Hey Clint Gibler we're missing you and your awesome newsletter on bluesky! I put together a starter pack for web security to make bootstrapping easier: bsky.app/starter-pack-s…

I put together a list of folks passionate about web security and related topics I follow on bluesky to stay on top of cool web bugs, web platform security features and fixes go.bsky.app/Uf8dZhz Please share, join us there or comment if know someone who should be on that list

More than 200 new followers overnight on bluesky 🚀

Web security starter pack is in good shape now and includes many amazing folks passionate about web security like terjanq or Tanya Janca | Shehackspurple: go.bsky.app/Uf8dZhz Please share and recommend folks passionate about web security so we can get this community started there 🙂

Another great #infosec starter pack on #bluesky! Thanks, Lukas Weichselbaum 🙌

This is one of my favorite things about Google's security team, getting to work on security exercises like this is unimaginably exciting

Building secure web apps shouldn't be a burden. We've built a high-assurance web framework at Google that makes security easy for developers. Learn about our "Secure by Design" approach and how it works in our new blog post: bughunters.google.com/blog/664431627… cc: David Dworken

"This blog post aims to provide a detailed blueprint for how Google has created and deployed a high-assurance web framework that almost completely eliminates exploitable web vulnerabilities." bughunters.google.com/blog/664431627…

This is a great example of secure by design through a framework-centric approach to security. The key idea is to build high-level frameworks that abstract away and address as many security risks as possible to make security better by default and as easy as possible for apps.

Developers, tired of DOM XSS in your web applications? 😩 We were too. See how we refactored our code to solve Trusted Types violations in Gmail & AppSheet. Your guide to a safer web is here! bughunters.google.com/blog/585078655…

Ryan Barnett (B0N3) Akamai Security Intelligence Group This reminds me of this cool paper from Google I read years back. The best possible resource for understanding common pitfalls in CSP dl.acm.org/doi/pdf/10.114…

Safari Tech Preview 215: Added support for Trusted Types 🎉 webkit.org/blog/16523/rel…

One of my teams at Google, 𝗔𝗜 𝗔𝗴𝗲𝗻𝘁 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆, is expanding in 𝗭𝘂𝗿𝗶𝗰𝗵 🇨🇭and 𝗡𝗲𝘄 𝗬𝗼𝗿𝗸 🇺🇸. We're looking for 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗘𝗻𝗴𝗶𝗻𝗲𝗲𝗿𝘀 with experience in attacking and securing AI/ML systems. DMs open.

🚨 Heads up for web devs! 🚨 The HTML spec just got an important update to protect against mutation XSS (mXSS). Find out how escaping < and > in attributes is making the web a safer place. bughunters.google.com/blog/503874286…

Here's my blog post about escaping `<>` in attributes and why it makes mXSS harder to exploit!

Google CTF is on! Here's a challenge that I created: capturetheflag.withgoogle.com/challenges/web…. Good luck 😀

We published a blogpost about SafeContentFrame - a library for rendering untrusted content inside an iframe. The library is a big party of what I've been up to in the few last years! Check out the blog and take a slice of my birthday cake 🎂! bughunters.google.com/blog/671552987…

¡Hola from init.g(mexico) we are LIVE! Crazy excited to meet all the incredible students who joined init.g(mexico) today! Very much looking forward to seeing how these bright minds can shape the security industry of tomorrow! Let the learning and hacking begin! init.g() { return

Thank you andresmtz! It was truly a pleasure to get to know you all!