Skip to content

Latest commit

 

History

History
87 lines (87 loc) · 6.54 KB

interesting-links.md

File metadata and controls

87 lines (87 loc) · 6.54 KB

https://github.com/protectai/vulnhuntr
https://www.edr-telemetry.com/index.html
https://0xanalyst.github.io/Project-Lost/
https://docs.kernel.org/security/landlock.html
https://checkmarx.com/blog/this-new-supply-chain-attack-technique-can-trojanize-all-your-cli-commands/
https://www.gyan.ca/lessons-in-security-tooling-strategies-for-success/
https://www.resourcely.io/product/blueprints
https://rhinosecuritylabs.com/research/cloudgoat-sns_secrets/
https://tracebit.com/blog/breaching-the-data-perimeter-cloudtrail-as-a-mechanism-for-data-exfiltration
https://www.datadoghq.com/state-of-cloud-security/
https://danaepp.com/kev-cwe-attack-vector
https://corgea.com/Learn/understanding-ai-and-large-language-models-(llms)-a-guide-for-security-engineers
https://github.com/nccgroup/PMapper
https://secureslate.medium.com/7-best-user-access-review-tools-to-save-your-business-in-2024-168a74af2309
https://permify.co/post/open-source-identity-access-management-iam-solutions-for-enterprises/
https://medium.com/life-at-chime/monocle-how-chime-creates-a-proactive-security-engineering-culture-part-1-dedd3846127f
https://medium.com/life-at-chime/mitigating-risky-pull-requests-with-monocle-risk-advisor-part-2-7013e1485bf2
https://docs.google.com/presentation/d/1Jy-SvTuXItTH7Vpqq8O0anp4-FQKiZUShOcBeWxYowk/edit#slide=id.g21309ae7977_0_260
https://www.youtube.com/watch?v=TmRyZ7FB-HA
https://www.wiz.io/academy/open-policy-agent-opa
https://www.wiz.io/blog/getting-started-with-open-policy-agent-opa-to-improve-your-cloud-security
https://netflixtechblog.com/the-show-must-go-on-securing-netflix-studios-at-scale-19b801c86479
https://tldrsec.com/p/blog-appsec-cali-2019-lessons-learned-from-the-devsecops-trenches
https://securitychampions.owasp.org/
https://info.securityjourney.com/owasp-api-training-program
https://cwe.mitre.org/top25/archive/2024/2024_cwe_top25.html
https://github.com/ComplianceAsCode/content
https://awseye.com/
https://www.plerion.com/blog/what-do-hackers-know-about-your-aws-account
https://www.fogsecurity.io/blog/data-perimeters-with-resource-control-policies-and-aws-kms
https://www.wiz.io/blog/how-to-use-aws-resource-control-policies
https://medium.com/@oraspir/hands-on-security-tips-for-centralize-root-access-in-aws-assumeroot-5d315de423cd
https://alsmola.medium.com/access-approvals-considered-harmful-f24fa2fe2f87
https://github.com/specfy/stack-analyser
https://www.cloudflare.com/en-gb/learning/ssl/lava-lamp-encryption/
https://www.legitsecurity.com/blog/api-key-security-best-practices
https://www.anshumanbhartiya.com/posts/hackagent
https://www.anshumanbhartiya.com/posts/the-future-of-appsec
https://github.com/GerbenJavado/LinkFinder
https://arxiv.org/abs/2412.02776
https://www.invicti.com/blog/security-labs/brainstorm-tool-release-optimizing-web-fuzzing-with-local-llms/
https://www.wiz.io/blog/how-to-set-secure-defaults-on-aws
https://www.labs.greynoise.io/grimoire/2024-01-03-snakeyaml-deserialization/
https://www.linkedin.com/pulse/aws-account-security-onboarding-mind-map-artem-marusov-zrpre/
https://tldrsec.com/p/software-supply-chain-vendor-landscape
https://tldrsec.com/p/blog-insecure-development-why-some-product-teams-are-great-and-others-arent
