Riccardo Padovani

Hi! In this corner of web you'll find my posts about different topics in the C.S. field: I'm a Solutions Architect with a strong passion for F/OSS and bug bounties!

Leveraging AWS Lambda to notify users about their old access keys

Feb 29, 2020
aws

I love to spend time trying to automatize out boring part of my job. One of these boring side is remembering people to rotate AWS Access Keys, as suggested also by AWS in their best practices.

Read More

My year on HackerOne

Dec 28, 2019
security

Last year, totally by chance, I found a security issue over Facebook - I reported it, and it was fixed quite fast. In 2018, I also found a security issue over Gitlab, so I signed up to HackerOne, and reported it as well. That first experience with Gitlab was far from ideal, but after that first report I’ve started reporting more, and Gitlab has improved its program a lot.

Read More

Exploring Gitlab Visual Reviews

Nov 3, 2019
gitlab

With version 12.0 Gitlab has introduced a new interesting feature: Visual Reviews! You can now leave comments to Merge Requests directly from the page you are visiting over your stage environment, without having to change tab.

Read More

Using AWS Textract in an automatic fashion with AWS Lambda

Jun 24, 2019
aws

During the last AWS re:Invent, back in 2018, a new OCR service to extract data from virtually any document has been announced. The service, called Textract, doesn’t require any previous machine learning experience, and it is quite easy to use, as long as we have just a couple of small documents. But what if we have millions of PDF of thousands of page each? Or what if we want to analyze documents loaded by users?

Read More

Responsible disclosure: improper access control in Gitlab private project.

Apr 19, 2019
security

As I said back in September with regard to a responsible disclosure about Facebook, data access control isn’t easy. While it can sound quite simple (just give access to the authorized entities), it is very difficult, both on a theoretical side (who is an authorized entity? What does authorized mean? And how do we identify an entity?) and on a practical side.

Read More

Glasnost: yet another Gitlab's client.

Feb 10, 2019
gitlab and glasnost

I love Gitlab. I have written about it, I contribute (sporadically) with some code and I am a big fan of their CI/CD system (ask my colleagues!). Still, they need to improve on their mobile side.

Read More

Responsible disclosure: retrieving a user's private Facebook friends.

Sep 23, 2018
security

Data access control isn’t easy. While it can sound quite simple (just give access to the authorized entities), it is very difficult, both on a theoretical side (who is an authorized entity? What does authorized mean? And how do we identify an entity?) and on a pratical side.

Read More

AWS S3 + GitLab CI = automatic deploy for every branch of your static website

Apr 23, 2018
gitlab and aws

You have a static website and you want to share to your team the last changes you have done, before going online! How to do so?

Read More

A generic introduction to Gitlab CI

Nov 28, 2017
gitlab and gitlab ci

At fleetster we have our own instance of Gitlab and we rely a lot on Gitlab CI. Also our designers and QA guys use (and love) it, thanks to its advanced features.

Read More

How to automatically create new MR on Gitlab with Gitlab CI

Jun 1, 2017
gitlab and gitlab ci

At fleetster we have our own instance of Gitlab and we rely a lot on Gitlab CI. How can be otherwise? We are a small team, with a lot of different projects (only in last month, we had more than 13.000 commits over 25 different projects, and we are only 10 - and I work part time).

Read More

Blog archive