Pointer·4yThe Open Source Security Platform
Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, and cloud-based environments. Wazuh has been fully integrated with the Elastic Stack, providing a search engine and data visualization tool.
Hacker News·4ySMS phishing is way too easy
SMS has a sender ID which is set by the sender, requires no identity verification. This allows anyone to send messages to any number, identifying themselves as whoever they want to impersonate. Phones should warn users of non-verified sender IDs. Companies should stop sending URLs over SMS.
The New Stack·4yWhat Is Zero Trust Architecture?
Zero Trust Architecture (ZTA) builds on the foundational principles of zero trust security as defined by the National Institute of Standards and Technology. NIST recommends a focus on users, assets, and resources rather than traditional network boundary defenses. Identifying critical corporate information and how a user gains access to that information must be taken into consideration.
Pointer·4yPlasmoHQ/plasmo: The browser extension framework
The Plasmo Framework is a battery-packed browser extension SDK made by hackers for hackers. It's like Next.js for browser extensions! Features include React + Typescript, live-reloading, remote code bundling, auto-generation, and automated deployment.
InfoSec Write-ups·4yVulnerabilities in JS based Applications
Developers are increasingly gravitating toward frameworks that are written in JavaScript. There are still a lot of vulnerabilities that can be made vulnerable to. In this blog post we shall be going through a few of the vulnerabilities that you can check in a JS based framework. Vulnerabilities in JS based Applications: XSS, CSRF, SQL Injection.
Product Hunt·4ySteampipe - Open source SQL interface to your favorite cloud APIs🧑💻
select * from AWS, Azure, GCP, Github, Slack etc. Open source project from Turbot, empowers cloud pros to query cloud. Steampipe: select * from cloud; select ‘*’ from any cloud service. The extensible SQL interface to your favorite cloud APIs is free and open source.
Hacker News·4yCloudflare - The Web Performance & Security Company
Cloudflare for Infrastructure is a complete solution to enable this for anything connected to the Internet. Protect your Internet presence. Your website, APIs, and applications are your key channels for doing business with your customers. As more and more shift online, ensuring these resources are secure, performant and reliable is a business imperative.
The Hacker News·4yMIT Researchers Discover New Flaw in Apple M1 CPUs That Can't Be Patched
A novel hardware attack dubbed PACMAN has been demonstrated against Apple's M1 processor chipsets. The vulnerability is rooted in pointer authentication codes (PACs), a line of defense introduced in arm64e architecture. PACs aim to solve a common problem in software security, such as memory corruption vulnerabilities.
Codemotion·4yGolden Rules for Combining Front-end Security and UI
When building web applications, security is a key part of the development process. Validation allows the app to determine if the inputs typed by the user and the operations they are performing are correct. This article looks at how to enforce front-end validation, improving the user experience through five simple, but powerful, rules.
DZone·4yIs NoOps the End of DevOps?
NoOps aims to make app deployments faster and smoother, with a focus on continuous improvement. NoOps uses serverless and PaaS to get the resources they need when they need them. There are advantages and challenges when considering a DevOps vs. a true NoOps approach.