Collect Caddy logs securely using Prometheus: restrict admin API access
Caddy exposes a metrics API which also gives admin access. Let's see how to secure Caddy-Prometheus integration taking this into account.
Cybersecurity
Cybersecurity, how to ignore it and deliver all your projects faster !
How to whitelist AppSec WAF rules in CrowdSec to avoid false positives?
I realized the fix last described in part #1 might not work with the Application Security Component (AppSec Component). The previous blog post only worked with the classic remediation component. Let's figure out why !
How to run Trivy scans on your selfhosted Forgejo code repositories?
I have wanted for a long time to integrate container scanning and SAST into my CI/CD pipeline. Let's use Trivy to increase the security of my CICD !
How to deepfake your CEO?
Let's try to create a deepfake of Barack Obama to illustrate how easy it is for an attacker to impersonate your CEO and launch social engineering attacks.
How to whitelist domains or URL path in CrowdSec to avoid false positives?
CrowdSec is an open-source, collaborative WAF that analyzes logs on web applications to detect and block malicious behaviour. While this is great, I started seeing my getting IP banned while browsing my services...