Posts by Tag

tldr_sec

Container Security

1 minute read

A collection of container security resources and tools, organized by category.

On Accepting Sponsors

7 minute read

tl;dr sec’s goals, values, and our thought process behind accepting sponsors. Sponsors will be clearly demarcated and will not affect the rest of the content.

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

Back to Top ↑

aws

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

Back to Top ↑

summary

Learnings from Duo

11 minute read

Jon Oberheide on Duo’s story, from conception through acquisition, and the important lessons he learned along the way.

The Art of Vulnerability Management

10 minute read

Alexandra Nassar of Medallia describes how to create a positive vulnerability management culture and process that works for engineers and the security team.

Data Driven Bug Bounty

11 minute read

Arkadiy Tetelman describes how to effectively launch a bug bounty program and how tracking vulnerability metrics can make an AppSec team more impactful.

SCORE Bot: Shift Left, at Scale!

10 minute read

Vidhu Jayabalan and Laksh Raghavan present SCORE-Bot, PayPal’s light-weight, continuous code scanning tool that hooks into their CI/CD pipeline.

Back to Top ↑

cloud_security

Back to Top ↑

2019

The Art of Vulnerability Management

10 minute read

Alexandra Nassar of Medallia describes how to create a positive vulnerability management culture and process that works for engineers and the security team.

DevSecCon Tel Aviv 2019 Roundup

5 minute read

Practical steps to start managing your secrets properly, continuous threat modeling, container security stats and best practices, and my thoughts on the futu...

Data Driven Bug Bounty

11 minute read

Arkadiy Tetelman describes how to effectively launch a bug bounty program and how tracking vulnerability metrics can make an AppSec team more impactful.

BSidesSF 2019: DevSecOps State of the Union

less than 1 minute read

There’s been a lot of great research in SecDevOps over the past few years. This talk organizes and references around 40 useful talks in the space.

Back to Top ↑

industry

The Art of Vulnerability Management

10 minute read

Alexandra Nassar of Medallia describes how to create a positive vulnerability management culture and process that works for engineers and the security team.

Data Driven Bug Bounty

11 minute read

Arkadiy Tetelman describes how to effectively launch a bug bounty program and how tracking vulnerability metrics can make an AppSec team more impactful.

SCORE Bot: Shift Left, at Scale!

10 minute read

Vidhu Jayabalan and Laksh Raghavan present SCORE-Bot, PayPal’s light-weight, continuous code scanning tool that hooks into their CI/CD pipeline.

BSidesSF 2019: DevSecOps State of the Union

less than 1 minute read

There’s been a lot of great research in SecDevOps over the past few years. This talk organizes and references around 40 useful talks in the space.

Back to Top ↑

devsecops

DevSecCon Tel Aviv 2019 Roundup

5 minute read

Practical steps to start managing your secrets properly, continuous threat modeling, container security stats and best practices, and my thoughts on the futu...

SCORE Bot: Shift Left, at Scale!

10 minute read

Vidhu Jayabalan and Laksh Raghavan present SCORE-Bot, PayPal’s light-weight, continuous code scanning tool that hooks into their CI/CD pipeline.

BSidesSF 2019: DevSecOps State of the Union

less than 1 minute read

There’s been a lot of great research in SecDevOps over the past few years. This talk organizes and references around 40 useful talks in the space.

Back to Top ↑

static_analysis

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

SCORE Bot: Shift Left, at Scale!

10 minute read

Vidhu Jayabalan and Laksh Raghavan present SCORE-Bot, PayPal’s light-weight, continuous code scanning tool that hooks into their CI/CD pipeline.

BSidesSF 2019: DevSecOps State of the Union

less than 1 minute read

There’s been a lot of great research in SecDevOps over the past few years. This talk organizes and references around 40 useful talks in the space.

Back to Top ↑

fuzzing

Back to Top ↑

web_security

Back to Top ↑

security_culture

Back to Top ↑

privacy

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

Back to Top ↑

blue_team

The Art of Vulnerability Management

10 minute read

Alexandra Nassar of Medallia describes how to create a positive vulnerability management culture and process that works for engineers and the security team.

Back to Top ↑

red_team

Back to Top ↑

con_appsec_cali

Back to Top ↑

osint

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

Back to Top ↑

kubernetes

Back to Top ↑

threat_modeling

DevSecCon Tel Aviv 2019 Roundup

5 minute read

Practical steps to start managing your secrets properly, continuous threat modeling, container security stats and best practices, and my thoughts on the futu...

Back to Top ↑

web_app_security

Back to Top ↑

container_security

Container Security

1 minute read

A collection of container security resources and tools, organized by category.

Back to Top ↑

program_analysis

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

BSidesSF 2019: DevSecOps State of the Union

less than 1 minute read

There’s been a lot of great research in SecDevOps over the past few years. This talk organizes and references around 40 useful talks in the space.

Back to Top ↑

sdlc

Back to Top ↑

bug_bounty

Data Driven Bug Bounty

11 minute read

Arkadiy Tetelman describes how to effectively launch a bug bounty program and how tracking vulnerability metrics can make an AppSec team more impactful.

Back to Top ↑

xss

Back to Top ↑

politics

Back to Top ↑

azure

Back to Top ↑

reverse_engineering

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

Back to Top ↑

dns_rebinding

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

Back to Top ↑

compliance

Back to Top ↑

con_devseccon

DevSecCon Tel Aviv 2019 Roundup

5 minute read

Practical steps to start managing your secrets properly, continuous threat modeling, container security stats and best practices, and my thoughts on the futu...

