/Security

Dumb Things You Can Sometimes Do With Hard Links

tl;dr: "Here's a very old and stupid trick you could do with some filesystems in some situations back in the day... and might still be able to do in a few places today."

featured in #300

The Dirty Pipe Vulnerability

- Max Kellermann tl;dr: "This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes."

featured in #297

Security For Package Maintainers

- Seth Michael Larson tl;dr: Seth discusses the steps he's taken to ensure that the packages he's developed, notably urllib3, are secure. "I hope that some of the knowledge I've gained along the way can help you secure your own packages as well as inspiring some adversarial security-minded thinking."

featured in #296

SOC 2 and ISO 27001: Why Both is Better

tl;dr: Managing cybersecurity is rough these days. As a scaling business, you've likely been asked to prove your security posture -- and for good reason. More organizations are getting both SOC 2 and ISO 27001 compliant in order to expand their business potential and alleviate security concerns. Learn how this strategy can benefit your business and why it isn't as hard as it might sound.

featured in #294

DevSecOps Maturity Model White Paper

tl;dr: A blueprint for assessing and advancing your organization’s DevSecOps practices to detect vulnerabilities and deliver digital services with more confidence.

featured in #293

Top 10 Hacks Of The Past Decade

tl;dr: This tech paper takes a look at 10 of those hacks, and how Teleport could've mitigated the damage. Teleport was designed around best practices, making it more resilient to such types of threats.

featured in #290

Take Our State of Startup Security Survey

tl;dr: Are you a manager or decision maker in your organization? We want to hear from you! Take our first annual State of Startup Security Survey and (anonymously) share how your organization prioritizes security, what your scaling looks like, and how you unblock startup challenges. 

featured in #288

10 Unknown Security Pitfalls For Python

- Dennis Brinkrolf tl;dr: “We chose pitfalls that we believe are less known in the developer community:” (1) All assert statements are ignored when code is optimised. (2) MakeDirs permissions. (3) Absolute path joins, and more.

featured in #288

5 Best Practices For Securing SSH In 2022

- Catherine Blake tl;dr: From changing the SSH default options to using a bastion host, this is a good reminder of how to boost the security of your infrastructure.

featured in #286

DevSecOps Maturity Model White Paper

tl;dr: A blueprint for assessing and advancing your organization’s DevSecOps practices to detect vulnerabilities and deliver digital services with more confidence.

featured in #281