Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Chandrapal Badshah Profile picture
Chandrapal Badshah
@bnchandrapal
Cloud & Cloud Native Security Researcher. Building @CloudSecClub. Opinions are from my intellect.
Oct 22, 2021 16 tweets 5 min read
Okay folks, let's talk about bypassing #SSLPinning in #Android applications.

It's going to be a bit long Twitter 🧵 First, let's talk about SSL Pinning.

It's "pinning" some content of your website's public SSL certificate to your Android app.

It can be hash from your leaf cert, intermediate CA or even root CA.
Oct 5, 2020 7 tweets 2 min read
Wow ! @Cloudflare introduces API Shield to protect your APIs

blog.cloudflare.com/introducing-ap…

How does it do ?

By adding mTLS for the API endpoints and enforcing schema validation in JSON / gRPC payloads in API POST requests

Will it really secure / help secure APIs ?

[thread] 1/n Reading the article, Cloudflare claims to "secure" your APIs with the help of mTLS.

To simply put, mTLS is when both entities (server and client) validate each other's SSL cert and make sure its signed by common trusted Root / Intermediate CA.

2/n
Apr 17, 2020 15 tweets 4 min read
How we monitor secrets committed in our self hosted @gitlab instance in real time ?

(Twitter thread which summarises multiple experiments)

#ProductSecurity #gitlab #security Use Pre-commit / Pre-receive / Post-receive git hooks ?

Pre-commit : scan for secrets before commit. Prevents committing secrets by devs

Problem: requires access to dev laptops (privacy issue?). Hard to manage regexes in their laptop. Harder in a company hiring lots of devs