Technical articles, security research, CVE discoveries, and conference talks contributing to the security community. Sharing knowledge about DevSecOps, secure development practices, vulnerability research, and cybersecurity.
Exploring how Red Hat Ansible Lightspeed integrates AI-powered automation with Red Hat's Secure Development Lifecycle (RH-SDL) to enhance security throughout the software development process. Learn about the collaboration between engineering and security teams to implement robust security controls.
A comprehensive guide to implementing automated Dynamic Application Security Testing (DAST) using RapiDAST. Discover how to streamline your security testing workflow and catch vulnerabilities early in the development lifecycle.
Cloud Native Sevilla
A comprehensive talk introducing attendees to the Secure Development Lifecycle (SDL) and how to integrate security practices throughout the software development process. Covers practical implementation strategies and real-world examples.
Discovered a critical DoS vulnerability in vLLM (inference and serving engine for LLMs) that can be triggered by sending a single HTTP GET request with an extremely large header, resulting in server memory exhaustion. The vulnerability affects versions 0.1.0 to 0.10.1.1 and has been assigned a CVSS score of 7.5 (HIGH).