Join us

heartPosts from the community tagged with DevSecOps...
Story
@tutorialboy24 shared a post, 2 years, 8 months ago
tut

Spring Actuator - Stealing Secrets Using Spring Actuators - Part 1:

Amazon Web Services Blogger Bugcrowd InfoSec Writeups

Spring is a set of frameworks for developing Applications in Java. It is widely used, and so it is not unusual to encounter it during a security audit or penetration test. One of its features that I recently encountered during a Whitebox audit is actuators. In this series of articles, I will use the..

Blue Sky Photocentric Youtube Channel Art.png
Story
@tutorialboy24 shared a post, 2 years, 8 months ago
tut

Turning cookie based XSS into account takeover

Amazon Web Services Blogger Bugcrowd Firebase JavaScript Infovis Toolkit

EpilogueI reported the exploitation scenario and was rewarded €500, as the impact was high. Be patient, don’t give up, and think out of the box. In this case, I used the company’s service to exploit the bug.Source :- https://tutorialboy24.blogspot.com/2022/09/turning-cookie-based-xss-into-account.ht..

xss.png
Dev Swag
@ByteVibe shared a product

Sudo - Developer T-Shirt

#developer  #merchandise  #swag 

You've now found the staple t-shirt of your wardrobe: With Great Power Comes Great Responsibility This tee sits nicely, maintains sharp lines around the edges, and goes perfectly with layered streetwe...

Ad
www.faun.dev shared an ad

#ad  #sponsored 
Story
@tutorialboy24 shared a post, 2 years, 8 months ago
tut

Exploiting Amazon Simple Notification Service Improper Validation of SigningCertUrl

Amazon Associates Amazon EC2 Amazon Web Services Blogger Amazon CloudWatch

IntroductionCountless applications rely on Amazon Web Services’ Simple Notification Service for application-to-application communication such as webhooks and callbacks. To verify the authenticity of these messages, these projects use certificate-based signature validation based on the SigningCertURL..

v (1).png
Story
@boldlink shared a post, 2 years, 11 months ago
AWS DevOps Consultancy, Boldlink

Adopting DevSecOps

AWStats AWS EKS AWS CloudFormation AWS CodePipeline Agile Stacks DevOps Automation Platform

What is DevSecOps?DevSecOps refers to integrating security objectives as early as possible in a DevOps software delivery model. In DevsecOps, security is introduced as a shared responsibility from the beginning to the end of the software development lifecycle.DevSecOps also includes automating some ..

DevOps 7.jpg
Story
@boldlink shared a post, 3 years, 1 month ago
AWS DevOps Consultancy, Boldlink

AWS Security Intro – 4. Data

AWStats AWS EKS AWS CloudFormation AWS CodePipeline AWS API Gateway

When it comes to Data, we understand that misconfigurations can expose your data to be exposed or exploited against our customers. But if guided in the correct way to use the best solutions on AWS, they can avoid the misconfigurations and pitfalls of having an abundance of choices on AWS.AWS Shared ..

Dev Swag
@ByteVibe shared a product

I Are Programmer I Make Computer Beep Boop Beep Beep Boop - Developer / Programmer / Software Engineer Kiss Cut Sticker

#developer  #merchandise  #swag 

👨‍🚀 ByteVibe, a space out of space 👨‍🚀 ─ ✅ White or transparent✅ Durable color / long lasting✅ Durable material✅ Vibrant colors✅ Grey adhesive left side for white stickers✅ 100% vinyl with 3M glue✅ Gl...

Story
@muhammadali642 shared a post, 3 years, 4 months ago
Marketing

NIST’s DevSecOps guidance: This is what you should know

The NIST DevSecOps guide publication critically highlights technical security rudiments for industry-level DevSecOps integrating with cloud-native applications based on micro-services.

Story BridgeCrew Team
@bridgecrewio shared a post, 3 years, 5 months ago

2022 Prediction: DevSecOps will cross the chasm

We’ve been talking about DevSecOps and shift-left security for years. Although this approach probably didn’t “cross the chasm” in 2021, we did see some very telling milestones.

Screen Shot 2022-01-27 at 1.18.22 PM.png
Ad
www.faun.dev shared an ad

#ad  #sponsored 
Story BridgeCrew Team
@bridgecrewio shared a post, 3 years, 5 months ago

The key to DevSecOps success: Cross-team knowledge sharing

A good DevSecOps strategy goes beyond having the right tools and processes in place: it requires consistent and crucially, bi-directional feedback and learning. Both security and engineering teams have such different priorities and strengths, but that doesn’t mean they don’t have anything to learn from each other. This year, make it a resolution to create a culture of bi-directional learning between these two teams and reap the benefit of improved collaboration. Here are the top things one can learn from the other to break down silos in the name of DevSecOps.

Screen Shot 2022-01-27 at 1.21.04 PM.png
Story
@dijodaiju shared a post, 3 years, 5 months ago

DevOps & DecSecOps Roadmap [From beginner to an expert]

Docker Python Kubernetes

In this blog, I will be explaining the path that I’m following in my DevOps journey.

1_8gEzJZTTMYr_ObyJHk1Mjw (1).png
Story BridgeCrew Team
@bridgecrewio shared a post, 3 years, 5 months ago

5 Ways to Configure a Monorepo for DevSecOps Efficiency

git

Monorepos—or the use of a single repository for every part of an application—have been around since before git was invented in 2005.

Screen Shot 2022-01-27 at 1.22.32 PM.png
loading...