Joined October 2016
- Tweets 1,190
- Following 159
- Followers 20,006
- Likes 2,603
186 Photos and videos
Pinned Tweet
27 Apr 2022
After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: rfc-editor.org/rfc/rfc9116.
I would like to use this opportunity to thank those who made this possible. Thank you. ❤️
ALT The security.txt specification has been published as RFC 9116
43
949
2,720
Ed retweeted
1 Dec 2023
The Swiss Federal Government has adopted a report on ethical hacking referencing two @swisscyberstorm 2023 speakers: @EdOverflow and @_oakgul. Read the report here (in German and French): lnkd.in/dye5-qkY
Watch all SCS talks here: youtube.com/@swisscyberstorm…
#SCS23 #bugbounty
3
8
2,868
11 Oct 2023
I will be giving a talk on Coordinated Vulnerability Disclosure (CVD) at Swiss Cyber Storm. If you are interested in attending, please find additional information below.
11 Oct 2023
Speaking @swisscyberstorm 2023
Edwin Foudil (@cure53berlin): “Navigating The Coordinated Vulnerability Disclosure Landscape”
Demystifying concepts surrounding CVD and showing solutions to overcome challenges
Program: lnkd.in/d52RpEnH
Tickets: lnkd.in/eTXQRjnP
#SCS23
1
2
14
5,777
12 Apr 2023
I have set up a LinkedIn profile if people want to stay connected: linkedin.com/in/edoverflow/.
11
5,105
Ed retweeted
26 Mar 2023
Where did you first hear about security.txt?
68%
Twitter
6%
GitHub
8%
Conference talk
19%
Other (comment below 👇)
167 votes • Final results
7
2
2
4,254
Ed retweeted
5 Feb 2023
How do you pronounce "security.txt"?
65%
security dot "T.X.T."
22%
security dot "text"
10%
security "text" (no dot)
3%
Other (comment below)
745 votes • Final results
2
2
14
7,668
4 Feb 2023
I am working on something fun with @KarimPwnz to address the challenge of repetitive security questionnaires: @BlueMagnetIO (bluemagnet.io).
4
15
7,484
27 Jan 2023
I have been playing around with SvelteKit a lot recently. I wrote a short blog post on adding security headers to SvelteKit applications: edoverflow.com/2023/svelteki….
I might do a more long-form one on the security pitfalls of SvelteKit applications at some point.
1
4
25
5,557
21 Jan 2023
Reminder: if you would like to follow my blog via RSS, I have a feed at edoverflow.com/index.xml. :)
7
3,109
20 Jan 2023
I have published a new blog post on my bug bounty methodology: "Learn to build it, then break it" — edoverflow.com/2023/learn-to….
4
39
192
23,270
20 Jan 2023
5
1,769
6 Jan 2023
Nice blog post by @KarimPwnz on the security implications of command injection in GitHub Actions.
6 Jan 2023
You have command injection in a GitHub Actions workflow. Now what?
Read my blogpost on leaking secrets from GitHub Actions workflows:
karimrahal.com/2023/01/05/gi…
1
11
2,736
1 Dec 2022
Retweeting this because I know BSides London tickets are hard to come by. :)
30 Nov 2022
Security BSides London: Are you a woman who works (or wants to work) in tech? We have FIVE tickets to give away for the Security BSides London conference, Saturday 10 December. Just DM us to get one.
Please RT.
@BSidesLondon #BSidesLDN2022 #WomenInTech
ALT Security BSides London logo, showing a silhouette of London's major attractions
1
8
20 Oct 2022
It was a pleasure presenting with @jschreuder and @DTC_NL at @OneConferenceNL. The work they are doing to promote security.txt in the Netherlands is amazing.
You can read more about their work here: digitaltrustcenter.nl/securi….
1
2
13
20 Oct 2022
Also, shout-out to @internet_nl & @mxsash for their work integrating security.txt checks in internet.nl/.
2
I love that the Dutch government is actively promoting security.txt and encouraging companies to establish a route for reporting security incidents 😊 /cc @EdOverflow digitaltrustcenter.nl/nieuws…
2
19
76
Ed retweeted
Where can ethical hackers report vulnerabilities at your organization? Publish a security.txt file and test it with Internet․nl.
Check the new @securitytxt test: en.internet.nl/article/secur…
@DTC_NL @AlertOnline #cybersecuritymonth
ALT Picture with green check mark and text "security.txt"
2
39
68
28 Sep 2022
Thank you, @fbsecurity, for organising another fantastic event. I thoroughly enjoyed BountyCon and exploring Singapore. Team BBAC members (@xdavidhu, @_zulln, @ElSec_, @spaceraccoonsec, @rub003, @EdOverflow) managed to find valid vulnerabilities with @rub003 finishing #3 overall.
4
4
62
28 Sep 2022
And here are some photos from the trip. Thank you, @spaceraccoonsec, for being an excellent tour guide. :)
6
15 Sep 2022
This looks like a fun chain by @fransrosen. If readers are interested in rapidly checking CSP hosts, I wrote a tool for grabbing them concurrently: github.com/EdOverflow/csp.
14 Sep 2022
Dropbox disclosed a bug submitted by fransrosen: hackerone.com/reports/159079… - Bounty: $6,909 #hackerone #bugbounty
2
31
107