OWASP BostonGet engaged in some intense discussions on AppSec
Kathan Shah & Nikunj Doshi will show us what are the hidden blindspots in an AppSec Program
Check out more at www.basconf.org
6 days left to buy your ticket to the most exclusive application security conference. Get access to a day of learning and upskilling with 18 talks and 4 workshops given by experts in their field. Also get a chance to win some cool raffle prizes. Buy your ticket at www.basconf.org and get it refunded once you check in at the event!
NowSecureMAScon is here! The first ever event bringing the #OWASP MAS community together for a focused, practitioner-first experience.
Less theory, more real-world: offensive research, tooling, runtime analysis, and hands-on lessons.
Excited @NowSecure is part of this community: https://mas.owasp.org/news/2026/03/20/owasp-mascon-is-here/
Misthearthttps://genai.owasp.org/resource/state-of-agentic-ai-security-and-governance-1-0/
Lectura ligera recomendada por @ZeruVK y que estoy trillando.
Os la dejo a los que estéis con cosas de ITSec y tal, porque las empresas SIGUEN pujando por esta mierda y habrá que contener las gigantescas metidas de pata que suele hacer.
Resumiendo un poco y como era de esperar, toca implementar medidas de seguridad en todo el ciclo de vida de los Agentes IA, que hay marcos regulatorios pero tardan en salir y en ponerse al día con los rapidos cambios de este panorama (ISO 42001, NIST AI RMF y EU AI Act).
State of Agentic AI Security and Governance 1.0
The State of Agentic AI Security and Governance provides a comprehensive view of today’s landscape for securing and governing autonomous AI systems. It explores the frameworks, governance models, and global regulatory standards shaping responsible Agentic AI adoption. Designed for developers, security professionals, and decision-makers, the report serves as a practical guide for navigating the complexities […]
We have full day of really varied talks
Jeevan Jutla will talk about how to hack like humans but without humans
Check out more at www.basconf.org
7 days left to buy your ticket to the exclusive application security conference. Get a day of learning with 18 talks and 4 workshops by experts, plus chances to win raffle prizes. Buy at www.basconf.org — price refunded when you check in! #appsec #basconf #owasp #basc2026
Colin WatsonAreejit Banerjee explains how the OWASP Automated Threat Handbook can help in the defence against AI-related scraping.
#automatedthreats #scraping #bots #infosec #ciso #owasp @owasp
A CISO's Playbook for Defending Data Assets Against AI Scraping
https://www.darkreading.com/cyber-risk/ciso-playbook-defending-data-assets-against-ai-scraping
OWASP CRSOWASP CRS v4.25.0 LTS is out — the first Long-Term Support release for CRS 4.
Stability for production: security patches & critical fixes through Q3 2027. Formal backport policy, quarterly point releases, Docker images for ModSecurity & Coraza.
Still on CRS 3.3? This is your migration target.
https://coreruleset.org/20260321/announcing-crs-v4-25-lts/
#OWASP #CRS #WAF #AppSec #OpenSource
Stability for production: security patches & critical fixes through Q3 2027. Formal backport policy, quarterly point releases, Docker images for ModSecurity & Coraza.
Still on CRS 3.3? This is your migration target.
https://coreruleset.org/20260321/announcing-crs-v4-25-lts/
#OWASP #CRS #WAF #AppSec #OpenSource
Announcing CRS v4.25.0 LTS: Long-Term Support for CRS 4
We are excited to announce that CRS v4.25.0 is the first Long-Term Support (LTS) release for the CRS 4 series. This is a milestone we have been working towards for over two years, and it marks the point where organizations waiting for a stability commitment can confidently deploy CRS 4 in their production environments. What This Means for Users If you are currently running CRS 4.x, the v4.25.0 LTS gives you a stable foundation that will receive security patches and critical bug fixes for an extended period — without being forced to track our rapid development cycle. You get the protection, without the churn.
MatthiasThere is the concept of #OWASP Security Champions.
Two years ago I helped a team in a large #SAFe transition very practically to establish that. I was the Champion and I had a vice Champion. He was a good frontend developer but as he said himself had no clue about security.
After two months I left the project. He felt confident as new team Security Champion in his role at that time.
I wonder if this is applied also in other transformations.
Interested in an intersection between DNA and AppSec?
Yana K is giving a talk on Crypotography using DNA and BioSafe Data Security.
Check out more at www.basconf.org
