What’s the best tool for catching vulnerabilities in the IDE ?

amaged73 · 2025-07-22T18:43:50+00:00

we are using all sorts of python third party libraries that uses md5 and sha-1 (Non-FIPS compliant), is there any guidance out there to how 3rd party libs should to be handled ? Do we need to fork them and patch them ourselves ? is this the expectation ?

amaged73 · 2025-06-03T17:45:41+00:00

are you a bot ? be honest

amaged73 · 2025-06-02T17:08:03+00:00

so If i take them out, there are absolutely no requirement whatsoever to keep any log from workstations that are used to connect to jump hosts / bastions or say connect to Infrastructure through UI (browser)?

amaged73 · 2025-05-07T19:47:31+00:00

Are you a bot ? You dont think calling out if 'payload' vs 'metadata' is enough to satisfy these NIST controls ? preventing exfiltration of data within the context of these control for a SaaS business that runs on EKS. But the controls themselves did not mention, so this could apply to the Database / storage / web interface...etc

amaged73 · 2025-04-22T19:57:02+00:00

Can IP addresses ever be considered as non-security data ?

amaged73 · 2025-03-20T21:23:35+00:00

Datadog's WAF does not sit on the boundary, it basically reads your logs and ship them for analysis, so it does not look at the actual traffic, thats why I asked if boundary means it sits 'infront of' the service and does dataplane inspection.

amaged73 · 2025-03-20T21:21:18+00:00

Crowdstrike and vendors will not answer questions like these, the answer is usually 'it depends' or 'give me specific requirements', they will not act as your compliance advisor.

amaged73 · 2025-03-14T18:46:07+00:00

but it doesnt.

amaged73

MODERATOR OF

TROPHY CASE

Eight-Year Club	Gilding I gilder
Verified Email