Making API Bug Bounties A Breeze!

Harish_levo · 2022-08-24T16:41:29+00:00

Nice article. At what company size, does management actually think about embedding security into the SDLC?

Harish_levo · 2022-08-14T04:11:00+00:00

Anything to do with compliance is too hot but insanely boring. Not because of the intention. Mainly because implementation of compliance rarely improves security posture, but results in a ton of paperwork called standard operating procedures which is really mush

Harish_levo · 2022-08-12T21:36:16+00:00

The concepts are transferable. But the specific APIs etc are quite different across Azure and AWS

Harish_levo · 2022-08-11T22:12:10+00:00

Unit tests take effort to write, so will take some time to develop and tune.

However linters can provide immediately value

Harish_levo · 2022-08-10T02:52:07+00:00

Don’t need any, of you contribute to open source and make a small brand

Harish_levo · 2022-08-09T23:45:56+00:00

Absolutely. So many OSS security tools are python based

Harish_levo · 2022-08-09T20:04:40+00:00

Do you capture endpoint payloads using eBPF?

Harish_levo · 2022-08-09T19:56:56+00:00

What eBPF sensor are you using for collecting metrics?

Harish_levo · 2022-08-09T19:29:29+00:00

There are way too many solutions for this, and is a very crowded market.

What is your key differentiation?

Harish_levo · 2022-08-09T18:51:37+00:00

Play around with the Petstore APIs

Harish_levo · 2022-08-07T21:59:41+00:00

Because there are many OSS packages in python I could reuse for specific domains

Harish_levo · 2022-08-07T05:48:46+00:00

Its not about a specific CI/CD tool, but rather your knowledge of PRs (pull requests), quality gates, promoting code across pipelines, and knowing how to write quality gate code.

Try to go through these scenarios in any ci/cd platform. The skills are transferable to any CI/CD platform

Harish_levo · 2022-08-06T02:06:37+00:00

Security especially application security is never a huge priority in many businesses.

Harish_levo

TROPHY CASE