Ben de Haan
@BJFdeHaan
Followers
125
Following
85
Media
5
Statuses
72
Security engineer
Amsterdam
Joined May 2013
1.2K ⭐️ OWASP WrongSecrets: game packed with real life examples of how to NOT store secrets in your software. 🔒🔑 @owasp
https://t.co/V3upZf1EJS
#starhistory #GitHub #OpenSource
0
2
2
📚 tl;dr sec 118 * @christophetd Stratus Red Team * @philvenables, @jameschiapet Security Program Building * @commjoenie, @BJFdeHaan How not to do secrets * @ramimacisabird AWS customer incidents * @d0nutptr Eliminating authz vulns with types https://t.co/xWa3a9GQ5v
tldrsec.com
Tool to test your cloud detections, how to build and scale a security program, OWASP project to teach you how not to manage secrets.
1
7
15
@BJFdeHaan and I wrote another blog on cloud security! This time we do a deep dive on AWS IAM with ten pitfalls. Want to find out more? Check https://t.co/vYMqxRBLBh
#AWS #IAM #security #cybersecurity
0
1
1
@BJFdeHaan and I just wrote a blog on some of the security pointers we faced when working with Terraform on AWS. Want to know more? Check
1
1
0
Some people say secrets management is a big indicator of your security maturity. So what do you need to think of when managing your secrets? @commjoenie and I highlighted 10 pointers in our blog: https://t.co/GyVkZOZE1y.
0
9
11
A lot is written about the SDLC & security automation. But what if you just want to focus on the secure deployment itself? My colleague @BJFdeHaan and I wrote a blog about it at https://t.co/HLPcGecR7o.
0
1
1
Likely, a lot of the code you run is not code you wrote. But what does that mean in terms of security? Open source packages make interesting targets. I've summarized the most interesting statistics and key takeaways from a review of supply chain attacks. https://t.co/RUo5c0aZHK
0
3
3
I wrote a small blog post about participating in the Advent of Code 🙂. https://t.co/lsxSVS1Iqr
#xebiaaoc
0
0
2
A fan of Podcasts? Why not combine the entertaining with the useful? 🙂
0
0
1
Want to help improve the OWASP Serverless top 10?
We are excited to announce the first #OWASP #Serverless Top 10 call for data. Help us better understand serverless applications risks. We need you! https://t.co/RK2cCvwCE6 And don’t miss out the Serverless Top 10 talk on #OWASP #GlobalAppSec @OWASP_IL
0
0
0
1
8
4
Just published 'Easy input validation in Python apps':
link.medium.com
All you need to know about Cerberus
0
0
1
Definitely time to update your Sysmon config!
Be advised that many Registry rules are non-functional in @SwiftOnSecurity's Sysmon config. We fixed that in a forked config that I helped to build & reported this months ago HKLM > \REGISTRY\SYSTEM HKCU > \REGISTRY\USER https://t.co/bDls7zLb60
@Cyb3rWard0g @Antonlovesdnb
0
0
0
Waar trek jij de grens? scenario 4: internationale gegevensuitwisseling. Doe de volledige sleepwet-kieswijzer op https://t.co/6Pqjdq9BOj
#sleepwet #rijksveiligheidsdienst #terreurschwalbe
1
12
9
SIEM use cases development workflow - Agile all the things!
opstune.com
If you are into Splunk rules development, I am pretty sure this post will relate to you. But before entering the main topic, let me quickly define what a SIEM use case is about, which is another tr…
0
0
0
My @DerbyCon talk on everything and the kitchen sink with windows logs. cuckoo consumption, ad backdoors, using WEF as transport for ETW, etc.. https://t.co/edJjFaD8Px
https://t.co/rIyIMGSYIb
https://t.co/WNIoPzOCeP
github.com
This is a repository from Adam Swan and I's presentation on Windows Logs Zero 2 Hero. - neu5ron/WinLogsZero2Hero
0
46
86
Cyber criminologist @DianaSelck and I wondered: are professionalizing criminals becoming more 9 to 5? Summer blog: https://t.co/S9CemtyDMR
0
10
6
Wannacry is not very good ransomware, and its creators are not very good criminals.
wired.com
Researchers say the worst ransomware epidemic ever is also poorly run, shoddily coded, and barely profitable.
14
135
140