tl;dr sec

tl;dr sec
Archive
Page 20

[tl;dr sec] #61 - Effective Security OKRs, Scaling Threat Modeling, Webscan

How to create effective security OKRs, scaling threat modeling in hypergrowth, engineering-driven orgs, and a browser-based internal network scanner.

Clint Gibler

NewsletterNewsletter

Nov 11, 2020

[tl;dr sec] #60 - Cartography + IAM, Security Scorecard, Self-service Security

Use Cartography to understand AWS permissions, tool to grok the risk of open source libraries, developers taking security into their own hands.

Clint Gibler

NewsletterNewsletter

Nov 04, 2020

[tl;dr sec] #59 - NAT Slipstreaming, Widespread Injection in GitHub Actions, Greppable Secrets

Attacker's can remotely access any TCP/UDP service on your machine, serious bugs in many GitHub Actions, and the security value of creating easily greppable secrets.

Clint Gibler

NewsletterNewsletter

Oct 28, 2020

[tl;dr sec] #58 - New Job 🎉, Burp Multiplayer, Chaos Engineering Book

I've joined r2c as Head of Security Research, tool to sync multiple Burp instances, free book on chaos engineering to help you build reliable distributed systems.

Clint Gibler

SummarySummary

Oct 21, 2020

Stratechery: Aggregation Theory

Ben Thompson describes how properties of the Internet enable companies providing the best user experience to win, which leads to a virtuous but anti-competitive cycle.

Clint Gibler

NewsletterNewsletter

Oct 21, 2020

[tl;dr sec] #57 - Bug Bounty Lessons Learned, Content Value Hierarchy, CloudSecDocs

1 year of a private bug bounty program, how to create high value content, and a great resource for cloud-native technologies.

Clint Gibler

NewsletterNewsletter

Oct 14, 2020

[tl;dr sec] #56 - State of Exploit Development, Hacking Apple, flaws.cloud dataset

Stats on vulnerability discovery, CVE publication, and patches, lengthy write-up of 3 month Apple bug bounty hackathon, and flaws.cloud logs published.

Clint Gibler

NewsletterNewsletter

Oct 07, 2020

[tl;dr sec] #55 - Detection as Code, Vault Authentication Bugs, Fingerprinting Exploit Developers

Why we should embrace Detection as Code, write-up of two complex AuthN bugs in Vault, tracking exploit developers by their work.

Clint Gibler

NewsletterNewsletter

Sep 30, 2020

[tl;dr sec] #54 - Complexity in Capital, Communicating a Breach, Offensive Terraform

I contributed to an article in Forbes, how to communicate when you've been hacked, Terraform to spin up offensive infrastructure.

Clint Gibler

SummarySummary

Sep 28, 2020

A framework for effective corporate communication after cyber security incidents

This paper lays out a framework for how organizations should communicate after a security incident.

Clint Gibler

NewsletterNewsletter

Sep 23, 2020

[tl;dr sec] #53 - OneFuzz, Program Analysis, Ring Alarm Teardown

Microsoft releases self-hosted fuzzing-as-a-service platform, several solid program analysis resources, detailed teardown of Ring's hardware and attack surface.

Clint Gibler

SummarySummary

Sep 16, 2020

Peeling the Web Application Security Onion Without Tears

Lessons from Adobe in how building reusable, secure-by-default services and infrastructure improves your security and reduces compliance burden.

Clint Gibler

First Back

16 17 18 19 20 21 22 23

Next Last

Archive

[tl;dr sec] #61 - Effective Security OKRs, Scaling Threat Modeling, Webscan

[tl;dr sec] #60 - Cartography + IAM, Security Scorecard, Self-service Security

[tl;dr sec] #59 - NAT Slipstreaming, Widespread Injection in GitHub Actions, Greppable Secrets

[tl;dr sec] #58 - New Job 🎉, Burp Multiplayer, Chaos Engineering Book

Stratechery: Aggregation Theory

[tl;dr sec] #57 - Bug Bounty Lessons Learned, Content Value Hierarchy, CloudSecDocs

[tl;dr sec] #56 - State of Exploit Development, Hacking Apple, flaws.cloud dataset

[tl;dr sec] #55 - Detection as Code, Vault Authentication Bugs, Fingerprinting Exploit Developers

[tl;dr sec] #54 - Complexity in Capital, Communicating a Breach, Offensive Terraform

A framework for effective corporate communication after cyber security incidents

[tl;dr sec] #53 - OneFuzz, Program Analysis, Ring Alarm Teardown

Peeling the Web Application Security Onion Without Tears