[tl;dr sec] #19 - Epic Post Next Week, Beyond Beyond Corp, Cloud Security Tools
Blue teams can become highly leveraged by sharing knowledge effectively, Ring's partnerships with the police, viewing ransomware through an economic lens.
A number of interesting new AWS services, backdoors on PyPI, I had a blast on the Absolute AppSec podcast, and tl;dr sec hits 500 subscribers! 🚀
Building an effective vulnerability management process, K8s/AWS tips, network & code scanning tools, privacy preserving VA, and the Siege of Gondor.
How to get faster, more complete external attack surface coverage by automatically clustering exposed web apps by visual similarity.
Summary of an AppSec Cali 2019 talk on more efficient network penetration tests via clustering similar screenshots, fuzzing tools and articles, Bugcrowd/Bitdiscovery asset inventory partnership.
DevSecCon Tel Aviv 2019 talk notes, Slack releases Nebula, AWS instance metadata hardening, OSINT tips, struct padding can leak heap memory, deadlock challenges, formal methods.
Gusto's Nathan Yee on being impacful as an IC without a senior title in a start-up, intentionally vulnerable AWS infrastructure for training, and even more asset inventory offerings.
Browser default *SameSite* cookie settings will mostly kill CSRF, and a malicious header can block any web resource served by a CDN or proxy cache.
![[tl;dr sec] #19 - Epic Post Next Week, Beyond Beyond Corp, Cloud Security Tools](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2024-11-21_at_10.48.21_AM.png)
