Security

Our red team has created a new tool to find sensitive data in the vast, wide-open.

Cheers, our bug bounty program is celebrating one year!

How to exploit a path traversal issue to gain an admin account

Use GitLab to control your toolchain sprawl, improve team communication and productivity, and secure your DevOps lifecycle.

We're now offering higher bounties for critical and high severity reports.

We take a look back at how far we've come in our ZTN implementation, and at the progress we still need to make.

Implementing change in an already working environment always brings its fair share of growing pains. What happens when that change is Zero Trust?

You talked. We listened. Quicker bug bounty payouts and we're holding a contest for our hackers!

How we’re defining and aligning data zones in our Zero Trust implementation.

The classification of data is a huge step in the right direction when it comes to handling Zero Trust, but it comes with its own set of challenges.

An example of how to automate instrumented fuzzing with American Fuzzy Lop using pipelines.

We map out our Zero Trust goals, the challenges we expect to encounter along the way, and how we plan to address them.

Six months into our public bug bounty program, we're taking stock of what's working and where we can make improvements.

We’ve implemented and adapted an open source compliance framework. Now we're sharing our process and tools so you can adapt and customize it too.

What are the challenges and rewards of working security for a growing, cloud native company? We grill one of our senior security engineers.