Posts by Year


Learnings from Duo

11 minute read

Jon Oberheide on Duo’s story, from conception through acquisition, and the important lessons he learned along the way.

Back to Top ↑


The Art of Vulnerability Management

10 minute read

Alexandra Nassar of Medallia describes how to create a positive vulnerability management culture and process that works for engineers and the security team.

DevSecCon Tel Aviv 2019 Roundup

5 minute read

Practical steps to start managing your secrets properly, continuous threat modeling, container security stats and best practices, and my thoughts on the futu...

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

Data Driven Bug Bounty

11 minute read

Arkadiy Tetelman describes how to effectively launch a bug bounty program and how tracking vulnerability metrics can make an AppSec team more impactful.

SCORE Bot: Shift Left, at Scale!

10 minute read

Vidhu Jayabalan and Laksh Raghavan present SCORE-Bot, PayPal’s light-weight, continuous code scanning tool that hooks into their CI/CD pipeline.

Back to Top ↑