https://abs.twimg.com/emoji/v2/... draggable="false" alt="📚" title="Books" aria-label="Emoji: Books"> tl;dr sec #29
* @leifdreizler how to run a #bugbounty program
* @Doyensec released a #GraphQL testing tool
* @0xdabbad00 #AWS Service Control Policy best practices
* @samwcyo on attacking secondary contexts in web apps
* @snyff on Unicode regex hijinks https://tldrsec.com/blog/tldr-sec-029/">https://tldrsec.com/blog/tldr...
Hey! Help me improve tl;dr sec https://abs.twimg.com/emoji/v2/... draggable="false" alt="🙌" title="Raising hands" aria-label="Emoji: Raising hands">

I& #39;m thinking about what to focus on in the newsletter, e.g.
* How much context to include with links?
* Focus on links vs summarizing talks?

Which of the following is *most* useful to you?
Check out @Doyensec& #39;s tool to make testing GraphQL easier: https://blog.doyensec.com/2020/03/26/graphql-scanner.html

If">https://blog.doyensec.com/2020/03/2... you test web apps, @samwcyo& #39;s slides have some excellent tips: #slide=id.p">https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8/preview #slide=id.p

Integrate">https://docs.google.com/presentat... CLI tools into your @Burp_Suite testing workflow easily with Piper: https://blog.silentsignal.eu/2020/03/27/unix-style-approach-to-web-application-testing/">https://blog.silentsignal.eu/2020/03/2...
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🔥" title="Fire" aria-label="Emoji: Fire"> by @0xdabbad00 on using #AWS Service Control Policies to restrict account actions.

Example policies: allow only approved services/regions, deny root user access, require IMDSv2, protect security baseline, and more! https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤘" title="Sign of the horns" aria-label="Emoji: Sign of the horns">

https://summitroute.com/blog/2020/03/25/aws_scp_best_practices/">https://summitroute.com/blog/2020...
Want to crunch some #COVID19 stats yourself?

Check out https://bit.io/covid/ ">https://bit.io/covid/&qu... for easy SQL access to some of the latest data.
If you liked this thread, check out tl;dr sec, a weekly-ish newsletter I send out with:

https://abs.twimg.com/emoji/v2/... draggable="false" alt="📚" title="Books" aria-label="Emoji: Books"> Summaries of great security talks
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🛠️" title="Hammer and wrench" aria-label="Emoji: Hammer and wrench"> The latest tools and useful blog posts
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🧪" title="Test tube" aria-label="Emoji: Test tube"> My various research projects

Thanks for reading, have a great day! https://abs.twimg.com/emoji/v2/... draggable="false" alt="😎" title="Smiling face with sunglasses" aria-label="Emoji: Smiling face with sunglasses"> https://tldrsec.com/ ">https://tldrsec.com/">...
You can follow @clintgibler.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: