20 Dockerfile best practices, free mobile security course, and trade-offs, collusion rings, and more in academia.
Attacking ML models, deep learning side-channel attacks, CSRF and batch GraphQL attacks, how modern static analysis should work.
Stanford Internet Observatory Research Scholar [Riana Pfefferkorn](https://twitter.com/Riana_Crypto) shares her thoughts on legal implications of the Cellebrite hack.
A roadmap for establishing a cloud security program + a task list, thoughts on measuring security, the legal implications of Signal's Cellebrite hack.
Benchmarking infra as code scanning tools, offense-focused Jenkins tools, and principles that can help scale security.
An excellent Twitter thread by Dev Akhawe on the value of making this switch, and challenges and lessons learned along the way.
Detecting dependency confusion across many ecosystems, getting started in tech or security, the middle of VCs and products are dying.
Requirements of modern security tooling, graphing your dependencies and their vulnerabilities in Neo4J, and remembering a man who helped so many.
Signal creator finds bugs in Cellebrite, recommendations on hardening CI, using Okta to secure access to AWS accounts at scale.
In the wake of SolarWinds, Dino Dai Zovi describes how he recommends hardening your CI environment.
Moar evidence against memory unsafe languages, the power of secure reference architectures, and leveraging OpenAPI specs to more effectively detect attack surface.
[tl;dr sec] #78 - Scaling Threat Modeling at Segment, Bootstrapping vs VCs
![[tl;dr sec] #86 - Dockerfile Best Practices, Mobile Security, and Collusion in Academia](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2024-11-21_at_10.48.21_AM.png)
