Hardening GitHub Actions: Lessons from Recent Attacks | Wiz Blog

devops security sysadmin

Intuiting TLS | protty

cryptography security

CaMeL offers a promising new direction for mitigating prompt injection attacks

ai security

whose github actions am I running?

devops security

Avoiding downtime: modern alternatives to outdated certificate pinning practices

cryptography security

AnarSec | Make Your Electronics Tamper-Evident

security

CandyCodes: simple universally unique edible identifiers for confirming the authenticity of pharmaceuticals | Scientific Reports

security

Thinkst Canary

security

You shouldn’t be running NSA grade wifi at home. Here’s how to do it.

cryptography hardware networking security

Simple OIDC Tutorial

python security

zitadel/oidc: Easy to use OpenID Connect client and server library written for Go and certified by the OpenID Foundation

golang security

Building cross-cloud identity federation in Go for secure data sharing

devops golang security

Pathways to Best Cloud Security Posture Review in GCP | by BRK0018 | Medium

devops security

Perfectly Reproducible, Verified Go Toolchains - The Go Programming Language

devops golang security

Unlocking LUKS2 volumes with TPM2, FIDO2, PKCS#11 Security Hardware on systemd 248

linux security sysadmin yubikey

patte/fly-tailscale-exit: Run a VPN with global exit nodes with fly.io, tailscale and github!

linux security sysadmin

The problem with OAuth for Authentication. | Thread Safe

security

Why is OAuth still hard in 2023? | Nango Blog

security

How to test and validate DNSSEC using dig command line - nixCraft

networking security sysadmin

patte/fly-tailscale-exit: Run a VPN with global exit nodes with fly.io, tailscale and github!

security sysadmin

Announcing session recording for Tailscale SSH in beta

security sysadmin

OPA Series Part 1: Open Policy Agent and Terraform | Scaling Terraform | scalr

devops security terraform

SourceCode-AI/aura: Python source code auditing and static analysis on a large scale

python security

Ceremonial Security and Cargo Cults

compliance security

introducing flan scan Cloudflare’s network intrusion detection scanner.

security sysadmin

fleet

security sysadmin

secure

django python security

A short overview of Passkeys, and how to use them to secure your infra

security

Elixir/Phoenix Security: Rate Limits for Authentication with Hammer

elixir security

nccgroup/sobelow: Security-focused static analysis for the Phoenix Framework

elixir security

Shun keeps your HTTP secrets safe

elixir security

Securing Elixir/Phoenix Applications: 5 Tips to Get Started

elixir security

terraform-linters/tflint-ruleset-opa: Experimental: TFLint ruleset plugin for writing custom rules in Rego.

devops security terraform

Enforce and validate AWS tags with Atlantis OPA Terraform | by Wendell | Jan, 2023 | Medium

devops security terraform

Navigating Safety: A Beginner’s Guide to Implementing Terraform Guardrails with OPA

devops security terraform

Cloud Governance Using Infrastructure as Code

devops security terraform

How Early-Stage Startups Can Enlist The Right Amount of Security As They Grow | First Round Review

security

stripe/smokescreen: A simple HTTP proxy that fogs over naughty URLs

distributed systems golang security

checkov

IaC compliance checker.

devops security

My age YubiKeys Password Management Solution

security sysadmin yubikey

xdg credentials portal - FIDO over DBUS

linux security

Lockout Tagout

resilience security

I hate software: Why CVE-2022-3602 was not detected by fuzz testing

cryptography security

Microservice Security Design Patterns for Kubernetes (Part 1) - Brazil’s Blog

kubernetes security