Archive

NewsletterNewsletter
[tl;dr sec] #52 - Prioritizing 3rd Party Vulnerabilities to Fix, LangSec History, Distilled Compliance Controls

[tl;dr sec] #52 - Prioritizing 3rd Party Vulnerabilities to Fix, LangSec History, Distilled Compliance Controls

How to prioritize vulnerabilities in your dependencies, some history and context around LangSec, and a set of common controls across 10+ standards.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #43 - Continuous AppSec Scanning, Threat Modeling, Career Advice from Feynman

[tl;dr sec] #43 - Continuous AppSec Scanning, Threat Modeling, Career Advice from Feynman

How to continuously discover, monitor, and assess your web assets, threat modeling + agile, Richard Feynman on the problems you choose to tackle.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #42 - tl;dr sec Search, Towards Trusted Sensing, Root Causes of Procrastination

[tl;dr sec] #42 - tl;dr sec Search, Towards Trusted Sensing, Root Causes of Procrastination

tl;dr sec now supports search, snapshotting VMs at scale in a way malware can't evade, reflections on why we procrastinate.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #41 - Threat Modeling Kubernetes, Secret Scanner Benchmark, OWASP Software Component Verification Standard

[tl;dr sec] #41 - Threat Modeling Kubernetes, Secret Scanner Benchmark, OWASP Software Component Verification Standard

Overview of current work threat modeling Kubernetes, a repo to test your secret scanning, and v1 of OWASP's standard on identifying/reducing supply chain risk.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #40 - Uber's Continuous AWS Monitoring, AWS's Hands-off Deployments, Auto-remove Unneeded Feature Flags

[tl;dr sec] #40 - Uber's Continuous AWS Monitoring, AWS's Hands-off Deployments, Auto-remove Unneeded Feature Flags

Uber continuous AWS monitoring tool and process, how AWS does safe, fast, continuous deployment, tool to auto-delete no longer needed feature flags.

Clint Gibler
Clint Gibler
BlogBlog
How Uber Continuously Monitors the Security of its AWS Environment

How Uber Continuously Monitors the Security of its AWS Environment

Uber describes their continuous cloud monitoring service and the workflows and process design that makes it successfully adopted by engineering teams.

Clint Gibler
Clint Gibler
[tl;dr sec] #39 - Evidence Based Security, Web Security, and Program Analysis

[tl;dr sec] #39 - Evidence Based Security, Web Security, and Program Analysis

[tl;dr sec] #39 - Evidence Based Security, Web Security

NewsletterNewsletter
[tl;dr sec] #38 - Threat Modeling for Devs, Attacking JWTs, On Accepting Ads

[tl;dr sec] #38 - Threat Modeling for Devs, Attacking JWTs, On Accepting Ads

Effectively teaching devs threat modeling, forging and cracking JWTs, and some radical transparency about our process of deciding to accept sponsors.

Clint Gibler
Clint Gibler
SummarySummary
BoMs Away - Why Everyone Should Have a BoM

BoMs Away - Why Everyone Should Have a BoM

In this talk, Steve describes the various use cases of a software bill-of-materials (BOM), including facilitating accurate vulnerability and other supply-chain risk analysis, and gives a demo of OWASP Dependency-Track, an open source supply chain component analysis platform.

Clint Gibler
Clint Gibler
BlogBlog
On Accepting Sponsors

On Accepting Sponsors

tl;dr sec’s goals, values, and our thought process behind accepting sponsors. Sponsors will be clearly demarcated and will not affect the rest of the content.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #37 - Kubernetes, SAST Snark, and Malware Targeting Open Source Supply Chain

[tl;dr sec] #37 - Kubernetes, SAST Snark, and Malware Targeting Open Source Supply Chain

Using Kubernetes + OPA, Twitter SAST snark & lessons learned, malware discovered on GitHub targeting the open source supply chain.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #36 - AWS Security Maturity Roadmap, Fuzzing, Dynamic Infra for Security Testing

[tl;dr sec] #36 - AWS Security Maturity Roadmap, Fuzzing, Dynamic Infra for Security Testing

An AWS Security Maturity Roadmap for 2020, fuzzing the Windows kernel & differential crypto fuzzing, easily spin up a cloud env for security testing

Clint Gibler
Clint Gibler
FirstBack
1819202122232425
Next Last