Container Security: AWS Lambda deep dive, two resources on hardening AWS EKS, Red Hat State of Kubernetes Security Report 2021.Cloud Security: Getting partial AWS account IDs for any Cloudfront website, defending against DNS exfiltration in AWS, building an attribute-based access control strategy with AWS SSO and Okta.Authorization: Carta's highly scalable permissions system inspired by Google's Zanzibar, code patterns for API authz, layering authz into an existing web app.AppSec: Massive list of resources, Orange Tsai's CTF exercises, web app decision tree generator, finding oversharing in Salesforce, guide to determine if you should run a bug bounty.I also chatted with John Kinsella and Adrian Sanabria on Application Security Weekly #156 on scaling security programs via secure defaults, how modern AppSec teams work with their engineering counterparts □, and other good stuff. See this video for the Semgrep demo portion with minute markers, and the beginning of the full video for how I got into improv comedy, the origin of tl dr sec and some lessons learned growing it, career thoughts, and more. I joined Lewis Ardern on one of the best named British Bake Off security podcasts, SecuriTEA & Crumpets. I’ve had the privilege of chatting with some awesome people recently. I’m tempted to include some lines, but I don’t want to spoil it, so here’s a taste: ![]() Programming or security themed parodies can be hit or miss, but this parody of Aladdin’s “A Whole New World” is □ I hope you’ve been doing well! A Whole New Code
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |