just thinking about that post where people got mad that graphql isn’t SQL. like they just thought (1) SQL is good and (2) SQL servers should be publicly accessible

Here's a starter list of things not in CIS top 20, SOC type II, NIST CSF, sp800-53 that absolutely affect your security posture - Slack - Github integrations - a lack of data classification - a lack of risk levels - security events in devops logs - every SaaS not on SSO yours?

I try to live every day with the confidence of a VC bro who just read two articles on a topic and is now a thought leader.

Ellen DaSilva Who just read two titles of articles, gleaned some catchy words, and is now a derivative thought repackager?

thinman Ellen DaSilva ‘DERIVATIVE THOUGHT REPACKAGER.’ yes.

[Special Report] Bot Attacks: Top Threats and Trends cuda.co/botvol1 See al the new findings and insights right now #ApplicationSecurity #Bots

#ransomware negotiations on fire 🔥

Hackers 2: Set in Eastern Europe/Russia, with a group of 20-somethings wearing track suits, driving sports cars, and exchanging Cobalt Strike configs while they pound energy drinks and deal with their annoying FSB contact. Somehow probably not the same cult classic.

also i cannot stress this enough: if your ISP can spy on your traffic, and you use a VPN to avoid that, then whoever is hosting the VPN can spy on exactly the same traffic how much do you trust a random company you've only heard of at all because they gave a youtuber money

Dear Breweries, Not everything has to be a goddamn IPA. IPAs are gross, regardless of what the hipster tells you. It’s not “complex”, it’s hot garbage. Sincerely, 🦝

I’m seeing people publicly share the name and social media links of the compromised #Okta user. Don’t do this. Don’t even look at their LinkedIn. Don’t say their name. Don’t even approach the topic. This could happen to any one of us; the actual user is irrelevant. Be better.

Has anyone identified a relevant web application that is vulnerable to #Spring4Shell attacks? I haven’t. Anyone? If yes, please comment.

This will probably take a lot longer to become mandatory by regulation in India and SE Asia. But why wait? This should be part of Good Governance at least for late stage startups. Investors should mandate this. www-forbes-com.cdn.ampproject.org/c/s/www.forbes…

IPinfo has a range of different plans to suit your unique needs 😄 🧑‍💻Basic plan for teams and devs 📈Standard plan for growing businesses 👔Business plans for extensive data 🤸Custom enterprise plans for flexibility Here's a sample of our different API responses 👇

A Special Giveaway! As security testers, we all appreciate @ipinfoio, yet, have you ever needed access to additional features? ❤️ & RT to be entered into the drawing for 10 Security Tester Plan subscriptions! #osint #dns #recon #infosec #security #bugbounty #redteam #giveaways

The best security is the security that gets implemented, not the security that just gets talked about.

Here's a list of 1000+ job opportunities to look out for! 🙌 A huge thank you to Shreyas Doshi for curating this together🤝 Do share this amongst your network and help folks who have been affected by the recent job crunch in the market❤ Link: docs.google.com/spreadsheets/d…

Adding the right id, instead of the scammer now ICICI Bank Cares