Archive

NewsletterNewsletter
[tl;dr sec] #42 - tl;dr sec Search, Towards Trusted Sensing, Root Causes of Procrastination

[tl;dr sec] #42 - tl;dr sec Search, Towards Trusted Sensing, Root Causes of Procrastination

tl;dr sec now supports search, snapshotting VMs at scale in a way malware can't evade, reflections on why we procrastinate.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #41 - Threat Modeling Kubernetes, Secret Scanner Benchmark, OWASP Software Component Verification Standard

[tl;dr sec] #41 - Threat Modeling Kubernetes, Secret Scanner Benchmark, OWASP Software Component Verification Standard

Overview of current work threat modeling Kubernetes, a repo to test your secret scanning, and v1 of OWASP's standard on identifying/reducing supply chain risk.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #40 - Uber's Continuous AWS Monitoring, AWS's Hands-off Deployments, Auto-remove Unneeded Feature Flags

[tl;dr sec] #40 - Uber's Continuous AWS Monitoring, AWS's Hands-off Deployments, Auto-remove Unneeded Feature Flags

Uber continuous AWS monitoring tool and process, how AWS does safe, fast, continuous deployment, tool to auto-delete no longer needed feature flags.

Clint Gibler
Clint Gibler
BlogBlog
How Uber Continuously Monitors the Security of its AWS Environment

How Uber Continuously Monitors the Security of its AWS Environment

Uber describes their continuous cloud monitoring service and the workflows and process design that makes it successfully adopted by engineering teams.

Clint Gibler
Clint Gibler
[tl;dr sec] #39 - Evidence Based Security, Web Security, and Program Analysis

[tl;dr sec] #39 - Evidence Based Security, Web Security, and Program Analysis

[tl;dr sec] #39 - Evidence Based Security, Web Security

NewsletterNewsletter
[tl;dr sec] #38 - Threat Modeling for Devs, Attacking JWTs, On Accepting Ads

[tl;dr sec] #38 - Threat Modeling for Devs, Attacking JWTs, On Accepting Ads

Effectively teaching devs threat modeling, forging and cracking JWTs, and some radical transparency about our process of deciding to accept sponsors.

Clint Gibler
Clint Gibler
SummarySummary
BoMs Away - Why Everyone Should Have a BoM

BoMs Away - Why Everyone Should Have a BoM

In this talk, Steve describes the various use cases of a software bill-of-materials (BOM), including facilitating accurate vulnerability and other supply-chain risk analysis, and gives a demo of OWASP Dependency-Track, an open source supply chain component analysis platform.

Clint Gibler
Clint Gibler
BlogBlog
On Accepting Sponsors

On Accepting Sponsors

tl;dr sec’s goals, values, and our thought process behind accepting sponsors. Sponsors will be clearly demarcated and will not affect the rest of the content.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #37 - Kubernetes, SAST Snark, and Malware Targeting Open Source Supply Chain

[tl;dr sec] #37 - Kubernetes, SAST Snark, and Malware Targeting Open Source Supply Chain

Using Kubernetes + OPA, Twitter SAST snark & lessons learned, malware discovered on GitHub targeting the open source supply chain.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #36 - AWS Security Maturity Roadmap, Fuzzing, Dynamic Infra for Security Testing

[tl;dr sec] #36 - AWS Security Maturity Roadmap, Fuzzing, Dynamic Infra for Security Testing

An AWS Security Maturity Roadmap for 2020, fuzzing the Windows kernel & differential crypto fuzzing, easily spin up a cloud env for security testing

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #35 - Careers in Security, Testing OAuth, Session Management with Burp

[tl;dr sec] #35 - Careers in Security, Testing OAuth, Session Management with Burp

Building a successful career in security and how to specialize, testing OAuth implementations, and a Burp plugin for handling session management.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #34 - Game Theory + 0days, Kubernetes Hacking Practice, AWS Least Privilege

[tl;dr sec] #34 - Game Theory + 0days, Kubernetes Hacking Practice, AWS Least Privilege

Game theory applied to finding and disclosing 0days, Kubernetes training labs, rightsize your AWS IAM policies to Terraform.

Clint Gibler
Clint Gibler
FirstBack
2021222324252627
Next Last