Monitor your cloud environment and automatically detect drift, a scriptable browser and bending JavaScript to your will, GitHub's threat modeling process.
Applying engineering lessons learned to AppSec teams, common Golang bugs, and medieval covers of modern pop songs take the Internet by storm.
New cache research by James Kettle, how to effectively reach out and build mentor relationships, tools should support workflows, not vice versa.
My summary of Daniel Miessler's talk on automating recon, 2 tools to help with testing GraphQL, quick notes for ~20 DEF CON talks.
Daniel Miessler describes how to automate your OSINT and recon processes so you can find more and better bugs with less manual effort.
Daniel Miessler on automating your recon workflow, I was on a few podcasts, how to compromise GCP orgs via cloud API lateral movement & privilege escalation.
How to go from no CSP to a solid CSP, automatically creating baseline security tests from a threat model, tools to automagically decode random blobs.
GitHub security engineer Neil Matatall gives an overview of CSP: how it works, how to go from no CSP to a solid CSP, and how GitHub implements CSP.
test twitter links
Protecting your public S3 buckets, how to find, prevent, and fix regular expression DoS, and walk step-by-step through the OAuth flow.
Using lightweight formal methods in the real world, new web mitigations for injection vulns and isolation capabilities, GPT-3 is magic.
Jean Yang, Hongyi Hu, and Hillel Wayne discuss making programming languages/model checking more accessible, give an overview of TLA+ and Alloy, and successfully avoid fisticuffs over unbounded vs bounded analyses
![[tl;dr sec] #51 - Continuous Cloud Monitoring, Web Browser for Hackers, How GitHub Threat Models](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2024-11-21_at_10.48.21_AM.png)
