Jon Oberheide on Duo, self-healing AWS environments, Google's fuzzer benchmarking and CIFuzz, securing Windows & MS accounts at scale.
Jon Oberheide on Duo's story, from conception through acquisition, and the important lessons he learned along the way.
Round-up of BSidesSF and RSA + my updated slides, overview of container security, pen testing K8s walkthrough, maintaining privacy online.
I'm speaking at BSidesSF and RSA 2020, tl;dr sec stickers, stateful fuzzing of Swagger APIs, auto-remediate AWS issues, canary pro-tips, red team cheatsheets.
OSINT tools, tips, & tricks, presentations on automatically find and exploiting bugs, a code-aware <code>grep</code>, how to assess another company's security posture.
DevSecOps talks & tools from AppSec Cali, PoCs to decrypt WhatsApp messages, Kubernetes monitoring and CTF, Python static analysis tools.
I'm speaking at AppSec Cali 2020, details on Bezos's phone being hacked, fuzzing talks and tools, Java deserialization, K8s and GraphQL tools.
What I Learned Watching All 44 AppSec Cali 2019 Talks
An overview of functions-as-a-service (FaaS) and GraphQL, relevant security considerations and attacks, and a number of demos.
The history of authz implementation approaches, the value of externalizing authz from code, authz in Kubernetes, and the power of using Open Policy Agent (OPA) for authz with Kubernetes and ISTIO.
![[tl;dr sec] #26 - Learnings from Duo, Auto-healing Clouds, Fuzzing](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2024-11-21_at_10.48.21_AM.png)
