Bil Corry @bilcorry

CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.

 Phoenix, AZ
linkedin.com/in/bilcorry/
Joined July 2009
  • Tweets 8,305
  • Following 139
  • Followers 776
Load newest
Replying to @randomdross
Maybe start with your Twitter name?
1
Here are the last two chapters of the third edition of Security Engineering. They cover the hard interactions between security and society: from self-driving cars to adversarial machine learning, and from opsec to elections cl.cam.ac.uk/~rja14/book.htm…
6
94
6
187
🌈 Fighting COVID with hopes, wishes, and dreams. 🍀
Daniel Lippman @dlippman
31 Aug 2020
SCOOP: As the presidential election fast approaches, HHS is bidding out a more than $250 million contract to a communications firm as it seeks to “defeat despair and inspire hope” about the pandemic, according to an internal HHS document I obtained. politi.co/31K6oCJ
Replying to @jeremiahg @DanielMiessler @whitehatsec
The big lesson I learned from you is to pay it forward and remove as much gatekeeping as possible to allow anyone with passion to find their way in.
2
The draft of Web Content Accessibility Guidelines has a new "Accessible Authentication" mandate - you must offer an auth method that doesn't rely on remembering anything, including passwords. WebAuthn ftw? WCAG draft: w3.org/TR/WCAG22/#error-prev…
1
Replying to @DanielMiessler @jeremiahg
Back in 2009 when I wanted to switch professionally from dev to appsec, I had no experience and no job leads. Jer gave me my foot-in-the-door at @whitehatsec, which I later pivoted to PayPal. Always will be grateful for that career start!
2
5
Replying to @sirdarckcat
Companies are increasing their ransomware budget, so go where the money is?
Bil Corry retweeted
Securitum @securitum_com
28 Aug 2020
New blogpost! @SecurityMB shares his latest research on bypassing HTML sanitizers via prototype pollution. Sanitizers covered are: DOMPurify, sanitize-html, Closure and xss: research.securitum.com/proto…

Prototype pollution - and bypassing client-side HTML sanitizers - research.securitum.com

In this article I’ll cover the prototype pollution vulnerability and show it can be used to bypass client-side HTML sanitizers. I’m also considering various ways to find exploitation of prototype...

research.securitum.com
3
103
2
200
Fawkes, the face cloaking anti-recognition tool. nytimes.com/2020/08/03/techn…
1
Imagine your employer requires you to urinate on demand while they directly observe, otherwise you'll be fired. Turns out it's legal and what @Sterilite_Corp requires of their employees. abajournal.com/news/article/…
This report out of India (jointly with @DSCI_Connect & @paypal) is a great primer on commerce fraud and the controls to combat it. If you operate an online store, you should read this. Report is a free download (no forms to fill out). dsci.in/content/fraud-and-ri…
2
4
Replying to @ericgeller
I have had it happen a few times, especially on Saturdays, and they just deliver it the next business day. I assume it is when they forgot to drop it off and didn’t want to drive back, or maybe the carrier was sick and there wasn’t a backup, or something like that.
Replying to @randomdross
Yeah, not going to click that link!
The @owasp Global AppSec conference is open for registration and will be virtual this year. As a member of the Organizing Committee, you do not want to miss it. There is a lot of great content planned for all experience levels. Register here: virtual.globalappsec.org/hom…
2
2
Replying to @mkonda @amazon
Thankfully phishers target a very low bar.
I just submitted my candidacy for the upcoming @owasp Board of Directors election. If you are a paid member, please vote starting October 15. You can join or renew by September 30 in order to vote. Last year, I missed by 14 votes. Every vote counts, including yours!
1
2
9
Replying to @mkonda @amazon
The screenshot is too low res to see it :(
1
New on our blog! What widowers should watch out for when they re-enter the dating scene. written with love for one particular fellow, but hopefully can help others. cagoldberglaw.com/the-dos-an…
2
10
Bil Corry retweeted
hakluke
 @hakluke
23 Aug 2020
I don't think that most people use Amass effectively, or understand how powerful it is. Here's how I personally use it. medium.com/@hakluke/haklukes…

Hakluke’s Guide to Amass — How to Use Amass More Effectively for Bug Bounties

Amass has a lot of features. It’s a bit of a weird tool because despite being synonymous with bug bounty recon, and despite being…

hakluke.medium.com
25
552
21
1,452
This looks cool, from Jim Capobianco, who wrote Ratatouille and directed Your Friend the Rat.
The Inventor Film @TheInventorfilm
11 Aug 2020
Ever wanted to go behind the scenes of a #stopmotion #animated feauture #film & see how they are really made? We’re launching a new kind of @kickstarter where you can meet the award winning team of #animators, masterclasses & virtual tours to the set theinventorfilm.com/kickstar…
4
17
Load more