From Security Weekly Wiki
Jump to navigationJump to search
Revision as of 18:07, 19 April 2020 by Mike Shema (Created page with "* [https://insomniasec.com/blog/auth0-jwt-validation-bypass JSON Web Token Validation Bypass in Auth0 Authentication API] because JWT is jam-packed with traps for DevOps teams...")
- JSON Web Token Validation Bypass in Auth0 Authentication API because JWT is jam-packed with traps for DevOps teams, which is why you might be interested in paseto.io.
- Mining for malicious Ruby gems makes a dash to profit from DevOps mistakes and underscores the need for software composition analysis.
- A Brief History of a Rootable Docker Image highlights the risk of running insecure software and the danger of trust in image repositories.
- Privacy In The Time Of COVID touches on threat modeling, appsec, and privacy by design that can seed educational discussions with DevOps teams.
- Threat modeling explained: A process for anticipating cyber attacks and an overview of different approaches that ultimately boils down to "What are we building and what could go wrong?"