Posts by Tag

tldr_sec

On Accepting Sponsors

7 minute read

tl;dr sec’s goals, values, and our thought process behind accepting sponsors. Sponsors will be clearly demarcated and will not affect the rest of the content.

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

Back to Top ↑

aws

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

Back to Top ↑

cloud_security

Back to Top ↑

2019

The Art of Vulnerability Management

10 minute read

Alexandra Nassar of Medallia describes how to create a positive vulnerability management culture and process that works for engineers and the security team.

DevSecCon Tel Aviv 2019 Roundup

5 minute read

Practical steps to start managing your secrets properly, continuous threat modeling, container security stats and best practices, and my thoughts on the futu...

Data Driven Bug Bounty

11 minute read

Arkadiy Tetelman describes how to effectively launch a bug bounty program and how tracking vulnerability metrics can make an AppSec team more impactful.

Back to Top ↑

industry

The Art of Vulnerability Management

10 minute read

Alexandra Nassar of Medallia describes how to create a positive vulnerability management culture and process that works for engineers and the security team.

Data Driven Bug Bounty

11 minute read

Arkadiy Tetelman describes how to effectively launch a bug bounty program and how tracking vulnerability metrics can make an AppSec team more impactful.

SCORE Bot: Shift Left, at Scale!

10 minute read

Vidhu Jayabalan and Laksh Raghavan present SCORE-Bot, PayPal’s light-weight, continuous code scanning tool that hooks into their CI/CD pipeline.

Back to Top ↑

summary

Learnings from Duo

11 minute read

Jon Oberheide on Duo’s story, from conception through acquisition, and the important lessons he learned along the way.

The Art of Vulnerability Management

10 minute read

Alexandra Nassar of Medallia describes how to create a positive vulnerability management culture and process that works for engineers and the security team.

Data Driven Bug Bounty

11 minute read

Arkadiy Tetelman describes how to effectively launch a bug bounty program and how tracking vulnerability metrics can make an AppSec team more impactful.

SCORE Bot: Shift Left, at Scale!

10 minute read

Vidhu Jayabalan and Laksh Raghavan present SCORE-Bot, PayPal’s light-weight, continuous code scanning tool that hooks into their CI/CD pipeline.

Back to Top ↑

devsecops

DevSecCon Tel Aviv 2019 Roundup

5 minute read

Practical steps to start managing your secrets properly, continuous threat modeling, container security stats and best practices, and my thoughts on the futu...

SCORE Bot: Shift Left, at Scale!

10 minute read

Vidhu Jayabalan and Laksh Raghavan present SCORE-Bot, PayPal’s light-weight, continuous code scanning tool that hooks into their CI/CD pipeline.

Back to Top ↑

static_analysis

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

SCORE Bot: Shift Left, at Scale!

10 minute read

Vidhu Jayabalan and Laksh Raghavan present SCORE-Bot, PayPal’s light-weight, continuous code scanning tool that hooks into their CI/CD pipeline.

Back to Top ↑

fuzzing

Back to Top ↑

security_culture

Back to Top ↑

privacy

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

Back to Top ↑

web_security

Back to Top ↑

blue_team

The Art of Vulnerability Management

10 minute read

Alexandra Nassar of Medallia describes how to create a positive vulnerability management culture and process that works for engineers and the security team.

Back to Top ↑

con_appsec_cali

Back to Top ↑

red_team

Back to Top ↑

osint

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

Back to Top ↑

kubernetes

Back to Top ↑

threat_modeling

DevSecCon Tel Aviv 2019 Roundup

5 minute read

Practical steps to start managing your secrets properly, continuous threat modeling, container security stats and best practices, and my thoughts on the futu...

Back to Top ↑

web_app_security

Back to Top ↑

program_analysis

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

Back to Top ↑

sdlc

Back to Top ↑

bug_bounty

Data Driven Bug Bounty

11 minute read

Arkadiy Tetelman describes how to effectively launch a bug bounty program and how tracking vulnerability metrics can make an AppSec team more impactful.

Back to Top ↑

xss

Back to Top ↑

politics

Back to Top ↑

azure

Back to Top ↑

container_security

Back to Top ↑

reverse_engineering

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

Back to Top ↑

dns_rebinding

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

Back to Top ↑

con_devseccon

DevSecCon Tel Aviv 2019 Roundup

5 minute read

Practical steps to start managing your secrets properly, continuous threat modeling, container security stats and best practices, and my thoughts on the futu...

