This focuses mostly more on internal security (i.e after the attacker already ha... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mirages 10 months ago \| parent \| context \| favorite \| on: OWASP Non-Human Identities Top 10 This focuses mostly more on internal security (i.e after the attacker already has a foothold inside) versus the classic OWASP that are for external front fracing applications

Temporary_31337 10 months ago [–]

It has long been consensus that perimeter security is an outdated concept. With servers in public clouds workers remote etc just assume that a breach could potentially happen and mitigate the potential damage - stealing credentials from a marketing guy should not result in root access to prod db.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact