Slack Slash Command security

Slack "Slash Commands" can be a very useful tool to write a CLI to interact with other applications that you manage. In short the contract works something like this; from within a slack channel that the commands are available you would type: /my-command [text arguments] Seems simple enough, however you need to implement a REST … Continue reading Slack Slash Command security

Batch processing testssl.sh commands

If you secure your entire infrastructure at the transport layer with end to end SSL for both internal and external traffic, then you likely have a ton of endpoints, each with their own SSL software stacks and a wide array of different certificates, some CA signed, others not etc. Both the amount of these and … Continue reading Batch processing testssl.sh commands

Mocking a rate limiting endpoint 429

Ever have some client code that needs to call another endpoint which rate limits you? Join the club. I recently did, and honestly I didn't care at all about the ONE particular rest client that needed to backoff appropriately when the 429s were being barfed back; instead what I did care about was implementing a … Continue reading Mocking a rate limiting endpoint 429