Back to Top ↑

asset_inventory

Back to Top ↑

secrets_management

DevSecCon Tel Aviv 2019 Roundup

5 minute read

Practical steps to start managing your secrets properly, continuous threat modeling, container security stats and best practices, and my thoughts on the futu...

Back to Top ↑

podcast

Back to Top ↑

terraform

Back to Top ↑

career

Back to Top ↑

istio

Back to Top ↑

startup

Learnings from Duo

11 minute read

Jon Oberheide on Duo’s story, from conception through acquisition, and the important lessons he learned along the way.

Back to Top ↑

our_research

Back to Top ↑

con_bsides_sf

Back to Top ↑

con_appsec_usa

SCORE Bot: Shift Left, at Scale!

10 minute read

Vidhu Jayabalan and Laksh Raghavan present SCORE-Bot, PayPal’s light-weight, continuous code scanning tool that hooks into their CI/CD pipeline.

Back to Top ↑

2018

SCORE Bot: Shift Left, at Scale!

10 minute read

Vidhu Jayabalan and Laksh Raghavan present SCORE-Bot, PayPal’s light-weight, continuous code scanning tool that hooks into their CI/CD pipeline.

Back to Top ↑

con_bsidessf

Data Driven Bug Bounty

11 minute read

Arkadiy Tetelman describes how to effectively launch a bug bounty program and how tracking vulnerability metrics can make an AppSec team more impactful.

Back to Top ↑

security_metrics

Data Driven Bug Bounty

11 minute read

Arkadiy Tetelman describes how to effectively launch a bug bounty program and how tracking vulnerability metrics can make an AppSec team more impactful.

Back to Top ↑

con_blackhat_usa

Back to Top ↑

2017

Back to Top ↑

keynote

Back to Top ↑

responsible_disclosure

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

Back to Top ↑

ai

Back to Top ↑

compliance

Back to Top ↑

censorship

Back to Top ↑

firefox

Back to Top ↑

con_shellcon

Back to Top ↑

detection_response

Back to Top ↑

con_global_appsec_amsterdam

Back to Top ↑

c

Back to Top ↑

pen_testing

Back to Top ↑

machine_learning

Back to Top ↑

metrics

The Art of Vulnerability Management

10 minute read

Alexandra Nassar of Medallia describes how to create a positive vulnerability management culture and process that works for engineers and the security team.

Back to Top ↑

vuln_management

The Art of Vulnerability Management

10 minute read

Alexandra Nassar of Medallia describes how to create a positive vulnerability management culture and process that works for engineers and the security team.

Back to Top ↑

con_appsec_ali

The Art of Vulnerability Management

10 minute read

Alexandra Nassar of Medallia describes how to create a positive vulnerability management culture and process that works for engineers and the security team.

Back to Top ↑

absolute_appsec

Back to Top ↑

supply_chain_security

Back to Top ↑

humor

Back to Top ↑

twitter

Back to Top ↑

economics

Back to Top ↑

ransomware

Back to Top ↑

con_blackhat

Back to Top ↑

google

Back to Top ↑

beyond_corp

Back to Top ↑

startup_security

Back to Top ↑

culture

Back to Top ↑

graphql

Back to Top ↑

deserialization

Back to Top ↑

containers

Back to Top ↑

automatic_exploit_generation

Back to Top ↑

writing

Back to Top ↑

side_channels

Back to Top ↑

entrepreneurship

Learnings from Duo

11 minute read

Jon Oberheide on Duo’s story, from conception through acquisition, and the important lessons he learned along the way.

Back to Top ↑

compensation

Back to Top ↑

soc2

Back to Top ↑

home_security

Back to Top ↑

security_engineering

Back to Top ↑

vault

Back to Top ↑

2fa

Back to Top ↑

phishing

Back to Top ↑

academia

Back to Top ↑

frida

Back to Top ↑

instrumentation

Back to Top ↑

browser_extension_security

Back to Top ↑

shakespeare

Back to Top ↑

building_security_program

Back to Top ↑

gcp

Back to Top ↑

malware

Back to Top ↑

ebpf

Back to Top ↑

personal_knowledge_management

Back to Top ↑

mobile_security

Back to Top ↑

ios

Back to Top ↑

honeypot

Back to Top ↑

elasticsearch

Back to Top ↑

original_content

On Accepting Sponsors

7 minute read

tl;dr sec’s goals, values, and our thought process behind accepting sponsors. Sponsors will be clearly demarcated and will not affect the rest of the content.

Back to Top ↑

continus_monitoring

Back to Top ↑

scaling_security

Back to Top ↑