John Poulin
@forced_request
Followers
896
Following
1K
Media
119
Statuses
4K
Father. Husband. Mainer. CTO @CloudSecPartner, ex-GitHub
Bangor, Maine, USA
Joined February 2009
RT @satyanadella: A couple reflections on the quantum computing breakthrough we just announced. Most of us grew up learning there are th….
0
19K
0
Looking forward to giving a webinar tomorrow on Defense-in-Depth engineering. We’ll talk through four key areas to help harden our applications and systems, including real tangible examples that folks can start utilizing right away.
0
1
0
RT @HackGDL: Michael McCabe de @CloudSecPartner nos explica como asegurar nuestra infraestructura con Terraform, incluyendo sus vulnerabili….
0
3
0
I know folks still have annual security budget. This training is like the gift that keeps on giving. Good virtual training is hard to come by - don’t miss this one.
We still have room left in @sethlaw and I's virtual secure code review course held next week, Oct 2 & 3. Come join us and learn:. - Manual source code review techniques.- How to use Gen AI to make your reviews more efficient. Register here!
0
0
4
RT @rootsecdev: Amen to the 30/90 password resets. If you are reading this and your enterprise is doing this, I’m here to tell you right no….
0
21
0
Fairly certain I spend half my time online selecting which cookies I want sites to be able to access. How did we get ourselves into this mess?.
0
0
3
RT @jeffbarr: Thank you to everyone who brought this article to our attention. We agree that customers should not have to pay for unauthori….
0
552
0
RT @moxie: As a kid, the magic of software was that I could sit down and make something with no license, degree, or ~money. Gotta say, pu….
0
208
0
RT @jeffbarr: Heads-Up: Many of the current generation of Amazon RDS and Amazon Aurora SSL/TLS certificates will expire in 2024 and you n….
0
51
0
One of my favorite talks I attended was at HOPE X, 9 years ago. @deviantollam and @SgtHowardPayne dropped some knowledge on elevator hacking, which has stuck with me to this day. You will learn amazing things you never expected to hear about. Get a ticket while you can.
The late Cheshire Catalyst shares how he got his own area code at The Last HOPE (2008). HOPE XV will take place from July 12-14, 2024 at St. John's University in Queens, New York City. Tickets still available at 10% of April sales are donated to the @EFF
0
1
1
DOMPurify is an amazing sanitization library, which I regularly recommend to customers. But even well-maintained libraries will suffer from vulnerabilities from time-to-time. @ryotkak and team shared a great example!.
We published a new blog by @ryotkak. Check it out!. Bypassing DOMPurify with good old XML.
0
0
4
RT @CloudSecPartner: Here at Cloud Partners, we recommend our clients adopt Infrastructure as Code (IaC) for early detection of security vu….
0
1
0
RT @Frichette_n: It appears that there is a phishing campaign going around trying to steal AWS credentials. Be on the lookout in your organ….
0
35
0
RT @CloudSecPartner: Love is in the air, and so is our passion for Cloud Security. 💗 🔒. Need a team that's dedicated to protecting your tec….
0
1
0
Looking forward to teaching this course! I'm coming prepared with more memes and more tips.
REPOST! Join our 2-day course - defense-in-depth sw in response to '21 OWASP ⬆️10 'Insecure Design. Ideal for engineers & sec pros, ✅ anti-patterns, vulns, and real-world solutions. Get hands on src code review xp and leave ready to build resilient sw.
0
0
2
I continue to be impressed by @gitlab's mission to make it so that anyone can contribute. Working with a client, I was trying to understand some of the controls around GitLab Secrets Manager. They published the ADR:
0
0
2
RT @natfriedman: Ten months ago, we launched the Vesuvius Challenge to solve the ancient problem of the Herculaneum Papyri, a library of sc….
0
15K
0
If you rely on Docker or runc now is a great time to update:
0
0
1