Three new OAuth2 and OpenID Connect vulnerabilities, great intro/overview of networking concepts, security manager interviews & advancing your career in security.
An argument for why secure design + threat modeling is higher ROI than patching, making code signing easy, finding regex bugs with regexploit or fuzzing.
How Netflix enables development velocity + security with ConsoleMe, Spectre PoC and proposed defenses, and why speed is a superpower.
AWS security for small teams & Well-Architected resources, NFT overview, tools for creating and detecting deepfakes.
JSON libraries parse differently and that can lead to bugs, a number of career advice resources, and how to become compoundingly more effective.
Tips + a Burp extension for finding access control issues, tools and reflections on supply chain security, an architecture for multi-account security logging in AWS.
Tips and best practices for securing your CI/CD pipeline, Electron tooling and dangerous APIs, what to focus on instead of virality to grow your userbase.
[tl;dr sec] #70 - Scaling Threat Modeling, Dependency Confusion
Valuable cloud security scenarios to think through, leveraging the Handlebars templating engine for local file read or RCE, check your GKE cluster against CIS.
How AWS secures Lambda, Daniel Miessler's overview of @TomNomNom's recon tools, how to demonstrate high impact when you can't see the SSRF response.
[tl;dr sec] #67 - Infra as Code, Cloud Auto-remediation
A tool to create IaC from an existing AWS environment, container defense-in-depth with user namespaces, rewriting things in Rust.
![[tl;dr sec] #77 - Hidden OAuth attack vectors, Networking Fundamentals, Career Advice](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2024-11-21_at_10.48.21_AM.png)
