DevSecCon Tel Aviv 2019 talk notes, Slack releases Nebula, AWS instance metadata hardening, OSINT tips, struct padding can leak heap memory, deadlock challenges, formal methods.
Gusto's Nathan Yee on being impacful as an IC without a senior title in a start-up, intentionally vulnerable AWS infrastructure for training, and even more asset inventory offerings.
Browser default *SameSite* cookie settings will mostly kill CSRF, and a malicious header can block any web resource served by a CDN or proxy cache.
Some ShellCon talk summaries, Dropbox and Twilio on detection and response automation, updates from the Chrome security team.
Cloudflare's CTO on how they think about security, Salesforce's tool to make IAM least privilege policy generation easier, and finding XSS in Firefox's UI using AST matching.
Fuzzing is finding security bugs faster than CVEs can be issued, HTTP desync attacks advance, China's censorship power is felt around the world.
DevSecCon Seattle 2019 Round Up
Notes from an AppSec Cali 2019 panel, AWS security tools, fuzzing with grammars and Gitlab, and Google P0's iOS exploit chain discovery.
Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.
![[tl;dr sec] #14 - DevSecCon TLV, Slack's Secure Overlay Network, Dangers of Struct Padding](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2024-11-21_at_10.48.21_AM.png)
