My talk "Preventing subdomain takeover with OWASP Domain Protect" at OWASP Global AppSec Dublin 2023 is now online.
0 Comments
Join me at OWASP Global AppSec Dublin to hear how an OVO Energy bug bounty program led to the creation of OWASP Domain Protect and prevented subdomain takeover
Domain Protect is now officially an OWASP project! Paul demonstrated prevention of subdomain takeovers using Domain Protect, at the OWASP London Chapter Meetup in December 2022. A video of the presentation is now online.
Discover 3 actionable security improvements for AWS at the DevSecOps London Meetup on 24 August. Ditch the bastions, delete that privileged CI/CD IAM user, and stop CloudFront bypass. Do it now!
In each case, I'll explore the security impact, demonstrate a practical solution, and provide open-source infrastructure-as-code examples. In April 2022, Microsoft announced its first ever expert level security certification - Microsoft Certified: Cybersecurity Architect. To be awarded the certification, one of the requirements is to pass the new SC-100 exam, which became generally available July 2022. I took the SC-100 exam while it was in its Beta phase in May. Click "Read More" to see how I prepared.
My recent SANS CloudSecNext 2022 talk and live demo now online! Chatting with Ashish Rajan on his Cloud Security Podcast about Zero Trust using Microsoft 365 and Azure security services I'll be giving the first public presentation and live demo of our open source tool Domain Protect at SANS CloudSecNext virtual summit 2022, 3 - 4 May, free to register here.
My first in-person talk since Security BSides 2019!
Which cloud provider has the best security services and features - AWS, Azure or GCP? Find out at (ISC)² SECURE London with demos of all three platforms, opinionated award ceremonies, and time for questions or controversy We’ve updated our open source tool Domain Protect to include optional automated takeover of vulnerable subdomains, see my blog post OVO vs Bug Bounty researchers - round 2
|
AuthorPaul Schwarzenberger is a Cloud Security Architect and DevSecOps specialist Archives
October 2024
Categories |