https://abs.twimg.com/emoji/v2/... draggable="false" alt="📚" title="Books" aria-label="Emoji: Books"> tl;dr sec #29
* @leifdreizler how to run a #bugbounty program
* @Doyensec released a #GraphQL testing tool
* @0xdabbad00 #AWS Service Control Policy best practices
* @samwcyo on attacking secondary contexts in web apps
* @snyff on Unicode regex hijinks https://tldrsec.com/blog/tldr-sec-029/">https://tldrsec.com/blog/tldr...

Hey! Help me improve tl;dr sec https://abs.twimg.com/emoji/v2/... draggable="false" alt="🙌" title="Raising hands" aria-label="Emoji: Raising hands">

I& #39;m thinking about what to focus on in the newsletter, e.g.
* How much context to include with links?
* Focus on links vs summarizing talks?

Which of the following is *most* useful to you?

Check out @Doyensec& #39;s tool to make testing GraphQL easier: https://blog.doyensec.com/2020/03/26/graphql-scanner.html

If">https://blog.doyensec.com/2020/03/2... you test web apps, @samwcyo& #39;s slides have some excellent tips: #slide=id.p">https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8/preview #slide=id.p

Integrate">https://docs.google.com/presentat... CLI tools into your @Burp_Suite testing workflow easily with Piper: https://blog.silentsignal.eu/2020/03/27/unix-style-approach-to-web-application-testing/">https://blog.silentsignal.eu/2020/03/2...

Tool to execute padding oracle attacks easily: https://github.com/KishanBagaria/padding-oracle-attacker

RFC">https://github.com/KishanBag... for #jwt security best practices:
https://www.rfc-editor.org/rfc/rfc8725.html

Evaluate">https://www.rfc-editor.org/rfc/rfc87... the config of your managed #Kubernetes
https://github.com/darkbitio/mkit 

Write">https://github.com/darkbitio... #Kubernetes network policies easier:
https://kinvolk.io/blog/2020/03/writing-kubernetes-network-policies-with-inspektor-gadgets-network-policy-advisor/">https://kinvolk.io/blog/2020...

https://abs.twimg.com/emoji/v2/... draggable="false" alt="🔥" title="Fire" aria-label="Emoji: Fire"> by @0xdabbad00 on using #AWS Service Control Policies to restrict account actions.

Example policies: allow only approved services/regions, deny root user access, require IMDSv2, protect security baseline, and more! https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤘" title="Sign of the horns" aria-label="Emoji: Sign of the horns">

https://summitroute.com/blog/2020/03/25/aws_scp_best_practices/">https://summitroute.com/blog/2020...

@leifdreizler wrote one of my favorite "how to run a #bugbounty" posts I& #39;ve read.

Definitely check it out if you are or are considering running a bug bounty program; lots of practical, actionable tips. https://segment.com/blog/bug-bounty-at-segment/">https://segment.com/blog/bug-...

Want to crunch some #COVID19 stats yourself?

Check out https://bit.io/covid/ ">https://bit.io/covid/&qu... for easy SQL access to some of the latest data.

If you liked this thread, check out tl;dr sec, a weekly-ish newsletter I send out with:

https://abs.twimg.com/emoji/v2/... draggable="false" alt="📚" title="Books" aria-label="Emoji: Books"> Summaries of great security talks
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🛠️" title="Hammer and wrench" aria-label="Emoji: Hammer and wrench"> The latest tools and useful blog posts
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🧪" title="Test tube" aria-label="Emoji: Test tube"> My various research projects

Thanks for reading, have a great day! https://abs.twimg.com/emoji/v2/... draggable="false" alt="😎" title="Smiling face with sunglasses" aria-label="Emoji: Smiling face with sunglasses"> https://tldrsec.com/ ">https://tldrsec.com/">...