GitHub security engineer Neil Matatall gives an overview of CSP: how it works, how to go from no CSP to a solid CSP, and how GitHub implements CSP.
test twitter links
Protecting your public S3 buckets, how to find, prevent, and fix regular expression DoS, and walk step-by-step through the OAuth flow.
Using lightweight formal methods in the real world, new web mitigations for injection vulns and isolation capabilities, GPT-3 is magic.
Jean Yang, Hongyi Hu, and Hillel Wayne discuss making programming languages/model checking more accessible, give an overview of TLA+ and Alloy, and successfully avoid fisticuffs over unbounded vs bounded analyses
How to prioritize vulnerabilities in your dependencies, some history and context around LangSec, and a set of common controls across 10+ standards.
How to continuously discover, monitor, and assess your web assets, threat modeling + agile, Richard Feynman on the problems you choose to tackle.
tl;dr sec now supports search, snapshotting VMs at scale in a way malware can't evade, reflections on why we procrastinate.
Overview of current work threat modeling Kubernetes, a repo to test your secret scanning, and v1 of OWASP's standard on identifying/reducing supply chain risk.
Uber continuous AWS monitoring tool and process, how AWS does safe, fast, continuous deployment, tool to auto-delete no longer needed feature flags.
Uber describes their continuous cloud monitoring service and the workflows and process design that makes it successfully adopted by engineering teams.
[tl;dr sec] #39 - Evidence Based Security, Web Security
![[tl;dr sec] #45 - Bucket Brigade, ReDoS Cheat-sheet, Understanding OAuth](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2024-11-21_at_10.48.21_AM.png)
