Read on Twitter
tl;dr sec #29* @leifdreizler how to run a #bugbounty program
* @Doyensec released a #GraphQL testing tool
* @0xdabbad00 #AWS Service Control Policy best practices
* @samwcyo on attacking secondary contexts in web apps
* @snyff on Unicode regex hijinks https://tldrsec.com/blog/tldr-sec-029/
Hey! Help me improve tl;dr sec 
I'm thinking about what to focus on in the newsletter, e.g.
* How much context to include with links?
* Focus on links vs summarizing talks?
Which of the following is *most* useful to you?
I'm thinking about what to focus on in the newsletter, e.g.
* How much context to include with links?
* Focus on links vs summarizing talks?
Which of the following is *most* useful to you?
Check out @Doyensec's tool to make testing GraphQL easier: https://blog.doyensec.com/2020/03/26/graphql-scanner.html
If you test web apps, @samwcyo's slides have some excellent tips: https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8/preview#slide=id.p
Integrate CLI tools into your @Burp_Suite testing workflow easily with Piper: https://blog.silentsignal.eu/2020/03/27/unix-style-approach-to-web-application-testing/
If you test web apps, @samwcyo's slides have some excellent tips: https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8/preview#slide=id.p
Integrate CLI tools into your @Burp_Suite testing workflow easily with Piper: https://blog.silentsignal.eu/2020/03/27/unix-style-approach-to-web-application-testing/
Tool to execute padding oracle attacks easily: https://github.com/KishanBagaria/padding-oracle-attacker
RFC for #jwt security best practices:
https://www.rfc-editor.org/rfc/rfc8725.html
Evaluate the config of your managed #Kubernetes
https://github.com/darkbitio/mkit
Write #Kubernetes network policies easier:
https://kinvolk.io/blog/2020/03/writing-kubernetes-network-policies-with-inspektor-gadgets-network-policy-advisor/
RFC for #jwt security best practices:
https://www.rfc-editor.org/rfc/rfc8725.html
Evaluate the config of your managed #Kubernetes
https://github.com/darkbitio/mkit
Write #Kubernetes network policies easier:
https://kinvolk.io/blog/2020/03/writing-kubernetes-network-policies-with-inspektor-gadgets-network-policy-advisor/
by @0xdabbad00 on using #AWS Service Control Policies to restrict account actions.Example policies: allow only approved services/regions, deny root user access, require IMDSv2, protect security baseline, and more!
https://summitroute.com/blog/2020/03/25/aws_scp_best_practices/
@leifdreizler wrote one of my favorite "how to run a #bugbounty" posts I've read.
Definitely check it out if you are or are considering running a bug bounty program; lots of practical, actionable tips. https://segment.com/blog/bug-bounty-at-segment/
Definitely check it out if you are or are considering running a bug bounty program; lots of practical, actionable tips. https://segment.com/blog/bug-bounty-at-segment/
Want to crunch some #COVID19 stats yourself?
Check out https://bit.io/covid/ for easy SQL access to some of the latest data.
Check out https://bit.io/covid/ for easy SQL access to some of the latest data.
If you liked this thread, check out tl;dr sec, a weekly-ish newsletter I send out with:
Summaries of great security talks
The latest tools and useful blog posts
My various research projects
Thanks for reading, have a great day!
https://tldrsec.com/
Summaries of great security talks The latest tools and useful blog posts My various research projectsThanks for reading, have a great day!
https://tldrsec.com/
