub Builds, Being Vulnerable

How Flipkart gets the most value from every vulnerability, setting up a SLSA 3 GitHub Action build process, the power of being vulnerable.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #128 - Security Engineering, CI/CD Goat, Docker Security Playground

[tl;dr sec] #128 - Security Engineering, CI/CD Goat, Docker Security Playground

How Chime empowers developers to own security via internal tools, purposefully vulnerable CI/CD exercises, a microservices-based framework for learning network security.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #127 - Trufflehog V3, The Future of InfoSec, IaC Scanning

[tl;dr sec] #127 - Trufflehog V3, The Future of InfoSec, IaC Scanning

The revamped secret scanner now is faster and finds more secrets, future projecting where the industry is headed, and security scanning infrastructure as code.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #126 - How to Review Your Company's Infrastructure, Kubernetes DFIR, Security for Start-ups

[tl;dr sec] #126 - How to Review Your Company's Infrastructure, Kubernetes DFIR, Security for Start-ups

How to review the security architecture of a multi-cloud environment and find the most critical components, responding to incidents in k8s, advice for start-ups without a security team.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #125 - Hacking a Billionaire, Automating Incident Response in AWS, Exploiting/Hardening GitHub Actions

[tl;dr sec] #125 - Hacking a Billionaire, Automating Incident Response in AWS, Exploiting/Hardening GitHub Actions

Rachel and Evan Tobac vs. Jeffrey Katzenberg, a framework for automatically isolating an EC2 instance and gathering what you need, attacking and hardening GitHub Actions and repos.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #124 - GraphQL Cop, GitLab CI/CD CTF, NSA's Network Infrastructure Security Guidance

[tl;dr sec] #124 - GraphQL Cop, GitLab CI/CD CTF, NSA's Network Infrastructure Security Guidance

Tool to test GraphQL APIs, learn to exploit and pivot a target GitLab instance, PDF by NSA on hardening your network.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #123 - AWS Security Reference Architecture, DevSecOps Playbook, Analyzing Malicious Documents

[tl;dr sec] #123 - AWS Security Reference Architecture, DevSecOps Playbook, Analyzing Malicious Documents

60 page PDF on using AWS security services in multi-account environment, how to introduce DevSecOps in your company, tools to examine malicious Office docs.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #122 - Developer Experience is Security, Everything as Code Survey, Graph-based Asset Management

[tl;dr sec] #122 - Developer Experience is Security, Everything as Code Survey, Graph-based Asset Management

Why DevX is so important for security, 50+ examples of Foo as Code, ingest all of your assets and query them in Neo4J.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #121 - Container Security Checklist, DevSecOps & Automating Compliance, Proactive Subdomain Takeovers

[tl;dr sec] #121 - Container Security Checklist, DevSecOps & Automating Compliance, Proactive Subdomain Takeovers

A dense checklist of container hardening steps, Cloud Security Alliance whitepaper on automating compliance and better relating it to security requirements, tool to preemptively take over your subdomains before attackers can.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #120 - Supply Chain & Hardening CI, Automate Yourself out of Oncall Burnout, Eliminating Subdomain Takeovers

[tl;dr sec] #120 - Supply Chain & Hardening CI, Automate Yourself out of Oncall Burnout, Eliminating Subdomain Takeovers

A thoughtful redesign of CI to mitigate harm from malicious dependencies, how to automate your IR playbooks, tool to eliminate dangling Elastic IP takeovers.

Clint Gibler
Clint Gibler
SummarySummary
Dev Akhawe’s Follow-up on Figma’s Experience Switching to WebAuthN

Dev Akhawe’s Follow-up on Figma’s Experience Switching to WebAuthN

The good, the bad, and the lessons learned.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #119 - Picking the Right Terraform Security Tool, BloodHound for Cloud, Awesome-Security-Hardening

[tl;dr sec] #119 - Picking the Right Terraform Security Tool, BloodHound for Cloud, Awesome-Security-Hardening

Bake-off of multiple Terraform static analysis tools, tool to identify privilege escalation paths within and across different clouds, collection of security hardening best practices, checklists, benchmarks, tools, and more.

Clint Gibler
Clint Gibler
FirstBack
1112131415161718
Next Last