Archive

NewsletterNewsletter
[tl;dr sec] #90 - Eradicating Subdomain Takeovers, GitHub's AI Pair Programmer, Testing File Upload Functionality

[tl;dr sec] #90 - Eradicating Subdomain Takeovers, GitHub's AI Pair Programmer, Testing File Upload Functionality

Open source tool to continuously scan for subdomain takeover vulnerabilities, GitHub's Copilot can suggest whole functions within VS Code, resources for assessing and securing file upload functionality.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #89 - MITRE D3FEND, Lambda Authorizer Gotchas, Google's Supply Chain Integrity Framework

[tl;dr sec] #89 - MITRE D3FEND, Lambda Authorizer Gotchas, Google's Supply Chain Integrity Framework

MITRE releases the defensive countermeasures counterpart to ATT&CK, how IAM wildcard expansion can bite you, Google's 4-level supply chain maturity framework and reference GitHub Action.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #88 - Testing 2FA Implementations, Cloud Visibility/Enforcement, Altar of the Algorithm

[tl;dr sec] #88 - Testing 2FA Implementations, Cloud Visibility/Enforcement, Altar of the Algorithm

Potential bugs to test in 2FA implementations, tools for cloud visibility and enforcement, and how we all conform to please the algorithms around us.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #87 - Easy Temporary Cloud Access, Monopol-easy Money, AWS Account Boundaries can be Porous

[tl;dr sec] #87 - Easy Temporary Cloud Access, Monopol-easy Money, AWS Account Boundaries can be Porous

Empowering developers' cloud access while improving security, big tech throwing their weight around, 97+ ways data can be shared across AWS accounts.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #86a - The missing Mobile Security

[tl;dr sec] #86a - The missing Mobile Security

[tl;dr sec] #86a - The Missing Mobile Security

NewsletterNewsletter
[tl;dr sec] #86 - Dockerfile Best Practices, Mobile Security, and Collusion in Academia

[tl;dr sec] #86 - Dockerfile Best Practices, Mobile Security, and Collusion in Academia

20 Dockerfile best practices, free mobile security course, and trade-offs, collusion rings, and more in academia.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #85 - Machine Learning, GraphQL, and Modern Static Analysis

[tl;dr sec] #85 - Machine Learning, GraphQL, and Modern Static Analysis

Attacking ML models, deep learning side-channel attacks, CSRF and batch GraphQL attacks, how modern static analysis should work.

Clint Gibler
Clint Gibler
SummarySummary
Riana Pfefferkorn: I Have a Lot to Say About Signalโ€™s Cellebrite Hack

Riana Pfefferkorn: I Have a Lot to Say About Signalโ€™s Cellebrite Hack

Stanford Internet Observatory Research Scholar [Riana Pfefferkorn](https://twitter.com/Riana_Crypto) shares her thoughts on legal implications of the Cellebrite hack.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #84 - Establishing a Cloud Security Program, Measuring Security, On Signal's Cellebrite Hack

[tl;dr sec] #84 - Establishing a Cloud Security Program, Measuring Security, On Signal's Cellebrite Hack

A roadmap for establishing a cloud security program + a task list, thoughts on measuring security, the legal implications of Signal's Cellebrite hack.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #83 - Comparing Infrastructure as Code Scanners, Jenkins Attack Framework, Good Design Principles

[tl;dr sec] #83 - Comparing Infrastructure as Code Scanners, Jenkins Attack Framework, Good Design Principles

Benchmarking infra as code scanning tools, offense-focused Jenkins tools, and principles that can help scale security.

Clint Gibler
Clint Gibler
SummarySummary
How Figma Switched Their Okta to Only Allow Phish-proof WebAuthn/FIDO Multi-factor Authentication

How Figma Switched Their Okta to Only Allow Phish-proof WebAuthn/FIDO Multi-factor Authentication

An excellent Twitter thread by Dev Akhawe on the value of making this switch, and challenges and lessons learned along the way.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #82 - Supply Chain Security, Career Resources, Differentiate or Die

[tl;dr sec] #82 - Supply Chain Security, Career Resources, Differentiate or Die

Detecting dependency confusion across many ecosystems, getting started in tech or security, the middle of VCs and products are dying.

Clint Gibler
Clint Gibler
FirstBack
1516171819202122
Next Last