home.social

#ssdlc — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #ssdlc, aggregated by home.social.

  1. Утопали в дефектах, пока собирали «единое окно»

    «У нас было два пакета findings SAST’а, семьдесят пять CVE с критичностью — Critical, пять дублей одной и той же CVE в разных сервисах, пол солонки false positive и целая россыпь уязвимостей всех сортов и расцветок: SQLi, XSS, SSRF, RCE, IDOR, утекшие секреты, misconfigs в Kubernetes, написанные человеком, который явно не планировал дожить до аудита. Кроме того, у нас были изменения, сгенерированные AI-ассистентами, забытые исключения в проверках доступа, временные обходные решения, давно ставшие частью архитектуры, два отчета пентеста, тысячи задач и дашборд, который краснел так, будто видел все наши будущие инциденты сразу. Не то чтобы это был необходимый запас для управления безопасностью приложений, но если уж ты решил строить ASPM через агрегацию всего подряд, рано или поздно ты оказываешься именно в такой машине — на полной скорости, без карты, с разработчиками на заднем сидении, которые только и спрашивают: “Что из этого реально надо исправлять?”». Всем привет! Меня зовут Артем Пузанков, я руководитель отдела консалтинга безопасной разработки в Бастионе. Сегодня хотелось бы порефлексировать с вами про управление состоянием безопасности приложений, ASPM, AI-generated код и AppSec. Эта статья о том, почему будущее ASPM не в том, чтобы собрать все дефекты в «единое окно», а в том, чтобы сопоставить обнаруженные находки, проверить достижимость и отделить реальные угрозы от шума (читай технического долга).

    habr.com/ru/companies/bastion/

    #aspm #devsecops #application_security #ssdlc #безопасная_разработка #информационная_безопасность #AI_в_кибербезопасности #управление_уязвимостями #безопасность_приложений

  2. Чем занимается DevSecOps? Обзор инструментов

    В материале мы разберемся, чем на практике занимается DevSecOps, какие инструменты используются в повседневной работе. Поговорим об SSDLC и откуда в этой аббревиатуре появилось слово «Security», а также в какой момент проекту стоит задуматься о внедрении безопасного жизненного цикла разработки. Отдельно остановимся на том, как внедрять SSDLC без вреда для проекта и обсудим чек-лист оценки зрелости. Погрузимся в облако тегов DevSecOps, разберем ключевые практики и инструменты, а также поговорим о том, что делать после того, как все эти процессы уже внедрены.

    habr.com/ru/companies/ctsg/art

    #devsecops #ssdlc #информационная_безопасность #оценка_зрелости #sast #dast #container_security #asoc #osa #sbom

  3. Professional Refinement - Passing CompTIA Security+ (2023)

    youtube.com/watch?v=BRQ-uILXAg

    This episode is about the author's study process for passing the foundational Cyber Security "CompTIA Security+" exam in 2023. It's all about the timeframe, study materials and the live testing approach. One book has the knowledge. Another book has the tests. An online course compliments this. Answering a couple thousand quizz questions helps. Making mind maps assists in weaving sense from the realm of computing machines which themselves are interconnected as part of their existence, so in a way this helps make the theory real, because it is founded on what is known about reality through physics.

    #BitcoinSecurityMaps #meshcode #BSM #MattyK #cyberpowertelenoia #theskyishigh #civilianintelligence #MindMaps #Security #CyberSecurity #culture #intelligence #civilian #certification #professional

    #InfoSec #Information #Technology #Computing #Software #Digital #DigitalLiteracy #cypherpunk #appsec #WebAppSec #Testing #EthicalHacking #BugBounty #DevSecOps #SSDLC #SecurityOperations #CompTIA

    #aspie #asperger #autism #neuro #neurodiverse #nontypical #neuronontypical #neurotuypical #atypical #neuroatypical #ET #elf #lightworker #magic #wizard

    #attune #state #consciousness #subconscious #realm #sphere #dimension #layer #level #point #attention #beinghuman #time #freedom #privacy #anonymity #peace #justice #value #clarity #safety #alignment #coordination #disclosure #harmony #holistic #ecosystem #ecology #thriving #sacred #sustainability

  4. Professional Refinement - Passing CompTIA Security+ (2023)

    youtube.com/watch?v=BRQ-uILXAg

    This episode is about the author's study process for passing the foundational Cyber Security "CompTIA Security+" exam in 2023. It's all about the timeframe, study materials and the live testing approach. One book has the knowledge. Another book has the tests. An online course compliments this. Answering a couple thousand quizz questions helps. Making mind maps assists in weaving sense from the realm of computing machines which themselves are interconnected as part of their existence, so in a way this helps make the theory real, because it is founded on what is known about reality through physics.

    #BitcoinSecurityMaps #meshcode #BSM #MattyK #cyberpowertelenoia #theskyishigh #civilianintelligence #MindMaps #Security #CyberSecurity #culture #intelligence #civilian #certification #professional

    #InfoSec #Information #Technology #Computing #Software #Digital #DigitalLiteracy #cypherpunk #appsec #WebAppSec #Testing #EthicalHacking #BugBounty #DevSecOps #SSDLC #SecurityOperations #CompTIA

    #aspie #asperger #autism #neuro #neurodiverse #nontypical #neuronontypical #neurotuypical #atypical #neuroatypical #ET #elf #lightworker #magic #wizard

    #attune #state #consciousness #subconscious #realm #sphere #dimension #layer #level #point #attention #beinghuman #time #freedom #privacy #anonymity #peace #justice #value #clarity #safety #alignment #coordination #disclosure #harmony #holistic #ecosystem #ecology #thriving #sacred #sustainability

  5. Professional Refinement - Passing CompTIA Security+ (2023)

    youtube.com/watch?v=BRQ-uILXAg

    This episode is about the author's study process for passing the foundational Cyber Security "CompTIA Security+" exam in 2023. It's all about the timeframe, study materials and the live testing approach. One book has the knowledge. Another book has the tests. An online course compliments this. Answering a couple thousand quizz questions helps. Making mind maps assists in weaving sense from the realm of computing machines which themselves are interconnected as part of their existence, so in a way this helps make the theory real, because it is founded on what is known about reality through physics.

    #BitcoinSecurityMaps #meshcode #BSM #MattyK #cyberpowertelenoia #theskyishigh #civilianintelligence #MindMaps #Security #CyberSecurity #culture #intelligence #civilian #certification #professional

    #InfoSec #Information #Technology #Computing #Software #Digital #DigitalLiteracy #cypherpunk #appsec #WebAppSec #Testing #EthicalHacking #BugBounty #DevSecOps #SSDLC #SecurityOperations #CompTIA

    #aspie #asperger #autism #neuro #neurodiverse #nontypical #neuronontypical #neurotuypical #atypical #neuroatypical #ET #elf #lightworker #magic #wizard

    #attune #state #consciousness #subconscious #realm #sphere #dimension #layer #level #point #attention #beinghuman #time #freedom #privacy #anonymity #peace #justice #value #clarity #safety #alignment #coordination #disclosure #harmony #holistic #ecosystem #ecology #thriving #sacred #sustainability

  6. Web App Security Testing Series: RECON Foundations - INTRO

    youtube.com/watch?v=T5NLyAC2XG

    ARTICLE:
    medium.com/cyberpower-telenoia

    AUDIO:
    serve.podhome.fm/episodepage/b
    youtube.com/watch?v=T5NLyAC2XG

    This introductory episode to Recon covers foundational theory including tactics, techniques and actual command-line procedures. From manual passive indirect information gathering to automated scans and into stealth packet manipulation. Examples are given of this particular first stage of a Vulnerability Assessment in a sequential manner in order to enhance the effectiveness of mapping the attack surface of the target web application.

    The amount of times my eyebrow reacts to my voice is remarkable within the first minute. Recording myself helps me continue to work on this.

    #BitcoinSecurityMaps #meshcode #BSM #MattyK #cyberpowertelenoia #theskyishigh #civilianintelligence #MindMaps
    #Security #CyberSecurity #WebAppSec #AppSec #Recon #Vulnerability #Risk #Assessment #Analysis #Advisory #Bitcoin #BTC #culture #intelligence #civilian

    #InfoSec #Information #Technology #Computing #Software #Digital #DigitalLiteracy #System #P2P #cypherpunk #appsec #WebAppSec #Recon #Reconnaissance #Testing #EthicalHacking #BugBounty #DevSecOps #SSDLC #Pentest #SecurityOperations

    #aspie #asperger #autism #neuro #neurodiverse #nontypical #neuronontypical #neurotuypical #atypical #neuroatypical #ET #elf #lightworker #magic #wizard

    #attune #state #consciousness #subconscious #realm #sphere #dimension #layer #level #point #attention #beinghuman #time #freedom #privacy #anonymity #peace #justice #value #clarity #safety #alignment #coordination #disclosure #harmony #holistic #ecosystem #ecology #thriving #sacred #sustainability

  7. Web App Security Testing Series: RECON Foundations - INTRO

    youtube.com/watch?v=T5NLyAC2XG

    ARTICLE:
    medium.com/cyberpower-telenoia

    AUDIO:
    serve.podhome.fm/episodepage/b
    youtube.com/watch?v=T5NLyAC2XG

    This introductory episode to Recon covers foundational theory including tactics, techniques and actual command-line procedures. From manual passive indirect information gathering to automated scans and into stealth packet manipulation. Examples are given of this particular first stage of a Vulnerability Assessment in a sequential manner in order to enhance the effectiveness of mapping the attack surface of the target web application.

    The amount of times my eyebrow reacts to my voice is remarkable within the first minute. Recording myself helps me continue to work on this.

    #BitcoinSecurityMaps #meshcode #BSM #MattyK #cyberpowertelenoia #theskyishigh #civilianintelligence #MindMaps
    #Security #CyberSecurity #WebAppSec #AppSec #Recon #Vulnerability #Risk #Assessment #Analysis #Advisory #Bitcoin #BTC #culture #intelligence #civilian

    #InfoSec #Information #Technology #Computing #Software #Digital #DigitalLiteracy #System #P2P #cypherpunk #appsec #WebAppSec #Recon #Reconnaissance #Testing #EthicalHacking #BugBounty #DevSecOps #SSDLC #Pentest #SecurityOperations

    #aspie #asperger #autism #neuro #neurodiverse #nontypical #neuronontypical #neurotuypical #atypical #neuroatypical #ET #elf #lightworker #magic #wizard

    #attune #state #consciousness #subconscious #realm #sphere #dimension #layer #level #point #attention #beinghuman #time #freedom #privacy #anonymity #peace #justice #value #clarity #safety #alignment #coordination #disclosure #harmony #holistic #ecosystem #ecology #thriving #sacred #sustainability

  8. Web App Security Testing Series: RECON Foundations - INTRO

    youtube.com/watch?v=T5NLyAC2XG

    ARTICLE:
    medium.com/cyberpower-telenoia

    AUDIO:
    serve.podhome.fm/episodepage/b
    youtube.com/watch?v=T5NLyAC2XG

    This introductory episode to Recon covers foundational theory including tactics, techniques and actual command-line procedures. From manual passive indirect information gathering to automated scans and into stealth packet manipulation. Examples are given of this particular first stage of a Vulnerability Assessment in a sequential manner in order to enhance the effectiveness of mapping the attack surface of the target web application.

    The amount of times my eyebrow reacts to my voice is remarkable within the first minute. Recording myself helps me continue to work on this.

    #BitcoinSecurityMaps #meshcode #BSM #MattyK #cyberpowertelenoia #theskyishigh #civilianintelligence #MindMaps
    #Security #CyberSecurity #WebAppSec #AppSec #Recon #Vulnerability #Risk #Assessment #Analysis #Advisory #Bitcoin #BTC #culture #intelligence #civilian

    #InfoSec #Information #Technology #Computing #Software #Digital #DigitalLiteracy #System #P2P #cypherpunk #appsec #WebAppSec #Recon #Reconnaissance #Testing #EthicalHacking #BugBounty #DevSecOps #SSDLC #Pentest #SecurityOperations

    #aspie #asperger #autism #neuro #neurodiverse #nontypical #neuronontypical #neurotuypical #atypical #neuroatypical #ET #elf #lightworker #magic #wizard

    #attune #state #consciousness #subconscious #realm #sphere #dimension #layer #level #point #attention #beinghuman #time #freedom #privacy #anonymity #peace #justice #value #clarity #safety #alignment #coordination #disclosure #harmony #holistic #ecosystem #ecology #thriving #sacred #sustainability