* @leifdreizler how to run a #bugbounty program
* @Doyensec released a #GraphQL testing tool
* @0xdabbad00 #AWS Service Control Policy best practices
* @samwcyo on attacking secondary contexts in web apps
* @snyff on Unicode regex hijinks https://tldrsec.com/blog/tldr-sec-029/">https://tldrsec.com/blog/tldr...
Hey! Help me improve tl;dr sec
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🙌" title="Raising hands" aria-label="Emoji: Raising hands">
I& #39;m thinking about what to focus on in the newsletter, e.g.
* How much context to include with links?
* Focus on links vs summarizing talks?
Which of the following is *most* useful to you?
I& #39;m thinking about what to focus on in the newsletter, e.g.
* How much context to include with links?
* Focus on links vs summarizing talks?
Which of the following is *most* useful to you?
Check out @Doyensec& #39;s tool to make testing GraphQL easier: https://blog.doyensec.com/2020/03/26/graphql-scanner.html
If">https://blog.doyensec.com/2020/03/2... you test web apps, @samwcyo& #39;s slides have some excellent tips: #slide=id.p">https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8/preview #slide=id.p
Integrate">https://docs.google.com/presentat... CLI tools into your @Burp_Suite testing workflow easily with Piper: https://blog.silentsignal.eu/2020/03/27/unix-style-approach-to-web-application-testing/">https://blog.silentsignal.eu/2020/03/2...
If">https://blog.doyensec.com/2020/03/2... you test web apps, @samwcyo& #39;s slides have some excellent tips: #slide=id.p">https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8/preview #slide=id.p
Integrate">https://docs.google.com/presentat... CLI tools into your @Burp_Suite testing workflow easily with Piper: https://blog.silentsignal.eu/2020/03/27/unix-style-approach-to-web-application-testing/">https://blog.silentsignal.eu/2020/03/2...
Tool to execute padding oracle attacks easily: https://github.com/KishanBagaria/padding-oracle-attacker
RFC">https://github.com/KishanBag... for #jwt security best practices:
https://www.rfc-editor.org/rfc/rfc8725.html
Evaluate">https://www.rfc-editor.org/rfc/rfc87... the config of your managed #Kubernetes
https://github.com/darkbitio/mkit
Write">https://github.com/darkbitio... #Kubernetes network policies easier:
https://kinvolk.io/blog/2020/03/writing-kubernetes-network-policies-with-inspektor-gadgets-network-policy-advisor/">https://kinvolk.io/blog/2020...
RFC">https://github.com/KishanBag... for #jwt security best practices:
https://www.rfc-editor.org/rfc/rfc8725.html
Evaluate">https://www.rfc-editor.org/rfc/rfc87... the config of your managed #Kubernetes
https://github.com/darkbitio/mkit
Write">https://github.com/darkbitio... #Kubernetes network policies easier:
https://kinvolk.io/blog/2020/03/writing-kubernetes-network-policies-with-inspektor-gadgets-network-policy-advisor/">https://kinvolk.io/blog/2020...
Example policies: allow only approved services/regions, deny root user access, require IMDSv2, protect security baseline, and more!
https://summitroute.com/blog/2020/03/25/aws_scp_best_practices/">https://summitroute.com/blog/2020...
@leifdreizler wrote one of my favorite "how to run a #bugbounty" posts I& #39;ve read.
Definitely check it out if you are or are considering running a bug bounty program; lots of practical, actionable tips. https://segment.com/blog/bug-bounty-at-segment/">https://segment.com/blog/bug-...
Definitely check it out if you are or are considering running a bug bounty program; lots of practical, actionable tips. https://segment.com/blog/bug-bounty-at-segment/">https://segment.com/blog/bug-...
Want to crunch some #COVID19 stats yourself?
Check out https://bit.io/covid/ ">https://bit.io/covid/&qu... for easy SQL access to some of the latest data.
Check out https://bit.io/covid/ ">https://bit.io/covid/&qu... for easy SQL access to some of the latest data.
If you liked this thread, check out tl;dr sec, a weekly-ish newsletter I send out with:
https://abs.twimg.com/emoji/v2/... draggable="false" alt="📚" title="Books" aria-label="Emoji: Books"> Summaries of great security talks
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🛠️" title="Hammer and wrench" aria-label="Emoji: Hammer and wrench"> The latest tools and useful blog posts
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🧪" title="Test tube" aria-label="Emoji: Test tube"> My various research projects
Thanks for reading, have a great day!
https://abs.twimg.com/emoji/v2/... draggable="false" alt="😎" title="Smiling face with sunglasses" aria-label="Emoji: Smiling face with sunglasses"> https://tldrsec.com/ ">https://tldrsec.com/">...
Thanks for reading, have a great day!