Changes

From Security Weekly Wiki
Jump to navigationJump to search
1,120 bytes added ,  06:09, 16 December 2019
===== Bugs, Breaches, and More! =====
* [https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli Binary Planting with the npm CLI] is another way to describe one of our favorite attacks -- path traversal.
===== If you build it, they will come =====
* [https://threatpost.com/gitlab-doles-out-half-a-million-bucks-to-white-hats/151138/ GitLab Doles Out Half a Million Bucks to White Hats]
===== Learning & Tools =====
* [https://www.portal.reinvent.awsevents.com/connect/sessionDetail.ww?SESSION_ID=99692&csrftkn=4XP9-U8C5-0TGY-PJW6-G1VZ-DZPN-EZC3-HI1H Speculation & leakage: Timing side channels & multi-tenant computing] from AWS re:invent. A great talk from a the perspective of a threat model where such attacks are a critical part of the threat model.
* [https://medium.com/swlh/how-to-integrate-security-on-the-devops-pipeline-e36dea836d7b How can we integrate security into the DevOps pipelines?] By picking from many of the great resources in this article.
===== Food for Thought =====
* [https://www.microsoft.com/security/blog/2019/12/11/go-passwordless-strengthen-security-reduce-costs/ Go passwordless to strengthen security and reduce costs] -- and design your app to support these types of workflows, including account recovery.
{{SocialMedia}}
203

edits

Navigation menu