Takeaways from a Conversation Between Hackers and Program Managers
In our web event “Getting Vulnerable”, we brought together program managers Jill Moné-Corallo from GitHub, Garrett McNamara from ServiceNow, and Ansgar Pfeifer and Matthew Bryant…
Category: Mix
View vulnerabilities on Attack Surface page
View vulnerabilities on each asset across your attack surface The attack surface is where you can understand what you have exposed and whether you should…
Bug Bytes #206 – Citrix more like Crit-trix amiright?
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps…
AI and Machine Learning in Cybersecurity
Note: this post currently just has content on AI + reverse engineering, but check back soon and I’ll be covering AI applied to other topics…
Practical Continuous Threat Modeling Work for Your Team
Izar describes the attributes required by threat modelling approaches in order to succeed in Agile dev environments, how to build an organization that continuously threat…
Behind the Scenes: Securing In-House Execution of Unsafe Third-Party Executables
Mukul Khullar, Staff Security Engineer, LinkedIn twitter, linkedinabstract slides video Mukul recommends a three step defense-in-depth process for mitigating these risks. 1. Profile the executable Do your…
An Attacker’s View of Serverless and GraphQL Apps
An overview of functions-as-a-service (FaaS) and GraphQL, relevant security considerations and attacks, and a number of demos. What is Functions-as-a-Service (FaaS)? FaaS enables developers to…
Securing your Workspaces from a Bot Uprising
Real TalkOne thing I appreciated about this talk is that Kelly and Nikki kept it real. Most blog posts, talks, other externally facing communications by…
Preventing Mobile App and API Abuse
An overview of the mobile and API security cat and mouse game (securely storing secrets, TLS, cert pinning, bypassing protections via decompiling apps and hooking…
Node.js and NPM Ecosystem: What are the Security Stakes?
Vladimir de Turckheim, Software Engineer, Sqreen twitter, linkedinabstract slides video For vulnerabilities, a SQL injection example is given as well as regular expression denial of service, the…
the Clear Site Data Header
The new Clear-Site-Data HTTP header allows a website to tell a user’s browser to clear various browsing data (cookies, storage, cache, executionContexts) associated with the…
Building Cloud-Native Security for Apps and APIs with NGINX
Stepan Ilyin, Co-founder, Wallarm twitter, linkedinabstract slides video How NGINX modules and other tools can be combined to give you a nice dashboard of live malicious traffic,…