Open in app

Sign in

Write

Sign in

Vickie Li
Vickie Li

17.5K Followers

Home

About

Aug 25

How to read more security + engineering books

And some book recommendations for 2022–23 — Ever since I wrapped up writing my own book back in 2021, I’ve been trying to learn more broadly about other domains in security and software engineering. A lot of the learning came from ad-hoc googling, but I feel like one of the best ways to gain a solid foundation…

Cybersecurity

5 min read

How to read more security + engineering books
How to read more security + engineering books
Cybersecurity

5 min read


Aug 2

Writing Secure GPT Prompts

Prompt engineering: learning to write robust and secure prompts — In my last few posts, we talked about the potential bugs and vulnerabilities that arise from poorly constructed prompts. Today, let’s explore some strategies to minimize the risk of prompt injection and to write clear and effective prompts. Engineering better prompts: giving clear and specific instructions Some of the LLM vulnerabilities we talked about in this post —…

AI

7 min read

Writing Secure GPT Prompts
Writing Secure GPT Prompts
AI

7 min read


Jun 27

Why is Copilot giving me bad code

Exploring security issues in code generation LLM tools — I recently had a conversation with a friend about using GPT for software development. He is a startup founder who is very hands-on with details of his product, and uses GPT to learn new technologies and quickly implement features using languages he is not familiar with. I am also using…

Software Development

3 min read

Why is Copilot giving me bad code
Why is Copilot giving me bad code
Software Development

3 min read


Jun 1

Hacking LLMs with prompt injections

And ways hackers can attack GPT-based applications — I recently had the opportunity to attend Google IO, during which many new products were announced. One aspect that stood out about many of these products was the focus on AI, particularly generative AI. Generative AI is fascinating and I am excited to see what we can do by integrating…

AI

8 min read

Hacking LLMs with prompt injections
Hacking LLMs with prompt injections
AI

8 min read


Apr 13

Tech Writing vs GPT

Is AI replacing technical writers and developer advocates? — I recently stumbled on a Twitter discussion debating whether the role of developer relations (DevRel) / developer advocates would become obsolete due to generative AI, such as GPT. DevRels are the people who create and maintain a community around a product. Their responsibilities include writing documentation and blog posts, producing…

ChatGPT

6 min read

Tech Writing vs GPT
Tech Writing vs GPT
ChatGPT

6 min read


Published in

Better Programming

·Updated Mar 30

ChatGPT: Build me a Recon Tool!

Using ChatGPT to build a simple hacking recon tool — In Chapter 5 of Bug Bounty Bootcamp, I talked about how you can write a simple bash script to automate recon tasks before hacking and bug bounty hunting. Then just a year later, ChatGPT came around. I am still a huge proponent of learning to script so that you can…

Hacking

5 min read

ChatGPT: Build me a Recon Tool!
ChatGPT: Build me a Recon Tool!
Hacking

5 min read


Published in

Better Programming

·Jan 10

Designing Secure Software: A Guide for Developers

AppSec engineer’s book club #001 — discussing Loren Kohnfelder’s book — Many of my followers have been asking me for book recommendations. After all, who doesn’t love a new tech book? Books are my favorite way to absorb new information, especially when learning something new. I’ve wanted to start a security engineer’s book club to…

Programming

4 min read

Thoughts on the Book, “Designing Secure Software: A Guide for Developers
Thoughts on the Book, “Designing Secure Software: A Guide for Developers
Programming

4 min read


Published in

Better Programming

·Jun 15, 2022

SameSite Cookie Attacks

And what subdomain takeovers mean for your SameSite cookies — I published an article a while ago about how Chrome is making SameSite the default behavior for cookies to prevent Cross-Site Request Forgery (CSRF) attacks. After that, jub0bs reached out to me about how the nuances of SameSite can leave websites vulnerable. Thanks for bringing this issue to my attention! …

Programming

3 min read

SameSite Cookie Attacks
SameSite Cookie Attacks
Programming

3 min read


Published in

ShiftLeft Blog

·Apr 20, 2022

Security and privacy in a world of digital identity

Interview with Shinesa Cambric, Principal Product Manager at Microsoft — Our guest today, Shinesa Cambric, is an IT security professional who is passionate about designing roadmaps for identity and access management programs, and architecting security strategies for emerging technologies. In this episode of Sources and Sinks, Vickie Li, developer evangelist at ShiftLeft, interviews Shinesa about her research in identity and…

Podcast

1 min read

Security and privacy in a world of digital identity
Security and privacy in a world of digital identity
Podcast

1 min read


Published in

ShiftLeft Blog

·Apr 14, 2022

Breaking the entry-level barrier with Jasmine Jackson

Launching your career in cybersecurity with self-study — Our guest today, Jasmine Jackson, is an experienced cybersecurity professional who got her start through self-teaching. Looking at Jasmine’s resume right now, it’s difficult to imagine that she was not able to find a job at all when she first started in the field! Jasmine has a technical background, but…

Podcast

1 min read

Breaking the entry-level barrier with Jasmine Jackson
Breaking the entry-level barrier with Jasmine Jackson
Podcast

1 min read

Vickie Li

Vickie Li

17.5K Followers

Professional investigator of nerdy stuff. Hacks and secures. Creates god awful infographics. https://twitter.com/vickieli7

Following
  • Aditya Anand

    Aditya Anand

  • Hussnain Fareed

    Hussnain Fareed

  • Peilin Wu

    Peilin Wu

  • More To That

    More To That

  • Bharath

    Bharath

See all (24)

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams