chair6.net

What if we stop treating security testing as a separate thing?

Security-oriented reflections on Rosa's uncontrollability

Attack surface minimization

How some Let's Encrypt renewal failures pointed to an AWS traffic hijacking issue

Mangatepopo to Waihohonu to Whangaehu to Iwikau

What's the word for a large collection of fraudulent web stores?

Using Cosign (and Vault and Fulcio and Rekor) to sign binaries

Scones scones scones

select * from cloud; with Steampipe

Programmatic Terraform config manipulation, Semgrep's autofix, and an example of OSS contribution

Severity ratings should mean something

Automating security things with GitHub Actions

Living the Mitsubishi JB500 dream

Simulated phishing is not so great

Going live with Abridge!

Participating in the GitHub token scanning program

Complement my nets

Startup-friendly security, CI/CD, and continuous assurance

Post-build DOM manipulation with pyquery

Listing O365 group members

Startups and security questionnaires

Generating weekly O365-hosted mailbox statistics

Security is not a binary thing

Host your own git repository

Assessing security posture

Amazon Linux security updates & needs-restarting

Startup security

Security's need to be named

NICUs are amazing

Asynchronous Python with gevent

Productivity inside 13 inches

HIPAA musings

Removing metadata from PDF files