🗝️ Security, security, security… Come join us on a talk about security provided by WebAssembly with @nielstanis, or learn about network-level security features in Azure PaaS services by @erwin_staal. 👉 updateconference.net/en #UpdateConference #UpdateConferencePrague #dotnet

Niels Tanis · Oct 9, 2022 · 11:26 AM UTC

Niels Tanis @nielstanis

9 Oct 2022

Hitting the road to travel to Sydney! If you're attending NDC Sydney hope to see you there @NDC_Conferences #NDCSydney

Wicked Pond · Oct 6, 2022 · 2:10 PM UTC

Niels Tanis retweeted

Wicked Pond

@WeldPond

6 Oct 2022

Veracode is shifting container security left in a developer friendly way, scanning for OSS vulns on all layers, configuration (Kubernetes manifests, Helm charts, Pod Security Standards/Policies, Terraform, CloudFormation, AWS CIS 1.2), and secrets. containerjournal.com/feature…

Veracode Adds Container Support to Security Tool for Developers

Veracode is launching an early access program through which it is adding support for containers to its Continuous Software Security Platform.

cloudnativenow.com

Wicked Pond · Oct 5, 2022 · 2:45 PM UTC

Niels Tanis retweeted

Wicked Pond

@WeldPond

5 Oct 2022

I'm looking forward to discussing cyber hygiene and cyber resilience on stage at Microsoft Ignite with @vasujakkal next week. You can sign up for an in person or virtual ticket here: aka.ms/ignite-security-fy23

Erwin Staal · Sep 29, 2022 · 5:18 PM UTC

Niels Tanis retweeted

Erwin Staal @erwin_staal

29 Sep 2022

. @nielstanis on software supply chain attacks at @devNetNoord

devNetNoord · Sep 21, 2022 · 9:16 AM UTC

Niels Tanis retweeted

devNetNoord @devNetNoord

21 Sep 2022

Op 29 september organiseren we weer een #DevNetNoord meetup met vier prachtige sessies, waaronder @nielstanis met zijn sessie ' #Securing your .NET application software #SupplyChain'. Check voor het hele programma en hoe je je kan aanmelden: buff.ly/3JFKMLV #Dotnet

Niels Tanis · Sep 15, 2022 · 5:40 AM UTC

Niels Tanis @nielstanis

15 Sep 2022

techcommunity.microsoft.com/…

Mateusz Krzeszowiec · Sep 5, 2022 · 10:44 AM UTC

Niels Tanis retweeted

Mateusz Krzeszowiec @veryriskyrisk

5 Sep 2022

World's oddly relaxed about recent CSRF bypass in csurf express middleware. It does require cookie tossing which limits the blast radius but for multi-tenant apps using subdomains it could be deadly -> fortbridge.co.uk/research/cs….

laurent · Sep 1, 2022 · 4:26 PM UTC

Niels Tanis retweeted

laurent @lsim99

1 Sep 2022

npm Best Practices for the Supply-Chain is out! openssf.org/blog/2022/09/01/… Thanks everyone who got involved @MylesBorins @ljharb @jeffmendoza @erezrokah @liran_tal @theopenssf and many more!

Niels Tanis · Aug 30, 2022 · 12:07 PM UTC

Niels Tanis @nielstanis

30 Aug 2022

Definitely stoked about the fact I'll be traveling to Sydney in October and doing two sessions at NDC Sydney! I'm going to talk about sandboxing .NET assemblies and of course supply-chain security. ndcsydney.com/speakers/niels… #ndcsydney @NDC_Conferences

Niels Tanis | NDC Sydney 2026

Niels Tanis will be speaking at the NDC Sydney 2026 conference. Come join us. «Sr. Principal Security Researcher at Veracode | Microsoft MVP | International Speaker»

ndcsydney.com

Asankhaya Sharma · Aug 30, 2022 · 2:08 AM UTC

Niels Tanis retweeted

Asankhaya Sharma @asankhaya

30 Aug 2022

We wrote about these issues with matching vulnerabilities based on CPEs almost 7 years ago - veracode.com/blog/managing-a…

Blog | Veracode

Application Security for the AI Era | Veracode

veracode.com

Kent Gruber @KentGruber

29 Aug 2022

Following @lorenc_dan’s thread on vulnerability scanners, I wanted to share what I think is a core problem in this space: CPEs. They’re broken right now, but could be better in the future. 🧵 nvd.nist.gov/Products/CPE

ianlewis@hachyderm.io 🥥🌴 · Aug 30, 2022 · 12:28 AM UTC

Niels Tanis retweeted

ianlewis@hachyderm.io 🥥🌴 @IanMLewis

30 Aug 2022

I'm excited to announce that the SLSA3 Generic Generator for GitHub Actions is now generally available! Generate SLSA provenance for any language or custom Actions workflow and help secure OSS supply chains! slsa.dev/blog/2022/08/slsa-g…

General availability of SLSA3 Generic Generator for GitHub Actions

A few months ago Google and GitHub announced the release of a Go builder that would help software developers and consumers more easily verify the origins of software by using verification files known...

slsa.dev

devNetNoord · Aug 26, 2022 · 9:21 AM UTC

Niels Tanis retweeted

devNetNoord @devNetNoord

26 Aug 2022

Wicked Pond · Aug 18, 2022 · 2:26 PM UTC

Niels Tanis retweeted

Wicked Pond

@WeldPond

18 Aug 2022

"Password expiration requirements do more harm than good, because these requirements make users select predictable passwords" Thank you Microsoft. NIST agrees. Everyone who attacks password auth agrees. Can we get compliance to update their requirements. docs.microsoft.com/en-us/mic…

Password policy recommendations - Microsoft 365 admin

Make your organization more secure against password attacks, and ban common passwords and enable risk-based multifactor authentication.

learn.microsoft.com

429

1,390

Scott Hanselman 🌮 · Aug 16, 2022 · 10:13 PM UTC

Niels Tanis retweeted

Scott Hanselman 🌮

@shanselman

16 Aug 2022

One of the BEST @dotnet tools that more folks don't know about is "dotnet outdated" github.com/dotnet-outdated/d… Why is it amazing? Check this screenshot then thank @coderpatros and @jerriepelser

151

675

Hardik Shah · Aug 13, 2022 · 6:14 AM UTC

Niels Tanis retweeted

Hardik Shah @hardik05

13 Aug 2022

My defcon30 workshop contents available here. fuzzing.in/codelabs/finding_…

109

319