Archive

NewsletterNewsletter
[tl;dr sec] #119 - Picking the Right Terraform Security Tool, BloodHound for Cloud, Awesome-Security-Hardening

[tl;dr sec] #119 - Picking the Right Terraform Security Tool, BloodHound for Cloud, Awesome-Security-Hardening

Bake-off of multiple Terraform static analysis tools, tool to identify privilege escalation paths within and across different clouds, collection of security hardening best practices, checklists, benchmarks, tools, and more.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #118 - Atomic Red Team for Cloud, Security Program Building, How Not to Do Secrets

[tl;dr sec] #118 - Atomic Red Team for Cloud, Security Program Building, How Not to Do Secrets

Tool to test your cloud detections, how to build and scale a security program, OWASP project to teach you how not to manage secrets.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #117 - WebSocket Security, Securing Dependencies, Authorization Approaches

[tl;dr sec] #117 - WebSocket Security, Securing Dependencies, Authorization Approaches

Great talk on WebSocket security + tool release, understanding your dependencies and the power of lockfiles, enforcing authz at compile time and authz in microservices.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #116 - Secrets of Successful Security Programs, Supply Chain, Killing Bug Classes

[tl;dr sec] #116 - Secrets of Successful Security Programs, Supply Chain, Killing Bug Classes

A masterclass in building a modern, scalable security program by Phil Venables, GitHub Action to check your supply chain security posture, Chrome feature to protect against CSRF and DNS rebinding.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #115 - Mac Malware of 2021, Preventing SSRF, Moxie on web3

[tl;dr sec] #115 - Mac Malware of 2021, Preventing SSRF, Moxie on web3

Patrick Wardle's analysis of a year of Mac malware, library to safely make HTTP requests, and Moxie experiments with distributed apps.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #114 - Web Security, Detecting Container Drift, Reviewing 2021's Cloud Breaches

[tl;dr sec] #114 - Web Security, Detecting Container Drift, Reviewing 2021's Cloud Breaches

CSRF, web cache poisoning, and SSRF, detecting/fixing container drift at runtime, and three frequent sources of cloud security breaches and vulnerabilities in 2021.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #113 - Log4Shell, Security Metrics, Cloud Detections at Scale

[tl;dr sec] #113 - Log4Shell, Security Metrics, Cloud Detections at Scale

Resources for the vuln that's keeping you away from your family, how to do security metrics effectively, how Netflix scales cloud detections using Snare.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #112 - re:Invent, Python Security, Cloud Service Provider Mistakes

[tl;dr sec] #112 - re:Invent, Python Security, Cloud Service Provider Mistakes

Round-up articles about re:Invent, examining Python package security, Scott Piper's repo of AWS, GCP, and Azure mistakes and vulnerabilities.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #111 - This Shouldn't Have Happened, Humble Hacking Bundle, Why NFTs are Bad

[tl;dr sec] #111 - This Shouldn't Have Happened, Humble Hacking Bundle, Why NFTs are Bad

An impactful bug in heavily tested C/C++, great security books for cheap, technical and economic reasons why NFTs are bad and don't work.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #110 - From What to How in Cybersecurity, Detection Engineering for Kubernetes, Fuzzing

[tl;dr sec] #110 - From What to How in Cybersecurity, Detection Engineering for Kubernetes, Fuzzing

Jason Chan BSidesRDU keynote, detecting privilege escalation in Kubernetes, network fuzzing and fuzzing DRAM to discover rowhammer vulns.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #109 - Breaking Stateless Authentication, Secrets, Unicode Chicanery

[tl;dr sec] #109 - Breaking Stateless Authentication, Secrets, Unicode Chicanery

A tool to detect misconfigured session implementations, scanning Docker Hub for secrets and determining the impact of leaked secrets, Semgrep rule for the Trojan Source bug.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #108 - How SolarWinds is Securing their Supply Chain, Cloud Security Tooling, Risk-base

[tl;dr sec] #108 - How SolarWinds is Securing their Supply Chain, Cloud Security Tooling, Risk-base

What SolarWinds did after the attack their new high assurance build system, how to succeed as the only cloud security practitioner in your company, how Netflix uses risk to make informed decisions.

Clint Gibler
Clint Gibler
FirstBack
1213141516171819
Next Last