@ktamarapalli
Security Researcher
Nothing here yet.
Nothing here yet.
Apr 11 · 8 min read · Introduction: Why Standing Privilege Is the Real Insider Threat Most CI/CD systems still rely on standing privilege: a small set of engineers permanently hold production deploy rights. This is conveni
Join discussionApr 4 · 3 min read · Using WebAuthn as a Cryptographic Proof of Human Presence in Hostile Networks Introduction: Authentication That Fails in Real Attacks Most CI/CD systems rely on: TOTP codes Push notifications Long
Join discussionMar 28 · 3 min read · Why High-Assurance Systems Must Treat Humans as Coercible Attack Surfaces Introduction: The Missing Threat Model in DevSecOps Most CI/CD security models treat the human operator as a trusted, volunta
Join discussionMar 21 · 3 min read · Hardware-Rooted Intent Verification as a Trust Boundary Introduction: Why CI/CD Approval Must Leave the Laptop Modern CI/CD approval flows run on developer laptops. This is a structural error. Develo
Join discussion