https://tldrsec.com/p/blog-appsec-cali-2019-lessons-learned-from-the-devsecops-trenches
Clint Gibler - How to 10X your security presentation - https://docs.google.com/presentation/d/1lfEvXtw5RTj3JmXwSQDXy8or87_BHrFbo1ZtQQlHbq0/edit?pli=1#slide=id.g6555b225cd_0_1069
https://techbeacon.com/app-dev-testing/how-scale-security-devsecops-4-valuable-mindsets-principles
https://netflixtechblog.medium.com/scaling-appsec-at-netflix-6a13d7ab6043
https://openviewpartners.com/blog/what-is-minimum-viable-security-mvs/#.YhINjt9Bxzo
https://www.jit.io/blog/what-is-minimum-viable-security-mvs-and-how-does-it-improve-the-life-of-developers
https://airwalkreply.com/cloud-services-as-exfiltration-mechanisms
https://arxiv.org/abs/2108.12078
https://www.figma.com/blog/how-we-enforce-device-trust-on-code-changes/
https://www.zoom.com/en/blog/viss-approach-to-vulnerability-impact-scoring/
https://aws.github.io/aws-security-services-best-practices/
https://blog.qualys.com/vulnerabilities-threat-research/2023/12/19/2023-threat-landscape-year-in-review-part-one
https://medium.com/spacelift/18-most-useful-terraform-tools-to-use-in-2023-dabcaa3fb5b1
https://spacelift.io/blog/terraform-tools
https://securitylabs.datadoghq.com/articles/eks-pod-identity-deep-dive/
https://aws.amazon.com/blogs/aws/amazon-eks-pod-identity-simplifies-iam-permissions-for-applications-on-amazon-eks-clusters/
https://www.chrisfarris.com/post/reinvent2023/
https://snyk.io/learn/application-security/measuring-appsec-success/
https://snyk.io/learn/application-security/vulnerability-vs-weakness/
https://snyk.io/learn/application-security/asset-first-application-security/
https://medium.com/spacelift/18-most-useful-terraform-tools-to-use-in-2023-dabcaa3fb5b1
https://ebenamor.medium.com/7-underrated-kubernetes-projects-elevate-your-lab-playground-ac7f47cba347
https://medium.com/@rphilogene/top-10-platform-engineering-tools-you-should-consider-in-2024-892e6e211b85
https://medium.com/4th-coffee/the-new-frontier-in-cybersecurity-embracing-security-as-code-51e5ce62b19e
https://cyb3rops.medium.com/introducing-yara-forge-a77cbb77dcab
https://www.datadoghq.com/state-of-cloud-security/
https://securitylabs.datadoghq.com/articles/misconfiguration-spotlight-imds/
https://aws.amazon.com/blogs/security/get-the-full-benefits-of-imdsv2-and-disable-imdsv1-across-your-aws-infrastructure/
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-metadata-transition-to-version-2.html
https://aws.amazon.com/blogs/security/how-to-create-an-ami-hardening-pipeline-and-automate-updates-to-your-ecs-instance-fleet/
https://securitylabs.datadoghq.com/articles/from_detection_to_enforcement_migrating_from_imdsv1_to_imdsv2/
https://www.youtube.com/watch?v=wru_AyiZdlY
https://tide.org/
https://seifrajhi.github.io/blog/eks-detect-manual-actions/ https://blog.trailofbits.com/2024/01/12/how-to-introduce-semgrep-to-your-organization/
https://boringappsec.substack.com/p/edition-18-the-diminishing-returns
https://tldrsec.com/p/ross-pentesting-qa
https://edu.chainguard.dev/chainguard/chainguard-images/staying-secure/working-with-scanners/false-results/
https://docs.gitlab.com/ee/ci/secrets/
https://boostsecurity.io/blog/opening-pandora-box-supply-chain-insider-threats-in-oss-projects
https://orca.security/resources/blog/kubernetes-testing-environment/