Leveraging AWS Lambda to notify users about their old access keys
Feb 29, 2020
I love to spend time trying to automatize out boring part of my job. One of these boring side is remembering people to rotate AWS Access Keys, as suggested also by AWS in their best practices.
My year on HackerOne
Dec 28, 2019
Last year, totally by chance, I found a security issue over Facebook - I reported it, and it was fixed quite fast. In 2018, I also found a security issue over Gitlab, so I signed up to HackerOne, and reported it as well. That first experience with Gitlab was far from ideal, but after that first report I’ve started reporting more, and Gitlab has improved its program a lot.
Exploring Gitlab Visual Reviews
Nov 3, 2019
With version 12.0 Gitlab has introduced a new interesting feature: Visual Reviews! You can now leave comments to Merge Requests directly from the page you are visiting over your stage environment, without having to change tab.
Using AWS Textract in an automatic fashion with AWS Lambda
Jun 24, 2019
During the last AWS re:Invent, back in 2018, a new OCR service to extract data from virtually any document has been announced. The service, called Textract, doesn’t require any previous machine learning experience, and it is quite easy to use, as long as we have just a couple of small documents. But what if we have millions of PDF of thousands of page each? Or what if we want to analyze documents loaded by users?
Responsible disclosure: improper access control in Gitlab private project.
Apr 19, 2019
As I said back in September with regard to a responsible disclosure about Facebook, data access control isn’t easy. While it can sound quite simple (just give access to the authorized entities), it is very difficult, both on a theoretical side (who is an authorized entity? What does authorized mean? And how do we identify an entity?) and on a practical side.
Glasnost: yet another Gitlab's client.
Feb 10, 2019
gitlab and glasnost
I love Gitlab. I have written about it, I contribute (sporadically) with some code and I am a big fan of their CI/CD system (ask my colleagues!). Still, they need to improve on their mobile side.
Responsible disclosure: retrieving a user's private Facebook friends.
Sep 23, 2018
Data access control isn’t easy. While it can sound quite simple (just give access to the authorized entities), it is very difficult, both on a theoretical side (who is an authorized entity? What does authorized mean? And how do we identify an entity?) and on a pratical side.
AWS S3 + GitLab CI = automatic deploy for every branch of your static website
Apr 23, 2018
gitlab and aws
You have a static website and you want to share to your team the last changes you have done, before going online! How to do so?
A generic introduction to Gitlab CI
Nov 28, 2017
gitlab and gitlab ci
At fleetster we have our own instance of Gitlab and we rely a lot on Gitlab CI. Also our designers and QA guys use (and love) it, thanks to its advanced features.
How to automatically create new MR on Gitlab with Gitlab CI
Jun 1, 2017
gitlab and gitlab ci
At fleetster we have our own instance of Gitlab and we rely a lot on Gitlab CI. How can be otherwise? We are a small team, with a lot of different projects (only in last month, we had more than 13.000 commits over 25 different projects, and we are only 10 - and I work part time).