@ktamarapalli

Kalyan Tamarapalli

@ktamarapalli

Security Researcher

Joined February 2026

About

Nothing here yet.

Available for

Nothing here yet.

Kalyan Tamarapalli's blogs

Kalyan Tamarapalli | Security Researchktamarapalli.hashnode.dev15 posts

Articles Threads Comments

Recently published

KTKalyan Tamarapalliktamarapalli.hashnode.dev

The Physical Sentinel: Designing an Isolated Approval Terminal

5d ago · 10 min read · Introduction: The Browser Cannot Be Trusted to Display Truth Most modern approval flows assume the machine requesting an action can also be trusted to display what is being approved. That assumption i

Join discussion

KTKalyan Tamarapalliktamarapalli.hashnode.dev

The Forensic Black Box: Logs That Cannot Be Deleted

May 2 · 10 min read · Introduction: Prevention Fails. Forensics Must Not. Most security architectures are built around prevention. That instinct is understandable. Teams invest in: access controls secrets management net

Join discussion

KTKalyan Tamarapalliktamarapalli.hashnode.dev

Threat Modeling CI/CD Pipelines with OWASP and MITRE ATT&CK

Apr 18 · 9 min read · Introduction: Why CI/CD Threat Modeling Is Broken Most CI/CD threat models are abstract. Real attacks are concrete. SolarWinds, Codecov, and Log4j were not theoretical failures. They followed recogniz

Join discussion

KTKalyan Tamarapalliktamarapalli.hashnode.dev

Governance by Design: M-of-N Approvals and Just-In-Time Authority for High-Risk CI/CD Actions

Apr 11 · 8 min read · Introduction: Why Standing Privilege Is the Real Insider Threat Most CI/CD systems still rely on standing privilege: a small set of engineers permanently hold production deploy rights. This is conveni

Join discussion

KTKalyan Tamarapalliktamarapalli.hashnode.dev

FIDO2 for CI/CD: Why Origin-Bound Hardware Authentication Beats TOTP and Push Approvals

Apr 4 · 3 min read · Using WebAuthn as a Cryptographic Proof of Human Presence in Hostile Networks Introduction: Authentication That Fails in Real Attacks Most CI/CD systems rely on: TOTP codes Push notifications Long

Join discussion

Kalyan Tamarapalli

About

Available for

Kalyan Tamarapalli's blogs

Recently published

The Physical Sentinel: Designing an Isolated Approval Terminal

The Forensic Black Box: Logs That Cannot Be Deleted

Threat Modeling CI/CD Pipelines with OWASP and MITRE ATT&CK

Governance by Design: M-of-N Approvals and Just-In-Time Authority for High-Risk CI/CD Actions

FIDO2 for CI/CD: Why Origin-Bound Hardware Authentication Beats TOTP and Push Approvals

Search Hashnode

Kalyan Tamarapalli

About

Available for

Kalyan Tamarapalli's blogs

Recently published

The Physical Sentinel: Designing an Isolated Approval Terminal

The Forensic Black Box: Logs That Cannot Be Deleted

Threat Modeling CI/CD Pipelines with OWASP and MITRE ATT&CK

Governance by Design: M-of-N Approvals and Just-In-Time Authority for High-Risk CI/CD Actions

FIDO2 for CI/CD: Why Origin-Bound Hardware Authentication Beats TOTP and Push Approvals