Browser default *SameSite* cookie settings will mostly kill CSRF, and a malicious header can block any web resource served by a CDN or proxy cache.
Some ShellCon talk summaries, Dropbox and Twilio on detection and response automation, updates from the Chrome security team.
Cloudflare's CTO on how they think about security, Salesforce's tool to make IAM least privilege policy generation easier, and finding XSS in Firefox's UI using AST matching.
Fuzzing is finding security bugs faster than CVEs can be issued, HTTP desync attacks advance, China's censorship power is felt around the world.
DevSecCon Seattle 2019 Round Up
Notes from an AppSec Cali 2019 panel, AWS security tools, fuzzing with grammars and Gitlab, and Google P0's iOS exploit chain discovery.
Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.
[tl;dr sec] #5 - Stepping Up Our Game (Black Hat 2017 keynote by Alex Stamos)
[tl;dr sec] #4: Data Driven Bug Bounty 📊