The following web application security questions and answers (mostly focused on web app hacking) are part of a series from my social media. The answers are hidden by default so you can practice answering them …
Continue readingAuthor: severin
Conditional Access – Common Microsoft 365 Security Mistakes Series
Conditional Access (CA) is front and center of any attempt to secure Microsoft 365. https://campbell.scot/conditional-access-common-microsoft-365-security-mistakes-series/
Continue readingCloud storage security: What’s new in the threat matrix
Today, we announce the release of a second version of the threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services. …
Continue readingStrategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD pipelines
Cloud-native applications are made up of multiple loosely coupled components called microservices. https://csrc.nist.gov/pubs/sp/800/204/d/ipd
Continue readingSAMATE
Welcome to the Software Assurance Metrics And Tool Evaluation (SAMATE) Website! Software assurance is a set of methods and processes to prevent, mitigate or remove weaknesses and vulnerabilities and ensure that software functions as intended. …
Continue readingRevisiting Traditional Security Advice for Modern Threats
Modern attacks targeting supply chains, using zero-day exploits, and exploiting vulnerabilities in security appliances have been flooding newsrooms, boardrooms and threat reports in recent months. https://www.mandiant.com/resources/blog/traditional-advice-modern-threats
Continue readingWho Will AI Help More—Attackers or Defenders?
👀 Continous Intelligent Monitoring and Analysis: Doing security at scale requires software. There are too many events and policies and constantly-evolving situations to handle things properly using just humans. And even SIEMs put most of the …
Continue readingOPENCYBER-FR/RustHound
RustHound SummaryLimitation Description Usage Demo How to compile it? Linux x86_64 static version Windows static version from Linux How to build documentation? Roadmap Links Limitations Not all SharpHound features are implemented yet. Please refer to …
Continue readingTU Graz liefert internationalen Kryptographie-Standard
Das US-amerikanische National Institute of Standards and Technology (NIST) hat den an der TU Graz entwickelten Algorithmus “Ascon” zum internationalen Standard für Lightweight Cryptography erklärt. https://science.apa.at/power-search/14057194440293097084
Continue readingThe Attackers Guide to Azure AD Conditional Access
Conditional Access is one of Microsoft’s most powerful security features and the central engine for their zero trust architecture. https://danielchronlund.com/2022/01/07/the-attackers-guide-to-azure-ad-conditional-access/
Continue reading