security
4 Posts
Leveraging AWS Lambda to notify users about their old access keys
I love to spend time trying to automatize out boring part of my job. One of these boring side is remembering people to rotate AWS Access Keys, as suggested also by AWS in their best practices.…
My year on HackerOne
This year I spent some of my free time doing bug bounties over HackerOne. Here a summary of what I did, how did it go, and what I want to do in the future.…
Responsible disclosure: improper access control in Gitlab private project.
As I said back in September regarding a responsible disclosure about Facebook, data access control isn’t easy. While it can sound elementary, it is very difficult, both on a theoretical side and on a practical side.…
Responsible disclosure: retrieving a user's private Facebook friends.
Data access control isn’t easy. While it can sound quite simple, it is very difficult, both on a theoretical side and on a practical side.…