This paper lays out a framework for how organizations should communicate after a security incident.
Microsoft releases self-hosted fuzzing-as-a-service platform, several solid program analysis resources, detailed teardown of Ring's hardware and attack surface.
Lessons from Adobe in how building reusable, secure-by-default services and infrastructure improves your security and reduces compliance burden.
Monitor your cloud environment and automatically detect drift, a scriptable browser and bending JavaScript to your will, GitHub's threat modeling process.
Applying engineering lessons learned to AppSec teams, common Golang bugs, and medieval covers of modern pop songs take the Internet by storm.
New cache research by James Kettle, how to effectively reach out and build mentor relationships, tools should support workflows, not vice versa.
My summary of Daniel Miessler's talk on automating recon, 2 tools to help with testing GraphQL, quick notes for ~20 DEF CON talks.
Daniel Miessler describes how to automate your OSINT and recon processes so you can find more and better bugs with less manual effort.
Daniel Miessler on automating your recon workflow, I was on a few podcasts, how to compromise GCP orgs via cloud API lateral movement & privilege escalation.
How to go from no CSP to a solid CSP, automatically creating baseline security tests from a threat model, tools to automagically decode random blobs.
GitHub security engineer Neil Matatall gives an overview of CSP: how it works, how to go from no CSP to a solid CSP, and how GitHub implements CSP.
test twitter links
