Security
Cartography
Cartography is a tool that collects data about infrastructure and security assets and adds it into a Neo4j graph database. Data is collected mainly from AWS, but also in limited amounts from other sources. Having the data in Neo4j makes it easy to visualise what assets a company owns and what paths an attacker could use to breach them. Cartography is maintained by Lyft.
- Cartography at GitHub
- Cartography documentation
- "Getting Started with Cartography for AWS" (15th April 2022) by Daniel D'Agostino at Gigi Labs
- "Getting Started with Cartography for Okta" (12th July 2023) by Daniel D'Agostino at Gigi Labs
- "Migrating Cartography to Memgraph" (15th July 2023) by Daniel D'Agostino at Gigi Labs
- "IAM whatever you say IAM" (5th November 2020) by Alex Chantavy at the Lyft Engineering blog
- "[Public document] Automatic cartography cleanup jobs and the data model explained" (9th February 2023) by Alex Chantavy at Google Docs
- "BSidesSF 2019 - Lyft Cartography: Automating Security Visibility and Democratization (Sacha Faust)" (18th March 2019) - presentation by Sacha Faust at BSidesSF 2019, on YouTube
- "Cartography developer setup: Neo4j install, venvs, automated tests" (30th October 2020) on YouTube
- "Leveraging Security Asset Inventories" (18th May 2023) - Datadog interview with Sacha Faust, on YouTube
Web Security Links
- "SQL Injection - Walking through walls." (video) - apart from demonstrating SQL injection, shows how to bypass client-side validaton
- "EFD Ep. 13 - Website Hacking - XSS" (video: part 1, part 2) - demonstrates Cross-Site Scripting
- "SSL/TLS Strong Encryption: An Introduction" (from the Apache documentation)