I've joined r2c as Head of Security Research, tool to sync multiple Burp instances, free book on chaos engineering to help you build reliable distributed systems.
Ben Thompson describes how properties of the Internet enable companies providing the best user experience to win, which leads to a virtuous but anti-competitive cycle.
1 year of a private bug bounty program, how to create high value content, and a great resource for cloud-native technologies.
Stats on vulnerability discovery, CVE publication, and patches, lengthy write-up of 3 month Apple bug bounty hackathon, and flaws.cloud logs published.
Why we should embrace Detection as Code, write-up of two complex AuthN bugs in Vault, tracking exploit developers by their work.
I contributed to an article in Forbes, how to communicate when you've been hacked, Terraform to spin up offensive infrastructure.
This paper lays out a framework for how organizations should communicate after a security incident.
Microsoft releases self-hosted fuzzing-as-a-service platform, several solid program analysis resources, detailed teardown of Ring's hardware and attack surface.
Lessons from Adobe in how building reusable, secure-by-default services and infrastructure improves your security and reduces compliance burden.
Monitor your cloud environment and automatically detect drift, a scriptable browser and bending JavaScript to your will, GitHub's threat modeling process.
Applying engineering lessons learned to AppSec teams, common Golang bugs, and medieval covers of modern pop songs take the Internet by storm.
New cache research by James Kettle, how to effectively reach out and build mentor relationships, tools should support workflows, not vice versa.