What if we stop treating security testing as a separate thing?

Sun 01 June 2025 · security

Prioritize using your existing unit, integration, and end-to-end testing frameworks to cover security cases

Security-oriented reflections on Rosa's uncontrollability

Thu 17 April 2025 · security

Applying Hartmut Rosa's concepts of controllability and resonance to the security space

Attack surface minimization

Thu 20 February 2025 · security

The sooner you start doing it, the easier it is to get done!

How some Let's Encrypt renewal failures pointed to an AWS traffic hijacking issue

Thu 15 August 2024 · security

tl;dr A BGP-based feature of the AWS Direct Connect service allowed a third party to inject an incorrect route for an external IP assigned to me, effectively hijacking my AWS-sourced traffic.

Mangatepopo to Waihohonu to Whangaehu to Iwikau

Sat 21 January 2023 · misc

Notes, photos, and maps from a few days in the Aotearoa mountains

What's the word for a large collection of fraudulent web stores?

Tue 01 November 2022 · security

It started simply enough...

Using Cosign (and Vault and Fulcio and Rekor) to sign binaries

Thu 19 May 2022 · security

Code signing, what is it good for?

Scones scones scones

Fri 13 May 2022 · misc

One way to pass time during a pandemic

select * from cloud; with Steampipe

Thu 31 March 2022 · security

A SQL-like abstraction over all your cloudy things

Programmatic Terraform config manipulation, Semgrep's autofix, and an example of OSS contribution

Sun 19 December 2021 · tech

A story of cloud, automation, but mostly just contributing to open source - in several acts

Severity ratings should mean something

Thu 28 October 2021 · security

Perhaps we do not share the same definition of "critical"?

Automating security things with GitHub Actions

Mon 25 October 2021 · security

"Give a small boy a hammer and he will find that everything he encounters needs a pounding."

Living the Mitsubishi JB500 dream

Sun 10 October 2021 · misc

(Small camper, big dream.)

Simulated phishing is not so great

Thu 24 December 2020 · security

1) Don't be a jerk, and 2) consider the alternatives

Going live with Abridge!

Thu 25 June 2020 · tech

Sometimes, you just have to take that one step...

Participating in the GitHub token scanning program

Wed 15 January 2020 · security

General impressions, and a little Python to validate the signature on incoming alerts.

Complement my nets

Thu 29 August 2019 · security

Calculating IP range reversals with Python 3's ipaddress

Startup-friendly security, CI/CD, and continuous assurance

Fri 10 May 2019 · security

Automated, low-effort security is the best kind

Post-build DOM manipulation with pyquery

Fri 05 April 2019 · tech

I suspect this isn't really how you're supposed to do things, but hey.. works for me

Listing O365 group members

Wed 03 April 2019 · security

Powershell is an ugly hammer but it occasionally drives a nail effectively, or at least saves a bunch of copy-paste-reformat busy-work

Startups and security questionnaires

Wed 06 March 2019 · security

Get me off this never-ending hamster wheel of pain

Generating weekly O365-hosted mailbox statistics

Mon 04 March 2019 · tech

Getting incoming message counts out of Exchange Online

Security is not a binary thing

Wed 27 February 2019 · security

Balancing, estimation, & trade-offs

Host your own git repository

Thu 21 February 2019 · tech

Because you don't always need GitHub to git

Assessing security posture

Sun 27 January 2019 · security

Some open-ended questions

Amazon Linux security updates & needs-restarting

Tue 13 November 2018 · tech

Determining if an updated Amazon Linux (or Red Hat / CentOS) system requires a reboot

Startup security

Mon 12 November 2018 · security

Smart decisions in the early stages...

Security's need to be named

Fri 09 November 2018 · security

An argument against DevSecOps (SecDevOps?) & secure development lifecycles

NICUs are amazing

Wed 07 November 2018 · misc

Modern medicine & stubborn preemies FTW.

Asynchronous Python with gevent

Mon 05 November 2018 · tech

Spamming web servers with HTTP GETs since the mid-2000s.

Productivity inside 13 inches

Fri 02 November 2018 · tech

Just say no to multi-monitor madness. Or - at least - be capable of working without it.

HIPAA musings

Thu 18 October 2018 · security

Security regulation that doesn't suck.

Removing metadata from PDF files

Fri 12 October 2018 · security

Dealing with 'informational' risk penetration test findings, one at a time...

© Jamie Finnigan; opinions my own and not my employers. Built using Pelican.