2 posts tagged with "guides"

Hello!

Today, I want to show how the Webhooks feature of Secutils.dev can be used to explore third-party services from the outside, what a security researcher would call basic active reconnaissance. Reconnaissance is just a fancy word for gathering information about a target system to understand exploitable vulnerabilities and attack vectors. In this post our intent is innocent: we want to learn how a particular service implements a feature we like. The technique, however, is the same one a researcher would use.

In my previous posts I've consistently pushed back on waste, whether it's time, money, or process overhead. Today I want to apply that same lens to security configuration management and argue that the engineering teams who build and run a product are the right people to own a big chunk of it. I'll use Content Security Policy (CSP) as the concrete example and show how Secutils.dev supports the full lifecycle: create, deploy, and monitor.