owasp

I’m thrilled to announce that @m1guelpf and I just launched our product Enlightn, a tool that boosts your Laravel app’s performance & security!

It has 120 checks:
🚀 34 performance checks
🛡️ 45 security checks
✅ 41 reliability checks
Check it out here: https://www.laravel-enlightn.com/

Looking for an architecture-focused learning path? I like this list of book suggestions from @ghohpe ... https://architectelevator.com/architecture/architect-bookshelf/

Let's talk about PassRole. That pesky privilege escalation vector. I wrote a blogpost explaining the work we did @ErmeticSec to create a list of AWS actions that require PassRole and parameters denoting roles: https://ermetic.com/whats-new/blog/auditing-passrole-a-problematic-privilege-escalation-permission/
Highlights in thread, list in next reply.
1/11

My 3rd annual "AWS Security Maturity Roadmap" is out! This is my guide for the steps to securely run on AWS. See what changed this year and download it at https://summitroute.com/blog/2021/01/12/2021_aws_security_maturity_roadmap_2021/

Learn how to detect threats using Graylog Pipelines, from Recon InfoSec CTO, @eric_capuano . In this series, he covers normalization, enrichment, threat detection/escalation, & alerting.

Part 1 - https://hubs.la/H0Djtbb0
Part 2 - https://hubs.la/H0DjtyN0

#infosec