Signal creator finds bugs in Cellebrite, recommendations on hardening CI, using Okta to secure access to AWS accounts at scale.
In the wake of SolarWinds, Dino Dai Zovi describes how he recommends hardening your CI environment.
Moar evidence against memory unsafe languages, the power of secure reference architectures, and leveraging OpenAPI specs to more effectively detect attack surface.
[tl;dr sec] #78 - Scaling Threat Modeling at Segment, Bootstrapping vs VCs
Three new OAuth2 and OpenID Connect vulnerabilities, great intro/overview of networking concepts, security manager interviews & advancing your career in security.
An argument for why secure design + threat modeling is higher ROI than patching, making code signing easy, finding regex bugs with regexploit or fuzzing.
How Netflix enables development velocity + security with ConsoleMe, Spectre PoC and proposed defenses, and why speed is a superpower.
AWS security for small teams & Well-Architected resources, NFT overview, tools for creating and detecting deepfakes.
JSON libraries parse differently and that can lead to bugs, a number of career advice resources, and how to become compoundingly more effective.
Tips + a Burp extension for finding access control issues, tools and reflections on supply chain security, an architecture for multi-account security logging in AWS.
Tips and best practices for securing your CI/CD pipeline, Electron tooling and dangerous APIs, what to focus on instead of virality to grow your userbase.
[tl;dr sec] #70 - Scaling Threat Modeling, Dependency Confusion