Blog

TablePlus published a blog post on how they did nothing to handle a DDoS attack. Their blog post titled “We are under DDoS attack and we do nothing” - published at the end of March 2024 - caught my eye when it quickly reached the top of Hacker News.

Least privilege is a defense-in-depth strategy that everyone talks about. While I first heard it a few years back this seemed to be a magical solution to a good number of security issues I faced.

How to get started in cybersecurity?

This is the first question I get from many students attending Null Bangalore meetups, security conferences, and more.

AWS WAF service is an L7 firewall service offered by AWS. It’s easy to set up, seamlessly integrates with other AWS services (ALB, API Gateway, etc.), and comes with a handful of managed WAF rulesets and rate limit features.

The much-awaited AWS re:Inforce 2023 videos have finally landed on YouTube. You can now pick your favorite track and watch the sessions at your own pace here - https://www.youtube.com/@AWSEventsChannel/playlists?view=50&sort=dd&shelf_id=2.

AWS SES is used in multiple ways - automated reminders, marketing emails, security automation & alerts, etc. There’s a risk with the domain verified on SES; often overlooked. A risk that falls at the intersection of Cloud and Enterprise risk.