In a post from 2015,, I write about some of the “Security 101” issues I considered to be fundamental.
Since 2015, I’ve been exposed to several environments where I have seen the same basic security fails.
The Problem Secure file sharing using AWS S3:
I upload a file to an S3 bucket with restricted permissions The client downloads the file and processes it The client uploads the results to the S3 bucket I download the processed file and the transaction is complete I thought setting the permissions on the bucket would be enough.
I’m managing a bug bounty program that has shown tremendous benefit so far. Several findings have been extremely clever, and I’ve been fortunate enough to have good interactions with the vulnerability researchers.
A developer at work asked a general question to the group: “I’m thinking about using either LastPass or 1Password, anything I should know?” As the team’s newest “Security Guy”, I answered with this brief response: