Collaborate Disseminate
One can’t secure what they don’t have visibility on. Over the years, we’ve had hundreds of new APIs developed but there is no central place to look at all the endpoints. I am trying to gain visibility on all APIs (including their body/para… Continue reading Gaining visibility on APIs used in an organisation
Too many companies are caught up in security theatrics, overlooking the real cause.
The post What is ‘security theater’ and how can we move beyond it? appeared first on CyberScoop.
Continue reading What is ‘security theater’ and how can we move beyond it?
Most browser extensions I use are utility like tools that do something in the DOM. Like copying HTML tables to Markdown tables, accepting cookie warnings, removing ads, regex find replace et cetera.
With the current news regarding abused b… Continue reading Is there a way to limit browser extension internet access?
I wondered If there are some official/reliable resources to discover statistics regarding new threats and attack vectors generated by GenAI or Large Language Models (LLM) that recently opened a new era and attack surface.
We don’t normally worry about old school viruses breaking out of emulators; but sometimes we worry about targeted exploit code breaking out of emulators.
8086tiny is an 8086/80186 CPU emulator. The active development repository seems to be… Continue reading Is it possible to break out of 8086 tiny from within?
While it is obvious that an attack surface is the sum of all ways the system can be compromised or attack vectors (please correct me if I am wrong here or am not taking something into account), it is not that obvious if an exposed username… Continue reading Does an exposed username increase the attack surface?
As a full-stack cloud-native (AWS, Azure, and GCP) polyglot (Rust, Golang, Python, and Java) microservices developer, the nagging question that I have is if the use of multiple technology frameworks vs single language (e.g., Java) have inc… Continue reading Are polyglot microservices (multiple technologies) more secure than using a single technology framework?
An annual report published today by Sumo Logic, a provider of security tools delivered as a cloud service, highlights the degree to which security has fundamentally shifted in the age of the cloud. Based on an analysis of data culled from more than 2,… Continue reading Sumo Logic Finds Attack Surface Expanding
Although openssh is awesome, I’m interested in exploring some more lightweight FLOSS alternatives to use for connecting to servers I’m administrating (and using alone). Since I only need a minimal set of features (only public-private-key … Continue reading Recommendations on minimal alternatives to openssh
We have a self hosted git server in our company. It is reachable over the internet because our developers work together with external consultants, developers and other persons. Between the internet and the internal server is a reverse prox… Continue reading Does additional SSH access on top of HTTPS improve or harm the security of a self hosted Git server?