BlueTeamCon
Talk: Open Source Security
- MITRE's Hipcheck → Supply Chain Risk Assessment for OSS project based on the development practices & risk tolerances.
Talk - “Building on CVSS, EPSS, and KEV: A practical approach to vulnerability prioritization” with Omer Tal
- EPSS → Exploit Prediction Scoring System
- Daily estimate of probability of exploitation activity being observed over the next 30 days
- SSVC → Stakeholder-Specific Vulnerability Categorization
- Practical Approach:
- Use regreSSHion
- Focus on priorities, Not severities
Talk: SQL Injections: A History' OR 1=1;--
- Allow List Input Validation
Talk: IAC Misconfigurations
- Tools to scan IAC misconfigurations locally:
- KICS
- Checkov
- Terrascan
- Tfsec
- GitGuardian
- Snyk
- OPA → Open Policy Agent
Talk: Excelling Spreadsheet in Cybersecurity