Prototype Pollution research, performed with co-authorship by @_nikitastupin in Advanced Security Research team, is nominated to “Top 10 Web Hacking Techniques of 2021”. The opportunity for bug hunter, who found the research insightful, to support authors: https://t.co/HC1mSKAVk4
— Denis Makrushin (@makrushind) January 12, 2022
Designed the “Application Security Fundamentals” course for Information Security students of my alma mater, I’m giving back and together with my friends from industry cultivate the design thinking of next generation alumni: shift the mindset from problem discovery to solution architecture.
Three years after launching, to increase the impact of this course, we made our lectures open to every Russian-speaking student. Just register yourself using the link from the first comment and wait for the announcement of open lecture tomorrow.
The photo illustrates how a typical class looks like – somewhere with laptop. Grab your device, headset and join!
Service-oriented architecture increases technical abilities of attacker to move laterally and maintain multiple pivot points inside of compromised environment. Microservice-based infrastructure brings more challenges for security architects related to internal event visibility and monitoring.
The research paper published by Alexander Barabanov in “Cybersecurity Issues” provides helpful resources to application and product security architects, software, and operation engineers on existing architecture patterns to implement trustworthy logging and audit process in microservice-based environments. We performed threat modeling for typical architecture pattern of logging system, defined threat mitigation strategy, and, as a result, provided bunch of high-level security requirements for audit logging system.
