Security

Security

Intro to AI Security Part 1: AI Security 101
Intro to AI Security Part 1: AI Security 101
For at least two years now I have been complaining about the lack of Artificial Intelligence (AI) Security resources. I complain about many…
·medium.com·
Intro to AI Security Part 1: AI Security 101
How to Fortify Your Docker Containers: A Guide to Advanced Security Practices
How to Fortify Your Docker Containers: A Guide to Advanced Security Practices
Introduction DevOps has been rapidly evolving in the software development landscape, and from the cornerstone Docker has emerged. Its ability to package applications into portable, scalable containers has taken deployment strategies to the next level. However, with this power, comes the responsibility of securing the containers. In this blog, we dive deep into advanced techniques and best practices for securing Docker containers, ensuring your deployments are not just efficient but also fortified against a variety of cyber threats.
·blog.coderco.io·
How to Fortify Your Docker Containers: A Guide to Advanced Security Practices
Rego 101: Introduction to Rego | Snyk
Rego 101: Introduction to Rego | Snyk
Learn how to write your first policy as code rules in Rego. This Rego tutorial for beginners covers the basics of Rego syntax and using OPA.
·snyk.io·
Rego 101: Introduction to Rego | Snyk
State of Cloud Security | Datadog
State of Cloud Security | Datadog
We analyzed data from thousands of organizations to understand the latest trends in cloud security posture.
·datadoghq.com·
State of Cloud Security | Datadog
Securing HTML fragments returned by API endpoints
Securing HTML fragments returned by API endpoints
A web application frontend often performs requests to a backend API. Even though this API is only supposed to be used by the frontend, it is usually also accessible with a browser. An attacker can use this to exploit vulnerabilities.
·sjoerdlangkemper.nl·
Securing HTML fragments returned by API endpoints
Cryptography Guidelines
Cryptography Guidelines
Guidance on implementing cryptography as a developer.
·samuellucas.com·
Cryptography Guidelines
Secure Code Review Tips to Defend Against Vulnerable Node.js Code
Secure Code Review Tips to Defend Against Vulnerable Node.js Code
How do you identify vulnerable code patterns? Can you spot insufficient input validation? Enhance your Node.js development security with this guide to secure code review.
·nodejs-security.com·
Secure Code Review Tips to Defend Against Vulnerable Node.js Code
The reckoning on cloud container and serverless security
The reckoning on cloud container and serverless security
Ephemeral infrastructure's transient nature has afforded it a 'free pass' on forensic examination in the past, but that window is closing.
·technologydecisions.com.au·
The reckoning on cloud container and serverless security
What the !#@% is a Passkey?
What the !#@% is a Passkey?
A new login technique is becoming available in 2023: the passkey. The passkey promises to solve phishing and prevent password reuse. But lots of smart and security-oriented folks are confused about what exactly a passkey is. There’s a good reason for that. A passkey is in some sense one of two (or three) different things, depending on how it’s stored.
·eff.org·
What the !#@% is a Passkey?
Serverless Security: Protecting Functions in the Cloud
Serverless Security: Protecting Functions in the Cloud
Serverless computing has revolutionized the way applications are built and deployed in the cloud. By abstracting away servers, serverless…
·medium.com·
Serverless Security: Protecting Functions in the Cloud
From Akamai to F5 to NTLM... with love.
From Akamai to F5 to NTLM... with love.
In this post, I am going to show the readers how I was able to abuse Akamai so I could abuse F5 to steal internal data including authorization and session tokens from their customers.
·blog.malicious.group·
From Akamai to F5 to NTLM... with love.
Threat Hunting: Detecting Browser Credential Stealing [T1555.003] - FourCore
Threat Hunting: Detecting Browser Credential Stealing [T1555.003] - FourCore
Adversaries can steal credentials, cookies and other private data from browsers using various techniques. We cover how you can simulate Credential Stealing From Browser s and detect it with your security tools. Sigma Rules Inside.
·fourcore.io·
Threat Hunting: Detecting Browser Credential Stealing [T1555.003] - FourCore