The Top 7 Security Engineering Stories From the Past Week

Why is OAuth still hard in 2023? | Nango Blog

We implemented OAuth for the 50 most popular APIs. TL;DR: It is still a mess.

Nango BlogRobin GuldenerFebruary 23, 2023•12min read

PaperCut CVE-2023-27350 Deep Dive and Indicators of Compromise

PaperCut CVE-2023-27350 Technical Deep-Dive, Indicators of Compromise, and Exploit Proof-of-Concept.

Horizon3.aiZach Hanley

This post covers the methodology of discovering a recent vulnerability based on the security advisory. It looks at the root cause, analyzes the patch, and develops an exploit proof-of-concept.

Google Authenticator now supports Google Account synchronization

Christiaan Brand, Group Product Manager We are excited to announce an update to Google Authenticator , across both iOS and Android, which a…

Google Online Security BlogGoogle

A solution for dealing with lost or stolen devices that had Google Authenticator installed.

GitHub - memorysafety/sudo-rs: A memory safe implementation of sudo and su.

A memory safe implementation of sudo and su. Contribute to memorysafety/sudo-rs development by creating an account on GitHub.

GitHubmemorysafety

WTF is DevSecOps?

Buzzword or shift-left revelation? We dive into the intriguing new world of DevSecOps.

Security Engineering NotebookEran Levy

Preventing SQL Injection: Is WAF Enough?

Probably not TBH

Security Engineering NotebookEran Levy

The Beginner’s Guide to Honeytokens (AKA Canary Tokens)

Get a high-level overview of honeytokens in cybersecurity, with examples.

Security Engineering NotebookEran Levy

The Top 7 Security Engineering Stories From the Past Week

Stuff we found elsewhere

Stuff we wrote

Stuff we found elsewhere

Stuff we wrote

Subscribe to Security Engineering Notebook