Archive

BlogBlog
An Overview of Software Supply Chain Security

An Overview of Software Supply Chain Security

A breakdown of what constitutes the software supply chain and how to secure each stage

Clint Gibler
Francis Odum
Clint Gibler, +1
NewsletterNewsletter
[tl;dr sec] #198 - Building a Detection as Code Pipeline, NIST on CI/CD Supply Chain Security, Finding Malware with LLMs

[tl;dr sec] #198 - Building a Detection as Code Pipeline, NIST on CI/CD Supply Chain Security, Finding Malware with LLMs

How to build and test a DaC pipeline, new NIST whitepaper on integrating supply chain security measures into CI/CD pipelines, and finding malicious PyPi/npm packages with LLMs

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #197 - Career Resources, Modern Security Podcast, Smashing the State Machine

[tl;dr sec] #197 - Career Resources, Modern Security Podcast, Smashing the State Machine

Tons of career resources and advice, I'm starting a podcast on modern security practices, finding tricky state machine web bugs

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #196 - How Secrets Leak in CI/CD, AI Threat Modeling, Supply Chain

[tl;dr sec] #196 - How Secrets Leak in CI/CD, AI Threat Modeling, Supply Chain

Some subtle ways secrets leak and how to mitigate, AI threat modeling for policymakers, in-toto and TACOS

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #195 - Kubernetes Exposed, SBOMs, Elastic's Vuln Management

[tl;dr sec] #195 - Kubernetes Exposed, SBOMs, Elastic's Vuln Management

Survey of misconfigured and openly accessible k8s clusters, several SBOM resources, how Elastic uses Elastic for vulnerability management

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #194 - CNAPPGoat, KubeFuzz, tl;dr sec swag

[tl;dr sec] #194 - CNAPPGoat, KubeFuzz, tl;dr sec swag

Multi-cloud open source tool to deploy vulnerable-by-design cloud resources, fuzzing Kubernetes Admission Controllers, where you can get tl;dr sec swag at Hacker Summer Camp

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #193 - ATT&CK for AI and SaaS, GitHub Actions Goat, Finding Bugs in Web App Routes

[tl;dr sec] #193 - ATT&CK for AI and SaaS, GitHub Actions Goat, Finding Bugs in Web App Routes

Common techniques and attack vectors for both AI and SaaS apps, a deliberately vulnerable GHA CI/CD environment, tool to find authentication and authorization bugs in web apps

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #192 - Google's AI Red Teaming, OWASP on Cloud Security, Trail of Bits' Testing Guide

[tl;dr sec] #192 - Google's AI Red Teaming, OWASP on Cloud Security, Trail of Bits' Testing Guide

Google's whitepaper on how they approach AI red teaming, OWASP's cloud architecture security cheatsheet, ToB on static/dynamic analysis tooling

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #191 - BadZure, Detection & Response Pipelines, 18K Subscribers!

[tl;dr sec] #191 - BadZure, Detection & Response Pipelines, 18K Subscribers!

Spin up purposefully vulnerable Azure AD tenants, detailed examples of modern detection pipelines, new subscriber milestone!

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #190 - Securely Build on AI, CISA Pen Test repo, Joining Google's Red Team

[tl;dr sec] #190 - Securely Build on AI, CISA Pen Test repo, Joining Google's Red Team

How to secure product features that leverage AI, CISA's repo of example penetration testing findings, how to join Google's red team and other career resources

Clint Gibler
Clint Gibler
BlogBlog
How to securely build product features using AI APIs

How to securely build product features using AI APIs

A Practitioner’s Guide to Consuming AI

Rami McCarthy
Rami McCarthy
NewsletterNewsletter
[tl;dr sec] #189 - CISA on Defending CI/CD, Backdooring NPM via S3, AI + Reverse Engineering

[tl;dr sec] #189 - CISA on Defending CI/CD, Backdooring NPM via S3, AI + Reverse Engineering

CISA/NSA's guide on defending cloud CI/CD, backdooring NPM modules depending on binaries in S3, I'm collecting AI + cybersecurity resources

Clint Gibler
Clint Gibler
FirstBack
345678910
Next Last