devsecops 13

• Your S3 Bucket Is an Open Directory and You Probably Don't Know It Apr 24, 2026
• Breaking My Own Infrastructure: 12 Days, 19 Findings, 3 False Positives Apr 23, 2026
• What --dryrun Taught Me About Confidence Apr 22, 2026
• The Load Balancer That Trusted Everyone Apr 21, 2026
• I Can Read Everyone's Invoices (and Found a Backdoor Inside) Apr 20, 2026
• The Refresh Token That Wouldn't Die Apr 19, 2026
• It's 3 AM and I'm Creating a Thousand Invoices Apr 18, 2026
• I Just Sent XSS Payloads to the Support Team Apr 17, 2026
• When Your Internal Fields Aren't Internal: The Day I Deleted My Own Account Apr 16, 2026
• The CORS Rabbit Hole I Didn't Want to Go Down Apr 15, 2026
• How Two curl Commands Gave Me Full Access to an S3 Bucket Apr 14, 2026
• 5,000 Attack Vectors Later: What I Learned From Testing Everything Apr 13, 2026
• From DevOps to DevSecOps: Why I Started Breaking Things on Purpose Apr 12, 2026