Denis Makrushin
  • Blog
  • Research
Denis Makrushin
  • Academynew
  • About
Blog

Исследование: больше 1000 GitHub-репозиториев уязвимы к RepoJacking

by Denis Makrushin February 4, 2024
February 4, 2024
TwitterLinkedinVKTelegram
Blog

Как провести свое первое security-исследование

by Denis Makrushin August 8, 2023

На­чало года — это еще и начало сезона под­готов­ки дип­ломных работ. А это зна­чит, что у меня нас­тупа­ет сезон фор­мулиро­вания тем для сту­ден­тов факуль­тетов и кафедр информа­цион­ной безопас­ности в ведущих вузах. Я соб­рал свои рекомен­дации и лай­фха­ки для под­готов­ки тво­его пер­вого ИБ‑иссле­дова­ния.

Continue Reading
August 8, 2023
TwitterLinkedinVKTelegram
Research

Dev Sec Oops: how agile security increases attack surface

by Denis Makrushin June 9, 2023

If you ask a product security engineer, what is the main entry point for an organization’s adversary to gain access to their crown jewels, he would answer: “a human.” He most likely means those employees with a low level of security awareness. In today’s reality, security engineers are the guards of employees’ security-related code of conduct. But who guards the guards?

Based on real scenarios of supply chain attacks, we’ve performed for various software developing companies, we demonstrated the weakest points of the “Agile Security” paradigm in software development lifecycle and redefine Code of Conduct for product security.

The research is presented at OWASP Israel.

June 9, 2023
TwitterLinkedinVKTelegram
Load More Posts

Join Telegram Channel

  • Twitter
  • Linkedin
  • Vk
  • Telegram

@ 2009. Denis Makrushin


Back To Top
Denis Makrushin
  • Blog
  • Research
Denis Makrushin
  • Academynew
  • About