DEV Community

#incidentresponse

The process of responding to and managing security incidents and breaches.

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
We Got an Alert That the Database Was Down. The Database Was Never Down.

We Got an Alert That the Database Was Down. The Database Was Never Down.

1
Comments
9 min read
We Chased the 9 People Intercepting Our App's TLS. It Was Google.

We Chased the 9 People Intercepting Our App's TLS. It Was Google.

1
Comments
7 min read
CISA Wrote Its Incident Plan Mid-Breach. Write Yours Now.

CISA Wrote Its Incident Plan Mid-Breach. Write Yours Now.

Comments
4 min read
"Just Turn It Off in Staging" — What the Noisy Alert Was Actually Hiding

"Just Turn It Off in Staging" — What the Noisy Alert Was Actually Hiding

Comments
6 min read
SIGTERM Had Two Owners: Why Our Shutdown Hooks Ran Twice

SIGTERM Had Two Owners: Why Our Shutdown Hooks Ran Twice

2
Comments
5 min read
Agentic incident response is where autonomy meets the pager

Agentic incident response is where autonomy meets the pager

Comments
6 min read
From Code to Governance: A Developer's Honest Take on Detection & Incident Response

From Code to Governance: A Developer's Honest Take on Detection & Incident Response

1
Comments 1
2 min read
GitHub ships a one-click self-revoke for users whose credentials just leaked

GitHub ships a one-click self-revoke for users whose credentials just leaked

Comments
3 min read
Responding to a Compromised AWS Access Key

Responding to a Compromised AWS Access Key

Comments
6 min read
Protecting GitHub from Supply-Chain Malware: Prevention, Cleanup, and Recovery

Protecting GitHub from Supply-Chain Malware: Prevention, Cleanup, and Recovery

Comments
12 min read
How to investigate suspicious SSH logins without giving AI a shell

How to investigate suspicious SSH logins without giving AI a shell

Comments
4 min read
How I would use local read-only AI for first-pass server incident response

How I would use local read-only AI for first-pass server incident response

Comments
2 min read
Turning first-pass host evidence into a DFIR handoff report

Turning first-pass host evidence into a DFIR handoff report

Comments
4 min read
Two Retailers, One Attack: What Really Decides Who Survives a Breach

Two Retailers, One Attack: What Really Decides Who Survives a Breach

Comments
7 min read
How to triage Java memory-shell clues without unsafe default heap dumps

How to triage Java memory-shell clues without unsafe default heap dumps

Comments
3 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.