Die Cyber Mühle

aggregiert InfoSec Inhalte

Eyeballer

Give those screenshots of yours a quick eyeballing. Eyeballer is meant for large-scope network penetration tests where you need to find "interesting" targets from a huge set of web-based hosts. https://github.com/bishopfox/eyeballer?utm_source=Unsupervised+Learning+Subscribers&utm_campaign=56...

Se Wi
10 days ago

2017 State of DevOps Report

Over the past six years and more than 27,000 State of DevOps survey responses, we’ve found clear evidence that DevOps practices yield remarkable results for IT teams and organizations. https://puppet.com/resources/whitepaper/state-of-devops-report

Se Wi
2 weeks ago

14. September – Kein Tag wie jeder andere

Kundenauthentifizierung muss seit einigen Tagen Stark sein. https://www.bafin.de/SharedDocs/Veroeffentlichungen/DE/Fachartikel/2019/fa_bj_1909_IT-Aufsicht.html

Se Wi
2 weeks ago

API Security Testing(Part 1)

All the information mentioned in this article are of my personal and aren’t the opinions of my past or present employer. API Security Testing — It’s a little complicated area for a Pen tester on my personal experience. https://medium.com/@saumyaprakashrana_51250/api-security-testing-part-1-b0fc38...

Se Wi
3 weeks ago

redhuntlabs/Awesome-Asset-Discovery

Asset Discovery is the initial phase of any security assessment engagement, be it offensive or defensive. With the evolution of information technology, the scope and definition of assets has also evolved. https://github.com/redhuntlabs/Awesome-Asset-Discovery

Se Wi
a month ago

The Definition of a Green Team

As I talk about in my article on Red, Blue, and Purple Teams, there are many advocating for other team types beyond just those colors. In April Wright’s work—who appears to have started the idea of these alternative team colors—the new ones look like this. https://danielmiessler.com/blog/the-defi...

Se Wi
a month ago

PHPStan – PHP Static Analysis Tool (Discover Bugs In Your Code Without Running It!)

PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code. It moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line...

Se Wi
a month ago

Test Images and Challenges

https://dfir.training/resources/downloads/ctf-forensic-test-images

Se Wi
a month ago

Moving away from spreadsheets: How to automate your third-party risk management process

Spreadsheets are dumb. Okay, it’s not that spreadsheets are dumb, or that the people who use them are dumb. That’s not at all what I’m saying. What’s dumb is using spreadsheets to manage third-party information security risk. https://www.helpnetsecurity.com/2019/08/12/third-party-risk-management-...

Se Wi
2 months ago

Simple Guide to SAML vs OIDC

SAML (Security Assertion Markup Language) and OIDC (OpenID Connect) are the most widely used federation protocols for web based single sign-on. In the case of SAML, the most commonly used flow is Redirect/POST Bindings (SP or IDP initiated) and in the case of OIDC, it is Authorization code flow. ...

Se Wi
2 months ago