Ed

After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: rfc-editor.org/rfc/rfc9116. I would like to use this opportunity to thank those who made this possible. Thank you. ❤️

The Swiss Federal Government has adopted a report on ethical hacking referencing two @swisscyberstorm 2023 speakers: @EdOverflow and @_oakgul. Read the report here (in German and French): lnkd.in/dye5-qkY Watch all SCS talks here: @swisscyberstorm9607" target="_blank" rel="nofollow noopener">youtube.com/@swisscybersto… #SCS23 #bugbounty

@codingo_ Excuse me, sir. Do you have a moment to talk about our Lord and Saviour, security.txt?

Ohai @EdOverflow!

I will be giving a talk on Coordinated Vulnerability Disclosure (CVD) at Swiss Cyber Storm. If you are interested in attending, please find additional information below.

I have set up a LinkedIn profile if people want to stay connected: linkedin.com/in/edoverflow/.

@ElSec_ 👏

I really enjoyed participating in this CTF! Friendly staff were always around to answer any queries. I loved the collaboration between players, it built a great atmosphere around the tables. Looking forward to attending more events in the future!

Where did you first hear about security.txt?

@HusseiN98D varanid.io

Is there any open source tool / paid service that will fetch response of a list of URLs every day and alert on status code / content length change?

@Hac10101 This blog post by @infosec_au: shubs.io/so-you-want-to….

Any tips for a person who is starting with bug bounty? #infosec

How do you pronounce "security.txt"?

I am working on something fun with @KarimPwnz to address the challenge of repetitive security questionnaires: @BlueMagnetIO (bluemagnet.io).

@corg_e @ctbbpodcast by @Rhynorater and @0xteknogeek

Exciting news! @Apple joins the list of companies with a security.txt file. Now, we only need @netflix to complete the FAANG list. 🙌

@hacker_ @codingo_ @rub003 going to be jealous. 🙃

I have been playing around with SvelteKit a lot recently. I wrote a short blog post on adding security headers to SvelteKit applications: edoverflow.com/2023/sveltekit…. I might do a more long-form one on the security pitfalls of SvelteKit applications at some point.

@ant0inet 3️⃣ Finally, realising that *.cust.swisscom.ch is out of scope

Two things humanity will fail at imho: 1️⃣ Outphasing IPv4 2️⃣ Achieving self-defined climate goals #wereFucked

Reminder: if you would like to follow my blog via RSS, I have a feed at edoverflow.com/index.xml. :)

With references to @hacker_ and @fin1te. Thank you to @KarimPwnz for reviewing a draft.

I have published a new blog post on my bug bounty methodology: "Learn to build it, then break it" — edoverflow.com/2023/learn-to-….

@ant0inet There is a recent publication (12 Jan 2023) where the authors explored these factors and even ranked each factor's importance with a survey: arxiv.org/pdf/2301.04781…. Learning and building a career are some of the other factors not mentioned in your tweet.

In your opinion, what are the other drivers for vulnerability researchers to disclose vulnerabilities besides recognition and financial gain? I can't seem to find other obvious motives...

Nice blog post by @KarimPwnz on the security implications of command injection in GitHub Actions.