Back to Top ↑

asset_inventory

Back to Top ↑

secrets_management

DevSecCon Tel Aviv 2019 Roundup

5 minute read

Practical steps to start managing your secrets properly, continuous threat modeling, container security stats and best practices, and my thoughts on the futu...

Back to Top ↑

podcast

Back to Top ↑

terraform

Back to Top ↑

career

Back to Top ↑

istio

Back to Top ↑

startup

Learnings from Duo

11 minute read

Jon Oberheide on Duo’s story, from conception through acquisition, and the important lessons he learned along the way.

Back to Top ↑

academia

Back to Top ↑

our_research

BSidesSF 2019: DevSecOps State of the Union

less than 1 minute read

There’s been a lot of great research in SecDevOps over the past few years. This talk organizes and references around 40 useful talks in the space.

Back to Top ↑

con_bsides_sf

BSidesSF 2019: DevSecOps State of the Union

less than 1 minute read

There’s been a lot of great research in SecDevOps over the past few years. This talk organizes and references around 40 useful talks in the space.

Back to Top ↑

con_appsec_usa

SCORE Bot: Shift Left, at Scale!

10 minute read

Vidhu Jayabalan and Laksh Raghavan present SCORE-Bot, PayPal’s light-weight, continuous code scanning tool that hooks into their CI/CD pipeline.

Back to Top ↑

2018

SCORE Bot: Shift Left, at Scale!

10 minute read

Vidhu Jayabalan and Laksh Raghavan present SCORE-Bot, PayPal’s light-weight, continuous code scanning tool that hooks into their CI/CD pipeline.

Back to Top ↑

con_bsidessf

Data Driven Bug Bounty

11 minute read

Arkadiy Tetelman describes how to effectively launch a bug bounty program and how tracking vulnerability metrics can make an AppSec team more impactful.

Back to Top ↑

security_metrics

Data Driven Bug Bounty

11 minute read

Arkadiy Tetelman describes how to effectively launch a bug bounty program and how tracking vulnerability metrics can make an AppSec team more impactful.

Back to Top ↑

con_blackhat_usa

Back to Top ↑

2017

Back to Top ↑

keynote

Back to Top ↑

responsible_disclosure

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

Back to Top ↑

ai

Back to Top ↑

censorship

Back to Top ↑

firefox

Back to Top ↑

con_shellcon

Back to Top ↑

detection_response

Back to Top ↑

con_global_appsec_amsterdam

Back to Top ↑

c

Back to Top ↑

pen_testing

Back to Top ↑

machine_learning

Back to Top ↑

metrics

The Art of Vulnerability Management

10 minute read

Alexandra Nassar of Medallia describes how to create a positive vulnerability management culture and process that works for engineers and the security team.

Back to Top ↑

vuln_management

The Art of Vulnerability Management

10 minute read

Alexandra Nassar of Medallia describes how to create a positive vulnerability management culture and process that works for engineers and the security team.

Back to Top ↑

con_appsec_ali

The Art of Vulnerability Management

10 minute read

Alexandra Nassar of Medallia describes how to create a positive vulnerability management culture and process that works for engineers and the security team.

Back to Top ↑

absolute_appsec

Back to Top ↑

supply_chain_security

Back to Top ↑

humor

Back to Top ↑

twitter

Back to Top ↑

economics

Back to Top ↑

ransomware

Back to Top ↑

con_blackhat

Back to Top ↑

google

Back to Top ↑

beyond_corp

Back to Top ↑

startup_security

Back to Top ↑

culture

Back to Top ↑

graphql

Back to Top ↑

deserialization

Back to Top ↑

containers

Back to Top ↑

automatic_exploit_generation

Back to Top ↑

writing

Back to Top ↑

side_channels

Back to Top ↑

entrepreneurship

Learnings from Duo

11 minute read

Jon Oberheide on Duo’s story, from conception through acquisition, and the important lessons he learned along the way.

Back to Top ↑

compensation

Back to Top ↑

soc2

Back to Top ↑

home_security

Back to Top ↑

security_engineering

Back to Top ↑

vault

Back to Top ↑

2fa

Back to Top ↑

phishing

Back to Top ↑

frida

Back to Top ↑

instrumentation

Back to Top ↑

browser_extension_security

Back to Top ↑

shakespeare

Back to Top ↑

building_security_program

Back to Top ↑

gcp

Back to Top ↑

malware

Back to Top ↑

ebpf

Back to Top ↑

personal_knowledge_management

Back to Top ↑

mobile_security

Back to Top ↑

ios

Back to Top ↑

honeypot

Back to Top ↑

elasticsearch

Back to Top ↑

original_content

On Accepting Sponsors

7 minute read

tl;dr sec’s goals, values, and our thought process behind accepting sponsors. Sponsors will be clearly demarcated and will not affect the rest of the content.

Back to Top ↑

continus_monitoring

Back to Top ↑

scaling_security

Back to Top ↑

formal_methods

Back to Top ↑

programming_languages

Back to Top ↑

alloy

Back to Top ↑

tlaplus

Back to Top ↑

csp

Back to Top ↑

recon

Back to Top ↑

app_sec

Back to Top ↑

secure_architectures

Back to Top ↑

bsides_sf

Back to Top ↑

2020

Back to Top ↑

breach

Back to Top ↑

stratechery

Stratechery: Aggregation Theory

1 minute read

Ben Thompson describes how properties of the Internet enable companies providing the best user experience to win, which leads to a virtuous but anti-competit...

Back to Top ↑

business_model

Stratechery: Aggregation Theory

1 minute read

Ben Thompson describes how properties of the Internet enable companies providing the best user experience to win, which leads to a virtuous but anti-competit...

Back to Top ↑