The Agentic Web: A New Internet Built for Agents, Not Browsers

Every time you sign up for a new service, you hand over your data, create yet another set of credentials, and agree to terms you didn’t read. You do this dozens of times across dozens of platforms. Each one owns a piece of you – your preferences, your purchase history, your social graph – and good luck getting any of it back. The internet as we know it was built for humans to browse. I believe it’s time we build one where agents act on our behalf.

My Thoughts About the United States Banning TikTok

These are my personal thoughts about the United States banning TikTok.

As you may have already heard, some congressional leaders have proposed the ban of a Chinese based social media application called TikTok.

There is fear, with some truth mixed in, that TikTok is a danger to United States national defense. There are many reasons congressional, military, and other policy leaders fear TikTok, but the common theme seems to be related to data collection on American citizens and the potential of manipulating viewpoints in favor of the Chinese government.

Understanding Python - Part 2: Running Code

Introduction

Whether you are new to Python or not, ensuring you understand the basics will help you along the way to becoming a Python expert.

Please see the first post titled Python vs Powershell Part 1: Versioning. This first post was written in 2018 but still applies. The remaining blog posts are a continuation of this series. Lets get started!

Installation

You may have Python already installed. To check, open your terminal and type:

Understanding HTTP Request Headers

Table of Contents

• Summary
• Introduction
  • Setup
• General Headers
  • Cache-Control
  • Connection
  • Transfer-Encoding
• Request Headers
  • Common Request Headers
  • Accept
  • Accept-Encoding
  • Authorization
  • User-Agent
• Response Headers
  • Common Response Headers
  • Location
  • Vary
  • Server
  • WWW-Authenticate
• Metadata Headers
  • Common Metadata Headers
  • Allow
  • Content-Encoding
  • Content-Type
• Conclusion

Summary

Networking is complex. Whether you are troubleshooting network connectivity or attempting to detect malicious external network communications, understanding the nuances of common HTTP requests is extremely helpful but often it can be difficult for many security and IT professionals.

Introducing Atomic Operator

One of the major benefits of Atomic Red Team is that it enables security teams to understand how adversaries leverage MITRE® ATT&CK techniques in the real world, and I’ve been a big fan for years. To me, Atomic Red Team is more than a repository of tests (aka atomics), it’s also a knowledge base, training tool, and more.

Each atomic in the library simulates a known adversary behavior associated with a given technique. Each of these tests are meant to help security professionals understand how a technique works (in other words, what malicious looks like) and enable them to test their defensive controls.

Atomic Red Team Testing With Swimlane

Today, Swimlane is excited to announce that we are releasing a new SSP (Swimlane Solutions Package) for use within the Swimlane platform. This SSP will enable organizations to automate the testing of their defenses using Atomic Red Team using our new open-source project called atomic-operator.

When using this SSP organizations can gain an understanding of their defensive posture against tests mapped to MITRE ATT&CK techniques. By using this use case you can correlate detections of these tests against their existing automation and log sources thus giving them fast feedback on their defensive posture based on tests available within Atomic Red Team.

Common Rest Api Authentication Methods Explained

When it comes to implementing automation and orchestration, it is critical to understand how authentication works with APIs. The majority of the products in your environment likely have some sort of authentication mechanism. You need to know the nuances and differences between various authentication methods in order to automate communications with those APIs. In this blog post, I aim to help you understand by breaking down three different API authentication methods.