Archive

NewsletterNewsletter
[tl;dr sec] #124 - GraphQL Cop, GitLab CI/CD CTF, NSA's Network Infrastructure Security Guidance

[tl;dr sec] #124 - GraphQL Cop, GitLab CI/CD CTF, NSA's Network Infrastructure Security Guidance

Tool to test GraphQL APIs, learn to exploit and pivot a target GitLab instance, PDF by NSA on hardening your network.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #123 - AWS Security Reference Architecture, DevSecOps Playbook, Analyzing Malicious Documents

[tl;dr sec] #123 - AWS Security Reference Architecture, DevSecOps Playbook, Analyzing Malicious Documents

60 page PDF on using AWS security services in multi-account environment, how to introduce DevSecOps in your company, tools to examine malicious Office docs.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #122 - Developer Experience is Security, Everything as Code Survey, Graph-based Asset Management

[tl;dr sec] #122 - Developer Experience is Security, Everything as Code Survey, Graph-based Asset Management

Why DevX is so important for security, 50+ examples of Foo as Code, ingest all of your assets and query them in Neo4J.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #121 - Container Security Checklist, DevSecOps & Automating Compliance, Proactive Subdomain Takeovers

[tl;dr sec] #121 - Container Security Checklist, DevSecOps & Automating Compliance, Proactive Subdomain Takeovers

A dense checklist of container hardening steps, Cloud Security Alliance whitepaper on automating compliance and better relating it to security requirements, tool to preemptively take over your subdomains before attackers can.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #120 - Supply Chain & Hardening CI, Automate Yourself out of Oncall Burnout, Eliminating Subdomain Takeovers

[tl;dr sec] #120 - Supply Chain & Hardening CI, Automate Yourself out of Oncall Burnout, Eliminating Subdomain Takeovers

A thoughtful redesign of CI to mitigate harm from malicious dependencies, how to automate your IR playbooks, tool to eliminate dangling Elastic IP takeovers.

Clint Gibler
Clint Gibler
SummarySummary
Dev Akhawe’s Follow-up on Figma’s Experience Switching to WebAuthN

Dev Akhawe’s Follow-up on Figma’s Experience Switching to WebAuthN

The good, the bad, and the lessons learned.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #119 - Picking the Right Terraform Security Tool, BloodHound for Cloud, Awesome-Security-Hardening

[tl;dr sec] #119 - Picking the Right Terraform Security Tool, BloodHound for Cloud, Awesome-Security-Hardening

Bake-off of multiple Terraform static analysis tools, tool to identify privilege escalation paths within and across different clouds, collection of security hardening best practices, checklists, benchmarks, tools, and more.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #118 - Atomic Red Team for Cloud, Security Program Building, How Not to Do Secrets

[tl;dr sec] #118 - Atomic Red Team for Cloud, Security Program Building, How Not to Do Secrets

Tool to test your cloud detections, how to build and scale a security program, OWASP project to teach you how not to manage secrets.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #117 - WebSocket Security, Securing Dependencies, Authorization Approaches

[tl;dr sec] #117 - WebSocket Security, Securing Dependencies, Authorization Approaches

Great talk on WebSocket security + tool release, understanding your dependencies and the power of lockfiles, enforcing authz at compile time and authz in microservices.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #116 - Secrets of Successful Security Programs, Supply Chain, Killing Bug Classes

[tl;dr sec] #116 - Secrets of Successful Security Programs, Supply Chain, Killing Bug Classes

A masterclass in building a modern, scalable security program by Phil Venables, GitHub Action to check your supply chain security posture, Chrome feature to protect against CSRF and DNS rebinding.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #115 - Mac Malware of 2021, Preventing SSRF, Moxie on web3

[tl;dr sec] #115 - Mac Malware of 2021, Preventing SSRF, Moxie on web3

Patrick Wardle's analysis of a year of Mac malware, library to safely make HTTP requests, and Moxie experiments with distributed apps.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #114 - Web Security, Detecting Container Drift, Reviewing 2021's Cloud Breaches

[tl;dr sec] #114 - Web Security, Detecting Container Drift, Reviewing 2021's Cloud Breaches

CSRF, web cache poisoning, and SSRF, detecting/fixing container drift at runtime, and three frequent sources of cloud security breaches and vulnerabilities in 2021.

Clint Gibler
Clint Gibler
FirstBack
1011121314151617
Next Last