Intro
Hi everyone!
I hope you have a great weekend. In this edition, I have another portion of materials that you wonโt want to miss!
If you enjoy cutting edge research articles, you will enjoy 8 Million Requests Later: We Made The SolarWinds Supply Chain Attack Look Amateur. This research is focused on abandoned Amazon S3 buckets that can be used to perform supply chain attacks against the entities that still perform requests to deleted buckets.
Furthermore, the Top 10 Web Hacking Techniques of 2024 was released recently. It offers a fascinating set of researches based on community feedback, presenting outstanding vulnerabilities, exploitation techniques and defense mechanisms for web applications.
For security engineers and developers, I recommend to take a look at Googleโs Blueprint for a High Assurance Web Framework which outlines fundamental changes to dev practices by implementing secure by design across web applications developed by Google.
Lastly, it’s worth to take a look at tips presented in Dockerfile Security Best Practices for building secure Docker containers. This guide is a great for anyone looking to strengthen their container security knowledge and best practices.
Enjoy the materials and stay secure!
Materials
๐ต๏ธ 8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur
How abandoned Amazon S3 buckets can be used for supply chain attacks? Researchers from watchTowr demonstrated the shocking ease of launching a supply chain attack using over 150 abandoned S3 buckets. Great research for cybersecurity enthusiasts.
๐ Top 10 web hacking techniques of 2024
What are the top web hacking techniques of 2024? This article presents the community-driven selection of the ten most innovative techniques in web security research, showcasing crucial findings for security professionals and researchers to enhance their understanding of modern web vulnerabilities.
๐งโ๐ All PortSwigger Solutions Repository
This repository contains a collection of solutions for various challenges from the PortSwigger platform, including SQL injection, cross-site scripting, and much more. It’s ideal for security professionals and developers interested in enhancing their web application security skills.
๐ Secure by Design: Google’s Blueprint for a High-Assurance Web Framework
This article presents Google’s approach to “Secure by Design” to minimize web vulnerabilities through a high-assurance framework built on safe coding, adaptability to evolving threats, and continuous security monitoring. This framework automates protections, enhancing security at scale while boosting developer productivity and maintainability. Recommended for developers and security engineers.
๐ Dockerfile Security Best Practices: How to Build Secure Containers
Are you interested in building secure Docker containers? This article outlines essential best practices for crafting a secure Dockerfile, targeting developers and cybersecurity professionals. It covers pitfalls to avoid, such as using unverified base images and hardcoding secrets, while providing solutions to enhance container security and performance.
๐ฐ Level Up Your Open Source Karma (And Your Wallet) by Improving Security
Google’s Patch Rewards Program encourages open source developers to enhance project security by offering financial rewards up to $45,000, especially for memory safety improvements. Developers can earn by submitting accepted security patches to in-scope projects.
๐ ๏ธ SysReptor: Open-source penetration testing reporting platform
Are you looking for a way to streamline penetration testing report creation? This article introduces SysReptor, a customizable platform designed for cybersecurity professionals. It simplifies and automates report generation using Markdown and HTML, allowing for easy PDF conversion. Ideal for penetration testers and security teams.
